Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

every sort of spyware scanner refuses to open!


  • This topic is locked This topic is locked
16 replies to this topic

#1 sob ihmcomputer

sob ihmcomputer

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 12 January 2010 - 10:22 PM

alright so out of no where today my computer is infected with the "you need to download this program to protect your computer from viruses, spyware, etc." crap.

i have been working at it for the past hour and cant seem to find out why it wont let me run any sort of removal programs.

i went into my registry deleted the the files there, deleted all the temp files, and it still wont budge.

i need some help here, im researching into it, but any help here is definatley appreciated.

-chris

extra information :

backdoor.win32.kbot.al - keeps popping up and others like it

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 12 January 2010 - 10:26 PM

Try scanning with this:

http://www.free-av.com/en/products/12/avir...cue_system.html
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 sob ihmcomputer

sob ihmcomputer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 12 January 2010 - 10:37 PM

so you sent me a link to a CD burning system rescue?

not sure if that is what you meant,

downloading the antivirus software from them now

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 12 January 2010 - 10:39 PM

Yes. Burn the CD and then use it to boot your computer and then run the scan.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 sob ihmcomputer

sob ihmcomputer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 12 January 2010 - 10:40 PM

i dont have a cd burner. "[

i installed the anti virus from them but nothing happened.

i am really screwed right now

Edited by sob ihmcomputer, 12 January 2010 - 10:41 PM.


#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 12 January 2010 - 10:46 PM

Download this file and save it to your desktop:

http://download.bleepingcomputer.com/grinler/rkill.scr

Double-click the file to run it. A command window will open briefly. Then run a quick scan with Malwarebytes. Post the Malwarebytes log.

Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.alternate download link 1
alternate download link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 sob ihmcomputer

sob ihmcomputer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 12 January 2010 - 10:53 PM

ran rkill, came up with framedyn.dll was not found.

next idea? loll

#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 12 January 2010 - 11:26 PM

Try running this scan from "Safe Mode with Command Prompt".

http://live.sunbeltsoftware.com/
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 sob ihmcomputer

sob ihmcomputer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 12 January 2010 - 11:36 PM

thanks , so far its doing what its supposed too :]

#10 sob ihmcomputer

sob ihmcomputer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 13 January 2010 - 08:11 AM

i woke up this morning and it seemed to have done something because the annoying adds and pop-ups saying "your infected!" are not coming up anymore, so now im not sure what to do.

heres the log:

