Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AntiMalware Doctor


  • Please log in to reply
4 replies to this topic

#1 mbono

mbono

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 06 September 2010 - 03:30 PM

Hey Peeps,
I got this bug on sept6/10 probably from downloading a k-lite codec bundle off piratebay. I have exhausted the common methods I know + youtube how to videos. Here is a list of what I've tired or can't do.

safe mode has no effect on everything below
-internet explored won't open (pop up blocked), and going through internet options in control panel to change proxy had no effect.
-taskmanger (pop up blocked)
-rkill won't load off of USB drive (pop up blocked)
-hijackthis log doesn't appear to anything related to AM doctor
-regedit (pop up blocked)

I believe it stored itself it user/appdata/roaming....i manually deleted its folder. Folder is gone virus remains. Curiously in user/appdata/roaming I got another bug antispy(with blue/yellow shield) probably at the exact same time. Which i can't delete (antispy) manually in safe mode.

Any ideas...would I be able to system configuration (msconfig) to prevent it starting up at restart. I have wasted 1/2 of my labor truing to remove it, so any help would be much appreciated.

A few other notes. AntiMalware Doctor turned windows programs off: security center, defender, firewall, and system restore. These windows programs won't turn back on.
This probably isn't worth mentioning but I also updated/upgarded to itunes 10 a few minutes before this happended.

EDIT: Posts merged ~BP

Edited by Budapest, 06 September 2010 - 04:49 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:43 AM

Posted 06 September 2010 - 05:00 PM

Hello,

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 mbono

mbono
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 10 September 2010 - 10:01 PM

AntiMalware doctor TKO’d my pc. Most of windows control panel programs + internet failed before I ran the various programs + scans to determine the problem. Now on restart I get a black screen ā€œdisk boot failure, insert system disk and press enterā€. Put a boot disc in and it launches windows setup, on reinstall, it tries to create a partition for the Operating System(I think) I get a screen with the message.

Unknown Disk
(There is no disk in this drive)
^message x4^

Which I assume means I am missing drivers.

Is there any manual way to format hard drives without recovery disks for Windows Media Center edition 2005(HP)?



Below is the info I was prep, before I decided to throw in the towel.
_____________________________________________________________________________________
Step#5 Firewall --
Enabling firewall was a no go most but not all of windows control programs aren't functioning. Network connection not working.

_____________________________________________________________________________________

Step#6 Defrogger
-ran with uncertain results... got 'finished' pop-up. But blackscreen pop-up remained open and never prompted me to reboot computer. It created the following log.

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 18:15 on 07/09/2010 (compname)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read stlzu.sys


-=E.O.F=-_____________________________________________________________________________________

Step#7 DDS
DDS log returned this: aside from the 2 bolded....I am 99% certain that all the other programs legit. and Dassault hasn't been giving me any grief.

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


3DVIA Shape for Maps
7-Zip 4.23
abgx360 v1.0.2
Acrobat.com
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.2
Antimalware Doctor
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo Magical Snap FREE
µTorrent
Audacity 1.2.6
Bonjour
CamStudio
CDisplay 1.8
Dassault Systemes Software Prerequisites x86
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DVD Shrink 3.2
FLV Player 2.0 (build 25)
GIMP 2.6.8
Guild Wars
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
Intel® Network Connections Drivers
iriver Music Manager
iRiver Updater
iTunes
Java Auto Updater
Java™ 6 Update 3
Linksys EasyLink Advisor
LSI PCI Soft Modem
MagicTune Premium
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works 7.0
MobileMe Control Panel
MultiScreen
NeoDownloader 2.4
Nero 7 Essentials
Paint.NET v3.5.3
Pure Networks Platform
QuickTime
Realtek High Definition Audio Driver
Safari
Spelling Dictionaries Support For Adobe Reader 9
TorchED
Torchlight
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.4053
WinDirStat 1.1.2
YouTube Downloader 2.6
YouTube Downloader Toolbar v1.0

==== End Of File ===========================

_____________________________________________________________________________________

Step#8 GMER
Ran gmer...unsure if it started autoscan or I started scan without unchecking selections. Resulted in instant crash with a blue screen full of text that flashed to quickly to read. After restart ran gmer and warning pop-up...GMER has found system modification, which might have been caused by ROOTKIT activity.
In red Text above:
type - service
name - (xxxhiddenxxx) <---xxx are small upper case letters like you see in exponents
value - [BOOT]stlzu

Never made it through a full scan it would always freeze my computer.

_____________________________________________________________________________________
Ran hijackthis and half way through with message: (a shorten version)
"for some reason your system denied write access to the Hosts file. If any highjack domains are in this file......if that happens you need to edit the file yourself....C:\Windows\system32\drivers\etc\hosts"


This post can be closed.

Edited by mbono, 10 September 2010 - 10:02 PM.


#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:43 AM

Posted 12 September 2010 - 12:33 PM

To clarify: Do you still need assistance with this issue?

~ OB
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 mbono

mbono
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:43 AM

Posted 19 September 2010 - 09:15 PM

nope. thanxs anyway




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users