Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Want to Delete my Virus


  • This topic is locked This topic is locked
26 replies to this topic

#1 feralittye

feralittye

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 25 November 2009 - 03:33 PM

Hi,
I have a computer virus problem.
Although it has been difficult to download and run any virus cleaning or detecting software--Avast, Search and Destroy, etc...-- because various things prohibit it, such as missing drivers or old operating system, I managed to run clamwin and detect a twizzer Trojan Virus on my computer.
I deleted the infected file--it was a logitech file. But the virus was detected in the Restore file, in the Archives file fs115.cab.
I can't delete it because "access denied." Ive tried in safe mode. Ive also downloaded the "unlocker", but to no avail.
Do you have any suggestions?
Thanks--
Cheryl

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:36 PM

Posted 25 November 2009 - 04:15 PM

Hello i am moving you to the Am I Infected forum from Windows 95/98/ME.

please try to run these next.

Next run ATF and SAS:
Note.. SAS doesn't open the registry hives for other user accounts on the system, so scans should be done from each user account.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 feralittye

feralittye
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 25 November 2009 - 04:44 PM

Thank You for helping me!
I downloaded both the Superantispyware and the ATF Cleaner. I followed the steps and clicked on the Super Icon, it began installing and updating but then I recieved this message:
Installer Information
Error 1904. Module C:\Program
Files\SUPERAntiSpyware\SASWINLO.dll failed to register. HRESULT-2147024865. Contact your support personnel.

I clicked Ignore on the Box and the update was completed. I will continue to follow your directions, except I didn't follow the directions you gave to change the Scanner Options. I didn't see where to do that. Sorry.

There are two Icons now, for SAS, on the desktop. I went back to try to change the scanner settings. I don't know very much about computers. I clicked on the first Icon which does not have any red X over it. I did not find the scanner settings there, so I clicked on the other Icon with the red X over it. It sent two error messages: The C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE file expects a newer version of Windows. Upgrade your version.
The other message read:
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe A device attached to the system is not functioning.

I hope that I was not "running" it by clicking on the second Icon, because I was trying to follow your directions and I know you said not to run it yet.

I will continue to follow your directions as well as I know how. Thank you again.

Edited by feralittye, 25 November 2009 - 05:02 PM.


#4 feralittye

feralittye
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 25 November 2009 - 05:08 PM

Also: I previously posted a topic in the HijackThis Log forum.

#5 feralittye

feralittye
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 25 November 2009 - 05:33 PM

Hi,
I followed your directions, with the exceptions of selecting the scanner options for SAS. I also clicked on the SAS Icon with the Red X over it before the computer was in Safe Mode.
After installing SAS and ATF Cleaner I went into Safe Mode.
I ran ATF Cleaner.
Then I tried to run SuperAntiSpyware and I got the two error messages that I described in my previous post. I tried to re-install SAS by clicking on the options of Repairing or Modifying. But the same error messages occured after taking those steps.
Then I restarted my computer, and here I am!
Thanks again for volunteering your time to help.
-Cheryl

#6 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,068 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:04:36 PM

Posted 25 November 2009 - 05:40 PM

Also: I previously posted a topic in the HijackThis Log forum.

Due to the the lack of a log and the fact you are in the process of being helped here, and if needed will be instructed in how to post a HJT Log I have deleted that post. This will also help avoid conflicting and potentially confusing replies for you and our staff of volunteers.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#7 feralittye

feralittye
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 25 November 2009 - 05:56 PM

Thank you.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:36 PM

Posted 25 November 2009 - 09:16 PM

Hello ,may be conflicting installs..
Uninstall both SAs if there are 2. Then reinstall.. If that works run it from normal mode . Lets at least give it a run and get a log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 feralittye

feralittye
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 28 November 2009 - 10:45 AM

Hi, I hope that everyone had a good thanksgiving. Thank you again for volunteering to help people. I uninstalled the old SAS using the Superantispyware uninstaller assistant and I downloaded and installed the program again from your link.

This message occured when installing the program:
Error 1904. Module C:\Program
Files\SUPERAntiSpyware\SASWINLO.dll failed to register. HRESULT-2147024865. Contact your support personnel.

These two messages occured when I tried to start the program:
The C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE file expects a newer version of Windows. Upgrade your version.