- <SBCSThreatEngineResults version="3.1.2837">
- <summary scanGUID="{2EAB1307-11D8-4A77-B918-F9185A0FB598}" scanDescription="" threatDefinitionVersion="5614">
- <scannerResults>
<numThreats found="5" ignored="0" />
<numTracesScanned cookies="0" registry="25848" files="87379" folders="10119" processes="38" archives="0" procModule="1861" procMemory="0" threads="0" sysModules="121" ssdt="284" ntdllExport="1316" ntosExport="1487" hookIAT="276" scanSysEnter="1" hookDevice="884" hookCodeSectionRing0="18" hookCodeSectionRing3="35" MBR="0" total="129667" />
<numTracesFound cookies="0" registry="14" files="12" folders="0" processes="0" archives="0" procModule="0" procMemory="0" threads="0" sysModules="0" ssdt="0" ntdllExport="0" ntosExport="0" hookIAT="0" scanSysEnter="0" hookDevice="0" hookCodeSectionRing0="0" hookCodeSectionRing3="0" MBR="0" total="26" />
<dateTimeStampUTC start="2010-01-13T04:41:24" end="2010-01-13T06:29:46" />
<errors />
</scannerResults>
- <cleanerResults>
<numThreats deleted="0" quarantined="5" ignored="0" reportonly="0" total="5" />
<dateTimeStampUTC start="2010-01-13T06:29:47" end="2010-01-13T06:29:59" />
<errors />
</cleanerResults>
</summary>
- <scannerOptions scanAllLocalDrives="true" excludeRemovableDrives="true" scanCookies="false" scanProcesses="true" scanProcessThread="true" scanRegistry="true" scanProcessesDeep="true" suspendActiveThreats="true" scanAllUsers="true" useFileNameAndCRC8="true" dontCalcCRC8="false" scanCommonTactics="true" scanArchives="false" scanKnownFileTypes="false" recursiveFileScan="true" findLowRiskThreats="true" keepScanRecord="true" maxCheckFileLen="6291456" minCheckFileLen="0" scanVipreSuspicious="false" scanDerivatives="true" scanRootkits="true" scanProcessMemory="true" scanSystemModule="true" ssdt="true" ntdllExport="true" ntosExport="true" hookIAT="true" scanSysEnter="true" scanDevice="true" scanCodeSectionRing0="true" scanCodeSectionRing3="true" scanMBR="true">
<userIncludedPaths />
<userExcludedPaths />
<ignoredThreats />
</scannerOptions>
<cleanerOptions />
- <threats>
- <threat id="4393047" name="MalwareDefense" level="2" category="Rogue Security Program" type="Misc" quarantineId="{430E2B2C-1D0B-479C-B514-607C4808C539}" adviseType="3" canQuarantine="true" author="" optionalScan="0" actionRequested="-1" cleanerResult="3">
<authorURL />
<desc>A Rogue Security Program is software that purports to scan and detect malware or other problems on the computer, but which attempts to dupe or badger users into purchasing the program by presenting the user with intrusive, deceptive warnings and/or false, misleading scan results. Rogue Security Programs typically use aggressive, deceptive advertising and may be installed without adequate notice and consent, often though exploits.</desc>
<threatAdviceDetails>This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.</threatAdviceDetails>
<customData />
- <traces>
- <trace type="4" dispValue="C:\DOCUMENTS AND SETTINGS\CHRIST.KIDS\Desktop\Malware Defense Support.lnk">
<attr n="path" v="C:\DOCUMENTS AND SETTINGS\CHRIST.KIDS\Desktop\Malware Defense Support.lnk" />
<attr n="fileSize" v="1650" />
<attr n="md5" v="1BCEE360D70991A3A80239275035500E" />
</trace>
- <trace type="4" dispValue="C:\DOCUMENTS AND SETTINGS\CHRIST.KIDS\Desktop\Malware Defense.lnk">
<attr n="path" v="C:\DOCUMENTS AND SETTINGS\CHRIST.KIDS\Desktop\Malware Defense.lnk" />
<attr n="fileSize" v="744" />
<attr n="md5" v="D3DB8F9C669F9F8E93BEBEEC57DDE345" />
</trace>
- <trace type="4" dispValue="c:\program files\malware defense\mdefense.exe">
<attr n="path" v="c:\program files\malware defense\mdefense.exe" />
<attr n="fileSize" v="1756088" />
<attr n="crc8" v="DB4787B75EF40000" />
<attr n="md5" v="3FCD3D6352DC4312AE3CA40B2FCC47F0" />
<attr n="detectionType" v="1" />
</trace>
- <trace type="4" dispValue="C:\Program Files\Malware Defense\mdext.dll">
<attr n="hidden" v="true" />
<attr n="path" v="C:\Program Files\Malware Defense\mdext.dll" />
<attr n="fileSize" v="37888" />
<attr n="crc8" v="EDD8372E3F600000" />
<attr n="md5" v="D40C9D79EECE1B9BE395BABF54CE8142" />
<attr n="detectionType" v="1" />
</trace>
- <trace type="4" dispValue="C:\Program Files\Malware Defense\uninstall.exe">
<attr n="hidden" v="true" />
<attr n="path" v="C:\Program Files\Malware Defense\uninstall.exe" />
<attr n="fileSize" v="49152" />
<attr n="crc8" v="60E863F35AE20000" />
<attr n="md5" v="3243514AFD6AC432B497CC6877F041BF" />
