Help
This topic is locked
This post has been edited by SweetTech: 17 April 2011 - 06:19 PM
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient. DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Google Redirect & Internet Explorer Script Error & Google Chrome not working Previously infected WIndows Repair virus
#31
- Agent ST
-
- Group: Malware Response Team
- Posts: 12,662
- Joined: 15-March 09
- Gender:Male
- Location:Antarctica
Posted 17 April 2011 - 06:19 PM
Okay. The reason I ask is because you have a file that is infected, and needs to be replaced. It'd be easy to ensure that a clean copy replaced the infected copy if the file was extracted off of the Windows XP disc.
Have I helped you? If you'd like to assist in the fight against malware, click here 
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
Back to top
#32
- Member
-
- Group: Members
- Posts: 63
- Joined: 07-April 11
Posted 17 April 2011 - 07:27 PM
Okay... I just realized I have another computer here with windows xp, should still be able to startup. Can I try grabbing it from that?
#33
- Agent ST
-
- Group: Malware Response Team
- Posts: 12,662
- Joined: 15-March 09
- Gender:Male
- Location:Antarctica
Posted 17 April 2011 - 07:30 PM
What version of XP is your other computer? Media Center, Professional, or Home Edition?
Have I helped you? If you'd like to assist in the fight against malware, click here
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
#34
- Member
-
- Group: Members
- Posts: 63
- Joined: 07-April 11
Posted 17 April 2011 - 07:40 PM
Just double checked its Professional. And this one is Media Center... I'll keep looking
#35
- Agent ST
-
- Group: Malware Response Team
- Posts: 12,662
- Joined: 15-March 09
- Gender:Male
- Location:Antarctica
Posted 17 April 2011 - 07:51 PM
Okay.
Have I helped you? If you'd like to assist in the fight against malware, click here
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
#36
- Agent ST
-
- Group: Malware Response Team
- Posts: 12,662
- Joined: 15-March 09
- Gender:Male
- Location:Antarctica
Posted 21 April 2011 - 08:33 PM
Any luck?
Have I helped you? If you'd like to assist in the fight against malware, click here
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
#37
- Member
-
- Group: Members
- Posts: 63
- Joined: 07-April 11
Posted 21 April 2011 - 10:35 PM
No luck so far. Still have a couple of boxes to check still but probably not until Sunday. Odds are low but I'll let you know as soon as I find out.
#38
- Agent ST
-
- Group: Malware Response Team
- Posts: 12,662
- Joined: 15-March 09
- Gender:Male
- Location:Antarctica
Posted 22 April 2011 - 02:02 PM
Okay, thanks for the update.
Have I helped you? If you'd like to assist in the fight against malware, click here
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
#39
- Member
-
- Group: Members
- Posts: 63
- Joined: 07-April 11
Posted 25 April 2011 - 01:47 AM
Finally found it. Let me know what you want to do next.
#40
- Agent ST
-
- Group: Malware Response Team
- Posts: 12,662
- Joined: 15-March 09
- Gender:Male
- Location:Antarctica
Posted 25 April 2011 - 08:59 AM
Lets first attempt to do this the easy way:
Run System File Checker
Make sure you have your XP Disc handy
The System File Checker (Sfc.exe) utility is used for scanning protected operating system files to verify their version and integrity. If System File Checker detects any operating system file with the incorrect file version, it replaces the corrupted file with a file that has the correct version from the Windows installation source files.
To use System File Checker, follow these steps:
Run System File Checker
Make sure you have your XP Disc handy
The System File Checker (Sfc.exe) utility is used for scanning protected operating system files to verify their version and integrity. If System File Checker detects any operating system file with the incorrect file version, it replaces the corrupted file with a file that has the correct version from the Windows installation source files.
To use System File Checker, follow these steps:
- Click Start, click Run, type cmd.exe, and then click OK.
- At the command prompt, type sfc /purgecache, and then press ENTER.
Note You may be prompted to provide Windows installation source files when you run the sfc /purgecache command. If the command is completed successfully, you will receive the following message: - Windows File Protection successfully made the requested change.
- At the command prompt, type sfc /scannow, and then press ENTER.
Note
This command may take several minutes to finish. You may also be
prompted to provide Windows installation source files when you run the sfc /scannow command. - At the command prompt, type exit, and then press ENTER to close the command prompt.
Have I helped you? If you'd like to assist in the fight against malware, click here
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
#41
- Member
-
- Group: Members
- Posts: 63
- Joined: 07-April 11
Posted 25 April 2011 - 10:58 AM
Looks like it's stuck on cd2. it's asking for xp professional cd2. I tried both drives and it doesn't recognize it as the correct cd. I checked window explorer and the cd drive shows the folder.
It looks like the only folders under the component folder are tabletpc, netfx & medicate.
Should I hit cancel?
It looks like the only folders under the component folder are tabletpc, netfx & medicate.
Should I hit cancel?
#42
- Agent ST
-
- Group: Malware Response Team
- Posts: 12,662
- Joined: 15-March 09
- Gender:Male
- Location:Antarctica
Posted 25 April 2011 - 11:08 AM
Yeah, please hit cancel.
I want to grab a new ComboFix log from you.
Please delete the copy of ComboFix from your desktop by right clicking and selecting Delete.
Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
I want to grab a new ComboFix log from you.
Please delete the copy of ComboFix from your desktop by right clicking and selecting Delete.
Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
- IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
- Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
- Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
- Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
Have I helped you? If you'd like to assist in the fight against malware, click here
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.
#43
- Member
-
- Group: Members
- Posts: 63
- Joined: 07-April 11
Posted 25 April 2011 - 10:53 PM
I ran it this morning and when I came back the blue prompt titled "." was still on 10hrs later. I didnt have the screensaver running this time. I checked the c:/combo fix folder and only peg.cfxxe file is in there timestamped at 3:58pm
I tried re running it now but the windows prompt never appears after the semantic antivirus alert pops up, which is disabled
I tried re running it now but the windows prompt never appears after the semantic antivirus alert pops up, which is disabled
This post has been edited by Mike - Neopan: 25 April 2011 - 11:24 PM
#44
- Member
-
- Group: Members
- Posts: 63
- Joined: 07-April 11
Posted 26 April 2011 - 01:45 AM
A "Spywre Protection" just appeared. Guessing it's malware. It created an alert in the system tray that says the pev.cfxxe is infected by "w32/blaster.worm" and wants me to activate it. It also lists a bunch of "detected threats" which appear to safe files...
havent been using the web except to download the programs you recommend to download. I'm guessing it got in there from those scripts that keep popping up or sometthing that's been dormant
That's the current status
havent been using the web except to download the programs you recommend to download. I'm guessing it got in there from those scripts that keep popping up or sometthing that's been dormant
That's the current status
#45
- Member
-
- Group: Members
- Posts: 63
- Joined: 07-April 11
Posted 26 April 2011 - 01:50 AM
FYI It kills anything I open. Tried opening task manager, firefox, safari, etc.
