Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AV Security Suite Supposedly gone


  • Please log in to reply
1 reply to this topic

#1 Alyzza

Alyzza

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 25 June 2010 - 12:12 AM

Okay, for roughly five hours now I've been grappling with this virus. At first I thought, "Oh, I'm so clever, I have MBAM installed and I can just run it." But MBAM wouldn't run.

My brother walked me through how to turn on safe mode, but my keyboard wouldn't arrow up to safe mode. I briefly was able to run msconfig and selected /SAFEBOOT and networking before the virus wouldn't allow me to do that. I rebooted, and got to MBAM. I updated it and ran a full scan. I found the bugs and I deleted them (someone was telling me that I shouldn't do that and I should always leave it in quarantine). I rebooted and the virus was back.

So I went through the steps again, called my brother and he told me to get on google and download A squared and AVG Free. I told him it wouldn't work. At this point he wasn't sure what to do, and told me to get my flashdrive and plug it into my mom's computer. I didn't want to because I was worried that the virus would spread from the flash drive to my mom's computer, since I had put in the flashdrive when the computer got infected to put fix.reg on there. Needless to say, fix.reg didn't work.

So I didn't put the programs on there. I went through, I don't know when and changed the settings so I was at no proxy, and ran malwarebytes again in safe mode. I deleted the bugs (again) and rebooted back into Normal. Things seem to be okay, but I can't view my internet connections or my firewall connections, and avast will not turn on.

If I try to get on the internet, I can't. I want to turn my proxy back on, but the proxy is 127.0.0.1 and I thought that was the proxy that the virus kept on coming back through. I'm not sure though.

I ran regedit after I discovered that I couldn't connect to the internet and I didn't see any of the registries listed for AV Suite.

So, my major questions are;
1) can I plug my flashdrive into my mom's computer to put antimalware programs on it without infecting her computer
and
2) can I turn the proxy back on or will the virus just come back.

Some other things that may or may not be related:
MBAM's quick scan was at first, only about ten minutes. At this point I let the quick scan run to 44 minutes before I aborted it.

The Message 'GetDriveLayout: CreateFile fail ! The system cannot find the file specified.' pops up each time I reboot.

I apologize in advance if I seem agonizingly stupid. There is only so much a 13-year-old girl who is sleep deprived knows what to do. Help is appreciated.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:38 AM

Posted 26 June 2010 - 09:40 AM

Hello. Is there an Antivirus program installed in the infected PC?

Yes you can use the USB but first clean it on her machine.
Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.


Then follow this Guide I think it will help us.

You need to do all the steps as some pertain to your issue..
Please follow our Removal Guide here Remove Antispyware Soft (Uninstall Guide)
You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users