<attr n="detectionType" v="1" />
</trace>
- <trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense -1">
<attr n="hive" v="HKEY_LOCAL_MACHINE" />
<attr n="key" v="SOFTWARE\Malware Defense" />
<attr n="valueType" v="-1" />
<attr n="valueName" v="" />
</trace>
- <trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense\Data 1">
<attr n="hive" v="HKEY_LOCAL_MACHINE" />
<attr n="key" v="SOFTWARE\Malware Defense" />
<attr n="valueType" v="1" />
<attr n="valueName" v="Data" />
</trace>
- <trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense\dbsigns 1">
<attr n="hive" v="HKEY_LOCAL_MACHINE" />
<attr n="key" v="SOFTWARE\Malware Defense" />
<attr n="valueType" v="1" />
<attr n="valueName" v="dbsigns" />
</trace>
- <trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense\dbver 1">
<attr n="hive" v="HKEY_LOCAL_MACHINE" />
<attr n="key" v="SOFTWARE\Malware Defense" />
<attr n="valueType" v="1" />
<attr n="valueName" v="dbver" />
</trace>
- <trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense\FD 4">
<attr n="hive" v="HKEY_LOCAL_MACHINE" />
<attr n="key" v="SOFTWARE\Malware Defense" />
<attr n="valueType" v="4" />
<attr n="valueName" v="FD" />
</trace>
- <trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense\GUID 1">
<attr n="hive" v="HKEY_LOCAL_MACHINE" />
<attr n="key" v="SOFTWARE\Malware Defense" />
<attr n="valueType" v="1" />
<attr n="valueName" v="GUID" />
</trace>
- <trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense\SecStatus_3 4">
<attr n="hive" v="HKEY_LOCAL_MACHINE" />
<attr n="key" v="SOFTWARE\Malware Defense" />
<attr n="valueType" v="4" />
<attr n="valueName" v="SecStatus_3" />
</trace>
- <trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense\SecStatus_4 4">
<attr n="hive" v="HKEY_LOCAL_MACHINE" />
<attr n="key" v="SOFTWARE\Malware Defense" />
<attr n="valueType" v="4" />
<attr n="valueName" v="SecStatus_4" />
</trace>
- <trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense\SecStatus_5 4">
<attr n="hive" v="HKEY_LOCAL_MACHINE" />
<attr n="key" v="SOFTWARE\Malware Defense" />
<attr n="valueType" v="4" />
<attr n="valueName" v="SecStatus_5" />
</trace>
- <trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense\Settings_0 4">
<attr n="hive" v="HKEY_LOCAL_MACHINE" />
<attr n="key" v="SOFTWARE\Malware Defense" />
<attr n="valueType" v="4" />
<attr n="valueName" v="Settings_0" />
</trace>
- <trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense\swver 1">
<attr n="hive" v="HKEY_LOCAL_MACHINE" />
<attr n="key" v="SOFTWARE\Malware Defense" />
<attr n="valueType" v="1" />
<attr n="valueName" v="swver" />
</trace>
- <trace type="3" dispValue="HKEY_USERS\S-1-5-21-1993962763-2111687655-1060284298-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\MALWARE DEFENSE -1">
<attr n="hive" v="HKEY_USERS" />
<attr n="key" v="S-1-5-21-1993962763-2111687655-1060284298-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN" />
<attr n="valueType" v="-1" />
<attr n="valueName" v="MALWARE DEFENSE" />
</trace>
- <trace type="3" dispValue="HKEY_USERS\S-1-5-21-1993962763-2111687655-1060284298-1003\software\microsoft\windows\currentversion\run\Malware Defense 1">
<attr n="hive" v="HKEY_USERS" />
<attr n="key" v="S-1-5-21-1993962763-2111687655-1060284298-1003\software\microsoft\windows\currentversion\run" />
<attr n="valueType" v="1" />
<attr n="valueName" v="Malware Defense" />
</trace>
</traces>
</threat>
- <threat id="4452591" name="AntiMalware" level="2" category="Rogue Security Program" type="Misc" quarantineId="{A428B68A-D141-482F-8BEF-2B2515E496A0}" adviseType="3" canQuarantine="true" author="" optionalScan="0" actionRequested="-1" cleanerResult="3">
<authorURL />
<desc>A Rogue Security Program is software that purports to scan and detect malware or other problems on the computer, but which attempts to dupe or badger users into purchasing the program by presenting the user with intrusive, deceptive warnings and/or false, misleading scan results. Rogue Security Programs typically use aggressive, deceptive advertising and may be installed without adequate notice and consent, often though exploits.</desc>
<threatAdviceDetails>This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.</threatAdviceDetails>
<customData />
- <traces>
- <trace type="3" dispValue="HKEY_LOCAL_MACHINE\SOFTWARE\AntiMalware -1">
<attr n="hive" v="HKEY_LOCAL_MACHINE" />
<attr n="key" v="SOFTWARE\AntiMalware" />
<attr n="valueType" v="-1" />