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe A device attached to the system is not functioning.

I was unable to run the program.

Edited by feralittye, 28 November 2009 - 11:08 AM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:36 PM

Posted 28 November 2009 - 04:02 PM

You are welcome. We will try these 2 online scans next. I =think they will both work.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Now we'll try it this way. Contains instructions and images to download and Run.

SUPERAntiSpyware Online Safe Scan


To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Edited by boopme, 28 November 2009 - 04:04 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 feralittye

feralittye
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 29 November 2009 - 05:25 PM

Hi,
I used the ESET scanner. It would start out scanning fine but about six minutes in it would get stuck on a Temporary Internet Files file, C:\Windows\Temporary Internet Files\Content.IE5\GTI3CDYF\Soft_58s5(1).exe. Then it would sit and scan nothing more for hours until I closed it.
I tried to re-scan four times, but every time it got stuck on this file. The first two tries I let the scanner stay stuck for 2-3 hours, but it never scanned past that file.

I deleted everything I could see from my Temporary Internet Files folder, but the scanner still got stuck on that previously mentioned file.
I am continuing to let the ESET scan. Hopefully it will get unstuck.
The first scan deleted something before it froze:

c:\WINDOWS\Desktop\unlocker1.8.8.exe Win32/Adware.ADON application deleted
- quarantined

It seems like Adware.ADON is some kind of promotional attachment on the Unlocker, which explains why an EBAY icon appeared on my desktop after downloading Unlocker.

I ran ATF cleaner twice, because the file that ESET is getting stuck on is a Temporary Internet File. But that file was still detected on the ESET scan after running ATF. Then I got the bright idea of getting ATF to delete the quarantine items, as that Temporary Internet file was one of the quarantine items. But even after having ESET delete it twice, along with the unlocker, it was detected again on the scan.
Also, ESET scanned the archives and found nothing.

I tried to install SAS but recieved the same error messages as before and was unable to run the program.

Edited by feralittye, 29 November 2009 - 07:24 PM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:36 PM

Posted 29 November 2009 - 09:59 PM

Hello. Let's use 2 other online scans..

Stop ESET.
ONLINE SUPERAntispyware
Contains instructions and images to download and Run.

SUPERAntiSpyware Online Safe Scan


To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 feralittye

feralittye
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 05 December 2009 - 12:09 PM

Hi, I have already tried to run Sas several times and it has not been successful (see the earlier posts for the error messages.)
Also, Kaspersky scanner has been down for several days, according to their website.

I will try to run Sas again, but I am not confident. Do you have any ideas of how I could get ESET to work, since it started but then got stuck? (See earlier post)
Or do you know of any other scans that would work? Clamwin will scan the computer.
Thanks again,
Cheryl

#14 feralittye

feralittye
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 05 December 2009 - 12:18 PM

Hi,
So I tried to open Superantispyware online safe scan, which I hadn't done before (I was downloading the other free scan), but when it was 99% done two warnings came up:

The C:\\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\PSZMRVL3\SAS_067321[1].COM file expects a newer version of Windows. Upgrade your Windows version.

The second warning:
Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access this item.

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:36 PM

Posted 05 December 2009 - 12:38 PM

Hi, Are you updated?

Some rootkits can terminate your security tools by changing the permissions on targeted programs so that they cannot run or complete scans. Further investigation is required to determine if this is the case with the issues you have described.

Please download Win32kDiag.exe by AD and save it to your desktop.
alternate download 1
alternate download 2
  • This tool will create a diagnostic report for me to review.
  • Double-click on Win32kDiag.exe to run and let it finish.
  • When it states Finished! Press any key to exit..., press any key on your keyboard to close the program.
  • A file called Win32kDiag.txt should be created on your Desktop.
  • Open that file in Notepad, then copy and paste the entire contents starting with Running from... to Finished!) in your next reply.
Then go to Posted Image > Run..., and copy and paste this command into the open box: cmd
press OK.
At the command prompt C:\>, copy and paste the following command and press Enter:
DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt
A file called log.txt should be created on your Desktop and open in Notepad.
Copy and paste the contents of that file in your next reply.

-- Vista users can refer to these instructions to open a command prompt.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users