BleepingComputer.com: HOW TO FIX A FEDEX SCAM

A few minutes ///maybe 5

I already downloaded a new unhideexe and run it
it says :


processing C:\
PROCESSING D:\
PARSE ERROR

then it showed a message saying:

finished
"your files should now be visible. if you are still missing start menu items,please temporarily disable your Antivirus
or security programs and try again in the event that they interefered with the restoral process"


what should I do? the files in my desktop is already visible but I haven't seen my recycle bin yet..it was misssing since the malware infected my laptop. Is it ok to back up my files now even if it's like not all of my files were unhidden? AND I FOUND OUT THAT MY AVIRA ANTIVIRUS STOPPED I RUN AGAIN FOR THE 3RD TIME UNHIDEEXE BUT IT STILL SAYS

PARSE ERROR what does it mean?

This post has been edited by sm24: 07 July 2011 - 01:53 AM

i RAN UNHIDEEXE IN SAFE MODE,IS IT OK TO RESTART OR SHUT DOWN MY LAPTOP FOR ME TO BACK UP MY FILES? CAUSE SAFE MODE DOESN'T SUPPORT BACKUPS,ONLY IN NORMAL MODE I CAN DO MY BACKING UP THANKS.

um,I already make a copy of some of my files but I didn't make use of backup programs or features to do this,I did this
during safe mode,is it the same thing as copying files in normal mode? I mean like is there a difference of file quality or function? I apologize for sounding stupid but it's the first time I copied files to an external hd using safe mode,so I'm a little concerned an curious about what I did,TYVM sir.

This post has been edited by sm24: 07 July 2011 - 06:25 AM

sir,I would like to know that if there's a way that I could know if one of my original files (files before the infection)are infected by the malware so I could also avoid backing up infected files,and I would also like to know after I follow these steps my comp will be free from the malware and there would be no traces of it,and I can re copy/backup my files to the same external hd thank you

and for example sir,if ever I backed up my files during the infection and before running your recommended programs
I accidentally backed up a infected file into an external hd,then I fixed and cleaned up my laptop..then I coneect the external hd to my cleaned laptop and run a MBAM and a virus scan,will it still detect and clean the external hd without deleting my copied files that are not infected?


THANK YOU VERY MUCH

This post has been edited by sm24: 07 July 2011 - 12:54 PM

The best way to know is to back them up and scan the Backed up files.

thanks,how do I find my missing recycle bin? it's been gone since the infection,but I happen to delete the infected fedex scam file before the win recovery started to bug my comp

sir,is backing up in safe mode the same effect/quality/functionality in normal mode? thanks very much

can I run

fixexe.reg
rkill
mbam
tdsskllr


in safe mode?

Finished running defogger and dds,I am currently running gmer,and it is scanning C:\ I also have D:\ should I also scan it later in dds?

btw,I also got panda antivirus installed on the infected one,but I cannot disable it or run it since before the infection began,and it doesnt scan when I run it should I uninstall it I already disabled avira and mcaffe is already exxpired and I cannot change any setting about it?


dds and gmer log

DDS LOG


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by nic j melycan at 3:40:23 on 2011-07-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.63.1033.18.3061.1982 [GMT 8:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.

EDIT Removed mis placed DDS log.

This post has been edited by boopme: 12 July 2011 - 07:19 PM

These were the instructions.. The DDS log needs to be posted in a new topic.

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.

ok,thanks,is it ok to turn off my comp after running gmer while waiting for the reply on that thread?

Yes but check it for replies.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.