<attr n="valueName" v="" />
</trace>
</traces>
</threat>
- <threat id="4657522" name="Packed.Win32.TDSS.aa.3 (v)" level="2" category="Trojan" type="Malware" quarantineId="{DD1599E4-895B-4791-8E40-91EB5CF3EEB8}" adviseType="3" canQuarantine="true" author="" optionalScan="0" actionRequested="-1" cleanerResult="3">
<authorURL />
<desc>Trojan is a general term for malicious software that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent. Most Trojans exhibit some form of malicious, hostile, or harmful functionality or behavior.</desc>
<threatAdviceDetails>This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.</threatAdviceDetails>
<customData />
- <traces>
- <trace type="4" dispValue="C:\Documents and Settings\Christ.KIDS\Local Settings\Temp\wscsvc32.exe">
<attr n="hidden" v="true" />
<attr n="path" v="C:\Documents and Settings\Christ.KIDS\Local Settings\Temp\wscsvc32.exe" />
<attr n="fileSize" v="559104" />
<attr n="crc8" v="C568269BA67E0000" />
<attr n="md5" v="58B48A9BB1C0B7A2923CEC5E376B7BC8" />
</trace>
- <trace type="4" dispValue="C:\WINDOWS\system32\H8SRTikjikqjymt.dll">
<attr n="hidden" v="true" />
<attr n="path" v="C:\WINDOWS\system32\H8SRTikjikqjymt.dll" />
<attr n="fileSize" v="16896" />
<attr n="crc8" v="6B07982635160000" />
<attr n="md5" v="FFA2A85B918390B48772FE6C647836AC" />
</trace>
- <trace type="4" dispValue="C:\WINDOWS\system32\H8SRTpblrpporvo.dll">
<attr n="hidden" v="true" />
<attr n="path" v="C:\WINDOWS\system32\H8SRTpblrpporvo.dll" />
<attr n="fileSize" v="36864" />
<attr n="crc8" v="4F5F37CFC3F90000" />
<attr n="md5" v="33F3B56084CAB426D966284E8A672568" />
</trace>
- <trace type="4" dispValue="C:\WINDOWS\system32\H8SRTuheonsdwht.dll">
<attr n="hidden" v="true" />
<attr n="path" v="C:\WINDOWS\system32\H8SRTuheonsdwht.dll" />
<attr n="fileSize" v="40960" />
<attr n="crc8" v="8163F79A9ACD0000" />
<attr n="md5" v="2ED850F5A8190C00907553ED20B07C74" />
</trace>
- <trace type="4" dispValue="C:\WINDOWS\system32\H8SRTxlrwccvvoo.dll">
<attr n="hidden" v="true" />
<attr n="path" v="C:\WINDOWS\system32\H8SRTxlrwccvvoo.dll" />
<attr n="fileSize" v="23040" />
<attr n="crc8" v="A8F49226D5CA0000" />
<attr n="md5" v="FF30E97A9B3D5988C31EDB09713913E9" />
</trace>
</traces>
</threat>
- <threat id="4150696" name="Trojan.Win32.Generic!BT" level="2" category="Trojan" type="Malware" quarantineId="{4F79C75D-39B7-449A-AAD4-C6617C66E2DF}" adviseType="3" canQuarantine="true" author="" optionalScan="0" actionRequested="-1" cleanerResult="3">
<authorURL />
<desc>Trojan is a general term for malicious software that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent. Most Trojans exhibit some form of malicious, hostile, or harmful functionality or behavior.</desc>
<threatAdviceDetails>This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.</threatAdviceDetails>
<customData />
- <traces>
- <trace type="4" dispValue="C:\Documents and Settings\Christ.KIDS\Local Settings\Temp\H8SRTfea.tmp">
<attr n="hidden" v="true" />
<attr n="path" v="C:\Documents and Settings\Christ.KIDS\Local Settings\Temp\H8SRTfea.tmp" />
<attr n="fileSize" v="343040" />
<attr n="crc8" v="D2A92C3B8EFE0000" />
<attr n="md5" v="C0DBC7E2C1C30231BFEC0C1BDF7CD64A" />
<attr n="detectionType" v="1" />
</trace>
</traces>
</threat>
- <threat id="4150696" name="Trojan.Win32.Generic!BT" level="2" category="Trojan" type="Malware" quarantineId="{01AEE1B0-A031-474F-AE52-3CB41F12B5B1}" adviseType="3" canQuarantine="true" author="" optionalScan="0" actionRequested="-1" cleanerResult="3">
<authorURL />
<desc>Trojan is a general term for malicious software that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent. Most Trojans exhibit some form of malicious, hostile, or harmful functionality or behavior.</desc>
<threatAdviceDetails>This is a high risk and should be removed immediately as it may compromise your privacy and security, make dangerous changes to your computer's settings without your knowledge and consent, or severely degrade your computer's performance and stability.</threatAdviceDetails>
<customData />
- <traces>
- <trace type="4" dispValue="C:\WINDOWS\IFinst27.exe">
<attr n="hidden" v="true" />
<attr n="path" v="C:\WINDOWS\IFinst27.exe" />
<attr n="fileSize" v="65536" />
<attr n="crc8" v="C71503CDCEE10000" />
<attr n="md5" v="9C17BCA3EF837BACDED7E4299508E71D" />
<attr n="detectionType" v="1" />
</trace>
</traces>
</threat>
</threats>
</SBCSThreatEngineResults>

