Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help removing Antivirus Suites malware (part 2)


  • This topic is locked This topic is locked
5 replies to this topic

#1 Bill_C2

Bill_C2

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 03 April 2010 - 12:52 AM

It's taken a couple of days to gather the information you need, but I believe here it is... Ark, and two DDS text files.

It took Gmer (?) 9 hours to create ark.txt so I hope it is what you need.

Anything you can do to assist me in getting rid of Antivirus Suites would be greatly appreciated.

B.

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:33 PM

Posted 03 April 2010 - 04:59 AM

Hi Bill_C2,

Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.
  1. Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box (without the word CODE) into a new file:


    CODE
    @ECHO OFF
    tskill fexqhvdtssd
    regdelete HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v meqymlyu /f
    Reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /f
    Reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
    del /a/f/q "c:\documents and settings\william cordingley\local settings\application data\hpcxmqmik\fexqhvdtssd.exe"
    move "c:\documents and settings\william cordingley\local settings\application data\hpcxmqmik\fexqhvdtssd.exe" %temp%
    rd /s/q  "c:\documents and settings\william cordingley\local settings\application data\hpcxmqmik"
    dir /a/b "c:\documents and settings\william cordingley\local settings\application data\hpcxmqmik" >log.txt 2>&1
    start log.txt

    • Go to the File menu at the top of the Notepad and select Save as.
    • Select Save in: desktop
    • Fill in File name: look.bat
    • Save as type: All file types (*.*)
    • Click save.
    • Close the Notepad.
    • Locate look.bat on the desktop. It should look like this:
    • Double-click to run it.
    • A notepad opens, copy and paste the content (log.txt) to your reply.

  2. Reboot your computer.

  3. Run CCleaner (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked). Then click run cleaner.

  4. Open your Malwarebytes' Anti-Malware.
    • First update it, to do that under the Update tab press "Check for Updates".
    • Under Scanner tab select "Perform Quick Scan", then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.

    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#3 Bill_C2

Bill_C2
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 03 April 2010 - 02:27 PM

Farbar -- I just sent you a "FastReply" but did not see it posted. In case you did not receive it, please let me know and I'll send it again using "Add Reply."

B

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:33 PM

Posted 03 April 2010 - 05:13 PM

If you see it, I can see it too. Use Add Reply please.

#5 Bill_C2

Bill_C2
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:33 AM

Posted 04 April 2010 - 01:11 PM

I'm back up and running, thanks to you.

I hope you got my donation.

I couldn't be happier!

B

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:33 PM

Posted 04 April 2010 - 06:15 PM

You are most welcome and thanks for the donation B. smile.gif

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a PM and I will reopen it for you.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users