Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

recovering from antimalware doctor


  • This topic is locked This topic is locked
10 replies to this topic

#1 johnbtf

johnbtf

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 25 August 2010 - 10:43 AM

I have tried various things to rid our computer of antimalware doctor, and it seems to be cleaned up somewhat (using Malwarebytes' Anti-Malware) , but I can not install any other anti-virus software. I tried AVG, Avira, Stopzilla. They download but fail to install. (I made sure to uninstall any other antivirus programs first.) I also tried to switch to Google Chrome and it can not open any connection, although Firefox continues to work fine. I was planning on trying Combofix. Should I?
Thanks for the help.

Edited by Blade Zephon, 25 August 2010 - 11:17 AM.
Moved to AII as no logs provided and Prep Guide not followed. ~BZ


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:26 PM

Posted 25 August 2010 - 11:17 AM

Hello.

Please follow the instructions in This Guide starting at Step 6.

Once the proper logs are created, then make a NEW TOPIC and post it HERE Please include a description of your computer issues and what you have done to try to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 zeppelin

zeppelin

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 25 August 2010 - 03:30 PM

See my thread I had before. I followed all the steps and cleaned my computer of antimalware doctor and it works fine now.
http://www.bleepingcomputer.com/forums/topic342313.html

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:26 PM

Posted 25 August 2010 - 05:17 PM

Attempting to use instructions that were created for another computer is a rather dangerous practice, for a couple reasons. Many infections may have similar symptoms, but can be substantially different in their construction and thus require different removal methods. It takes a good deal of training to be able to correctly identify some of these infections, and attempting an improper removal can sometimes cause a number of problems, including rendering your computer unable to start correctly. Additionally, each computer is different, and considerations must be made in the preparation of a fix to cause the least amount of disturbance to the machine.

In short. . . don't follow the instructions given in another thread.

Edited by Blade Zephon, 25 August 2010 - 05:17 PM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 johnbtf

johnbtf
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 26 August 2010 - 02:52 PM

I followed the instructions, and got to the part about the gmer log. It ran for a long time,and by the end of it I saved the log to the desktop. I tried to get back onto the Internet to post the results but the connection was not working. So I tried to shut down the computer and it had a couple of unresponsive progrs that could not close so I ended those programs. Now I can't start the cputer at all even in safe mode. What happened?!
-- John (using another computer!)

#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:26 PM

Posted 26 August 2010 - 03:01 PM

Hi John.

Could you describe for me exactly what happens when you try to start the computer?

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#7 johnbtf

johnbtf
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 26 August 2010 - 08:01 PM

Well, when I hit the on button (this is a laptop) the first screen which says Dell vostro 1500, bios a10 , and gives me the prompt to hit f1, or f12 keys... Then nothing else happens, just a black screen (it's not off, though). If I hit the f8 key, (before it goes blank), it gives me options to start in safe mode; safe mode with networking; etc. So when I select safe mode , and then Microsoft windows xp home edition (the only option) then it seems to begin loading, with"multi(0)disk(0)rdisk(0)partition(2)\windows\system32\ntoskrnl.exe " then 14 other similar program codes(?), the last one ending with "...system32\drivers\isapnp.sys" and there it hangs.
Things have gone from bad to worse, eh?
Thanks for helping me out.
-John

#8 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:26 PM

Posted 27 August 2010 - 09:13 AM

Hello John.

Have you tried Last Known Good Configuration at the F8 menu?

Additionally. . . do you have a Windows disk available to you. . . will make things much less painful to deal with.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#9 johnbtf

johnbtf
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:26 PM

Posted 27 August 2010 - 08:00 PM

I tried to start with the last known good configuration, but that did not work (same thing as just trying to start in in safe mode... blank screen). I do have the disks. Is all of my data going to be retrievable?
-John

#10 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:26 PM

Posted 30 August 2010 - 06:38 PM

Hi John.

I am shifting this topic from Am I Infected to the specialized Malware Removal Forum since what we'll be doing is a fairly advanced technique.

Yes. . . your data will definitely be retrievable.

We'll be using your disks to create a special recovery environment from which we can manipulate some things. It's a fairly involved process, but if you follow the instructions carefully you should be okay. If you are unsure about something. . . please stop and ask. I will be happy to clarify anything you may be confused about.

***************************************************

Let's try to boot your computer using the Ultimate Boot CD for Windows (UBCD4win).

Please print this guide for future reference!

You will need a blank CD, a clean computer and a flash drive.

Please follow the steps below and let me know if you were successful. If you were unable to create the UBCD4win, please tell me what error messages you got and/or what steps you got hung up on.