ps: ive tried deleting some files to see if i could clear it up further but nothing happens really, also my anti-viruses still wont open up

Edited by sob ihmcomputer, 13 January 2010 - 08:12 AM.


#11 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 13 January 2010 - 04:53 PM

Now try running the Malwarebytes scan again.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#12 sob ihmcomputer

sob ihmcomputer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 13 January 2010 - 07:00 PM

sorry for not getting back to you, but i just ran it, and it didnt work :/

#13 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 13 January 2010 - 07:03 PM

Download this file and save it to your desktop:

http://download.bleepingcomputer.com/grinler/rkill.scr

Double-click the file to run it. A command window will open briefly. Then try to run a quick scan with Malwarebytes. Post the Malwarebytes log.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#14 sob ihmcomputer

sob ihmcomputer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:34 PM

Posted 13 January 2010 - 07:15 PM

alright tried running rkill, and unfortunatley it came up with the error message, this application has failed to start because

framedyn.dll was not found

:[

#15 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:34 AM

Posted 13 January 2010 - 07:22 PM

I think it's time to head on over to the HijackThis forum for a closer look.

Preparation Guide for use before posting a HijackThis Log

Go straight to Step 6. Be sure to include a link to this thread so they can see what has already been tried.

If you cannot get those scans to run post a copy of your VIPRE log instead.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users