Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help remove


  • This topic is locked This topic is locked
15 replies to this topic

#1 coozie

coozie

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 14 January 2009 - 08:15 AM

Hello,
I have tried to install malware bytes on a dell laptop with no resolve.
spyguard will not let program run.it os also blocking task manager from running.
I have tried to change program name to get to run but still no good.
please help. :thumbsup:

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:04 AM

Posted 14 January 2009 - 10:32 AM

Hello I moved your topic from XP to here.

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.

***
Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 coozie

coozie
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 14 January 2009 - 11:40 AM

Thanks i will try that way later this evening.I will update after that.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:04 AM

Posted 14 January 2009 - 12:52 PM

OK ,thanks I'll look for it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 coozie

coozie
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 15 January 2009 - 10:37 AM

Finally rid myself from that nasty rogue.
Thanks for your help. change file exe to .pif worked great.
Thanks again for your help.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:04 AM

Posted 15 January 2009 - 01:55 PM

That's good, i would like you to run 2 more tools and be sure to get all the hangers out.
Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".


Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 coozie

coozie
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 18 January 2009 - 02:04 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/16/2009 at 09:50 PM

Application Version : 4.24.1004

Core Rules Database Version : 3713
Trace Rules Database Version: 1688

Scan type : Complete Scan
Total Scan Time : 01:56:59

Memory items scanned : 163
Memory threats detected : 0
Registry items scanned : 6438
Registry threats detected : 0
File items scanned : 27842
File threats detected : 37

Rogue.XP AntiSpyware2009-Trace
C:\Documents and Settings\Amanda Daleo\Desktop\delself.bat

Adware.Tracking Cookie
.atwola.com [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]
ar.atwola.com [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]
.specificclick.net [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]
.media6degrees.com [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]
.adopt.specificclick.net [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]
magnet.traffic.com [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]
.traffic.com [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]
adserver.equalvision.com [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]
.collective-media.net [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]
.interclick.com [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]
.apmebf.com [ C:\Documents and Settings\Amanda Daleo\Application Data\Mozilla\Firefox\Profiles\a8oaxnig.default\cookies.txt ]

Rootkit.TDSServ-Trace
C:\WINDOWS\SYSTEM32\TDSSMTVD.DAT
C:\WINDOWS\SYSTEM32\TDSSORVD.DAT

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:04 AM

Posted 18 January 2009 - 02:19 PM

Hello again,I need to say this now that we see a TDDS Rootki/trojan.
A backdoor Trojan can allow an attacker to
gain control of the system, log keystrokes, steal passwords, access personal
data, send malevolent outgoing traffic, and close the security warning
messages displayed by some anti-virus and security programs.

I would advise you to go toa known clean computer and change any passwords or security information held
on the infected computer. In particular, check whatever relates to online
banking financial transactions, shopping, credit cards, or sensitive
personal information. It is also wise to contact your financial institutions
to apprise them of your situation.

We will do our best to clean the computer of any infections seen on the log.
However, because of the nature of this Trojan, I cannot offer a total
guarantee that there are no remnants left in the system, or that the
computer will be trustworthy.

Many security experts believe that once infected with this type of Trojan,
the best course of action is to reformat and reinstall the Operating System.
Making this decision is based on what the computer is used for, and what
information can be accessed from it.

if you would prefer to format let me know or proceed with S!Ri's SmitfraudFix,part 1.


Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 coozie

coozie
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 18 January 2009 - 06:51 PM

Scan done at 18:46:53.04, Sun 01/18/2009
Run from C:\Documents and Settings\Amanda Daleo\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe
C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE
C:\Program Files\EMBARQ Online Security\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\EMBARQ Online Security\Common\FSMB32.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\EMBARQ Online Security\Common\FCH32.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\EMBARQ Online Security\Common\FAMEH32.EXE
C:\Program Files\EMBARQ Online Security\Anti-Virus\fsqh.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\EMBARQ Online Security\Anti-Virus\fssm32.exe
C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe
C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\EMBARQ Online Security\FSGUI\fsguidll.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\EMBARQ Online Security\FSAUA\program\fsus.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Amanda Daleo\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

hosts


C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\WINDOWS\system32\LogFiles


C:\Documents and Settings\Amanda Daleo


C:\DOCUME~1\AMANDA~1\LOCALS~1\Temp


C:\Documents and Settings\Amanda Daleo\Application Data


Start Menu


C:\DOCUME~1\AMANDA~1\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components



o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!



VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL"


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\twex.exe,"
"System"=""


RK



DNS

Description: Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 209.26.88.31
DNS Server Search Order: 204.215.43.3

HKLM\SYSTEM\CCS\Services\Tcpip\..\{78173EB6-D237-403C-8855-731DAFE819D2}: DhcpNameServer=209.26.88.31 204.215.43.3
HKLM\SYSTEM\CS1\Services\Tcpip\..\{78173EB6-D237-403C-8855-731DAFE819D2}: DhcpNameServer=209.26.88.31 204.215.43.3
HKLM\SYSTEM\CS2\Services\Tcpip\..\{78173EB6-D237-403C-8855-731DAFE819D2}: DhcpNameServer=209.26.88.31 204.215.43.3
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=209.26.88.31 204.215.43.3
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=209.26.88.31 204.215.43.3
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=209.26.88.31 204.215.43.3


Scanning for wininet.dll infection


End

#10 coozie

coozie
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 18 January 2009 - 06:53 PM

what is the best way to format . this is dell E1505 laptop don't know if i have original disc computer came with.
can i back up on external hard drive??? will threat still be there??
Thanks

#11 coozie

coozie
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 18 January 2009 - 06:59 PM

I am not very well schooled on this ,can any info be stolen or corrupted by anyone reading these posts.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:04 AM

Posted 18 January 2009 - 07:59 PM

hello the posted info is OK.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:04 AM

Posted 18 January 2009 - 08:05 PM

If you don't have disks then we will clean.
Run Part 2 of SmitFraudFix

You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt


Go into Control Panel >Add Remove Programs(check that the "Show Updates box is checked) and find any Java(JRE) applications. highlight it and tell me the version number.


Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan.
After scan click Remove Selected, Post new scan log and Reboot.

Edited by boopme, 18 January 2009 - 08:10 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 coozie

coozie
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 18 January 2009 - 09:14 PM

after running smit fraud and mbam i can't copy log files access denied to rapport and mbam log file

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:04 AM

Posted 18 January 2009 - 09:21 PM

It appears this infection has run to deep. The only way we can clean it is with HJT. Follow the steps here. Do steps 6 & 7.
Preparation Guide For Use Before Using Hijackthis
Then post the complete log here.. HijackThis Logs and Virus/Trojan/Spyware/Malware Removal
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users