1. Download and Run Ultimate Boot CD for Windows
  • Save it to your Desktop.
  • Double-Click on the UBCD4Win.EXE that you just downloaded to your desktop.
  • Follow all of the instructions/prompts that come up.
    NOTES:
    • Do not install to a folder with spaces in it's name.
    • Your Anti-Virus may report viruses or trojans when you extract UBCD4Win, these are "False-Positives." Read HERE for information regarding the files that normally trigger AV software.
2. Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive
  • Double-Click on UBCD4WinBuilder.exe located in your C:\ubcd4win folder.
  • Click "I agree" to the Builders License.
  • Click NO to Search for Windows Installation Files
  • Make the following selections from the Main Screen that pops up:
    • Builder
      • Source:(path to Windows installation files)
        • Enter the path to the drive where your XP CD is located.
        • You can click on the "..." button on the right to navigate to the path as well.
      • Custom: (include files and folders from this directory)
        • No information is necessary, leave blank.
      • Output: (C:\ubcd4win\BartPE)
        • Keep the default BartPE
    • Media output
      • Choose Create ISO image
      • Do not choose Burn to CD/DVD
        Please note: If your XP install disc is SP1 then please .....
        1. Disable- DComLaunch Service
        2. Enable- LargeIDE Fix

          This can be done by pressing the "Plugin" button and checking or unchecking the appropriate selections
      Also note: If you have a Dell XP install disc you will need to follow the instructions here
      http://www.ubcd4win.com/faq.htm#dell
    3. Click on the "Build" button
    • You will see the Windows EULA message. Click on I Agree
    • You will now see the Build Screen. Let it run it's course
    • When the Build is finished you can click close, then exit
    4. Burn your ISO file to CD
    • Please see HERE on how to burn an ISO to CD.
    ==========

    Next........

    From your clean computer..

    Please download OTLPE.zip and save it to a flash drive.
    http://oldtimer.geekstogo.com/OTLPE.zip
    http://www.itxassociates.com/OT-Tools/OTLPE.zip

    Double click and unzip OTLPE.zip to its own folder on your flash drive. Name it OTLPE <-- Important!!

    ==========

    Plug your flash drive into your sick computer now and do as instructed below..

    ==========

    1. Restart Your sick Computer Using the UBCD4Win Disc That You Have Created
    • Insert the UBCD4Win disc in to one of your CD/DVD drives.
    • Restart your computer.
      • The computer should choose to boot from the UBCD4Win CD automatically. If it doesn't and you are asked if you want to boot from CD, then choose that option.
    • In the window that pops up select Launch The Ultimate Boot CD For Windows and press Enter.
      • It may take a little longer for the Desktop to appear than it does when you start your computer normally. Just let the process run itself until the desktop appears.
    • Once the desktop appears, you will receive a message asking: Do you want to start Network support?
      • Click on Yes if you want to use the PE environment to get online post your log and reply by way of an Ethernet connection.
    • You should now have a desktop that looks like this:
    ==========

    Single click My computer from your UBCD4W desktop to navigate to the OTLPE folder that you saved to your flash drive.

    Open the OTLPE folder and double click Start.cmd.
    • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
    • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
    • OTLPE should now start

      Change the following settings
      • Change Services, Drivers, Standard and Extra Registry to All
    • Copy and Paste the following code into the textbox. Do not include the word "Code"

      CODE
      netsvcs
      msconfig
      safebootminimal
      safebootnetwork
      activex
      drivers32
      %ALLUSERSPROFILE%\Application Data\*.
      %ALLUSERSPROFILE%\Application Data\*.exe /s
      %APPDATA%\*.
      %APPDATA%\*.exe /s
      %SYSTEMDRIVE%\*.exe
      /md5start
      userinit.exe
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      /md5stop
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\System32\config\*.sav
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\system32\drivers\*.sys /90
      CREATERESTOREPOINT

    • Push
    • A report will open. Save that log to your flash drive. Copy and Paste that report in your next reply.
    ~Blade


    In your next reply, please include the following:
    OTLPE Log

    Edited by Blade Zephon, 30 August 2010 - 06:39 PM.

    Posted Image

    If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
    Become a BleepingComputer fan: Facebook
    Follow us on Twitter!
    Circle us on Google+


    #11 Blade

    Blade

      Strong in the Bleepforce


    • Site Admin
    • 12,702 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:US
    • Local time:12:26 PM

    Posted 20 September 2010 - 10:56 AM

    Due to lack of feedback, this topic is now Closed

    ~Blade

    Posted Image

    If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
    Become a BleepingComputer fan: Facebook
    Follow us on Twitter!
    Circle us on Google+





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users