Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hello, I'm new and afraid to even ask for help


  • Please log in to reply
23 replies to this topic

#1 Darlene M

Darlene M

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 31 January 2011 - 12:43 PM

Hello, I've been reading posts on this site for two days now hoping to find a fix for a redirect virus thingy that is messing me up. I need help, but in all honesty, I'm afraid to even ask because I won't have any clue as to how to get the info I need to give to get the help that I need. I don't even know how to look up what version of windows I have. So, you can see how helping me would be like holding a baby's hand.

But, the more I try to fix my problem on my own, the worse things get. Now I'm even questioning if posting logs here is safe (of course, I would not have a clue how to even do that). Everything I do, I later read somewhere else that I should NOT have done what I did. I don't know whether I should laugh or cry. I'm very close to crying.

On a good note, I'm very willing to read and read and read so I can learn more. I just need to be sure what I'm reading is good advice and not bogus advice that will get me deeper into a computer mess. And I'm pretty good at following instructions.

I make my living online, so it's important that I get this mess cleaned up. I will totally appreciate any help I can get here. A bit later I will post my actual problem... if I can figure out where the correct place is to do that.

Signed, slightly hopeful Darlene LOL

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:19 AM

Posted 31 January 2011 - 12:54 PM

Hello Darlene and welcome. I am moving this to the Am I Infected forum...
Look here>>> How to determine the version of Windows that is installed on a computer
What browser do you use?? IE,Firefox???

Are you having pop ups,redirects very slow PC??
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Eyesee

Eyesee

    Bleepin Teck Shop


  • BC Advisor
  • 3,541 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:In the middle of Kansas
  • Local time:09:19 AM

Posted 31 January 2011 - 12:54 PM

Hi Darlene and welcome to the forum!

Dont be afraid to ask for help here. Thats what we are all here for.
Our virus/malware people are top notch. You can trust their advice totally.

I have requested that your post be moved to the virus removal form so that it gets the attention that it deserves.
Please be patient
In the beginning there was the command line.

#4 Darlene M

Darlene M
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 31 January 2011 - 01:14 PM

Thank you for the welcome and for my first teaching steps!

I now know that I have windows XP, home edition, version 2002, service pack 3.

I use IE, but also have firefox. The redirect happens on both. When I search, it changes the URL and then it changes it yet again and I end up on a page with what looks like a bunch of junk links.

I tried too many things to list. I would not even know how to explain all I did. I'm sure I would have been better not doing any of it.

One thing I tried that I learned about here is tothat TDSSkill thing. I have never been able to get that to work for me. I even changed the name and the extension. When I click run, nothing happens.

As for slow PC, not too slow. It was very slow after I did some stuff yesterday, so I did a system restore to Jan 29. At one point, I took advice and turned off the system restore and now I can't restore any further back than Jan 29.

I just feel bad for whoever tries to help me! But any help will be appreciated. Darlene

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:19 AM

Posted 31 January 2011 - 01:47 PM

I just feel bad for whoever tries to help me! But any help will be appreciated. Darlene

That's why I am here ... :)
Notice the statement below my avitar... between you and me I am in the beyond area.
I will go slow so tht all of my personsalities can keep up. :crazy:

We will probably reun somethings again as you say you've ran many..
Removing Malware nowadays is like putiing kids to bed. They come up with many ways to prevent that from happening.

Now I forgot to ask what is your Antivirus program and do you have SptBot installed?


Let's start by seeing if we can run MBAM.

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Darlene M

Darlene M
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 01 February 2011 - 11:42 AM

I am so sorry that I missed this reply! I thought I'd get a notice in my email. I thought I checked a box somewhere along the way that said I'd get email notices. Now I clicked on Watch Topic, so hopefully I'll get notices now.

I'm on my way to the dentist but will run MBAM when I get back. Yes, I have run it before in both regular and safe mode. I used the latest version. I will do it again and will be sure to read every step of your directions.

Here is where you are going to disown me... I have no antivirus, and never have in 11 years of being online. People tell me I need antivirus, but I've been using this particular computer for over 5 years (think I got it in 05) and have only had a couple issues that MBAM or system restore fixed. I know, I know... I'm asking for trouble. As for spybot, I don't think I have that. Not sure what that is.

Off to the dentist. Once again, I'm sorry I missed your reply. Will be back this afternoon to run MBAM.

Thanks! Darlene

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:19 AM

Posted 01 February 2011 - 01:02 PM

Nice try darlene,you can't get off that easy.. Now you have to install this,it's what I use.
Install,update and scan eith Avira Antivir and it's free.

Yes it's a different internet now. You need an AV app running.

Im sure then if you had no AV you didn't install Spybot :)
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Darlene M

Darlene M
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 01 February 2011 - 09:58 PM

I uninstalled my version of MBAM and installed it again just to be sure. I ran it and it found one bug. I removed it then it asked to reboot so I did.

When I rebooted, I got a pop up that said this...

Your computer might be at risk
Antivirus software might not be installed
Click this balloon to fix this problem

I'm not sure if that's safe, so I did not click it. I just closed the pop up. Now I have a litle red sheild with a white X on it on the bottom bar next to my sound icon.

I don't know if I was supposed to install the antivirus thing that you gave me before I did the MBAM scan. I didn't install it, but will install it after this.

The redirect thing is still happening. Here is my log after the MBAM scan...

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5657

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/1/2011 9:42:19 PM
mbam-log-2011-02-01 (21-42-19).txt

Scan type: Quick scan
Objects scanned: 154881
Time elapsed: 17 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:19 AM

Posted 01 February 2011 - 10:09 PM

Hi Ms D
I think it's just telling us what we know about not having an AV,so let's run Avira amd tell me if that popup and the litle red sheild with a white X go away.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Darlene M

Darlene M
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 01 February 2011 - 10:22 PM

I just ran Avira. I almost seemed too quick to make me feel like it did anything. While Avira was downloading, I got another pop up on that red sheild and it said AntiVir desktop might be out of date... but I just closed it. Now that red sheild is gone.

Here is the log that I got after the Avira scan. I am beyond proud that I know how to post a log!!! I feel all grown up!

BTW... I can't thank you enough for helping me!


Avira AntiVir Personal
Report file date: Tuesday, February 01, 2011 22:14

Scanning for 2446490 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Owner
Computer name : SANFORD

Version information:
BUILD.DAT : 10.0.0.611 31824 Bytes 1/14/2011 13:42:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 1/10/2011 19:23:31
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 1/10/2011 19:23:40
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 19:23:50
VBASE002.VDF : 7.11.0.1 2048 Bytes 12/14/2010 19:23:50
VBASE003.VDF : 7.11.0.2 2048 Bytes 12/14/2010 19:23:50
VBASE004.VDF : 7.11.0.3 2048 Bytes 12/14/2010 19:23:50
VBASE005.VDF : 7.11.0.4 2048 Bytes 12/14/2010 19:23:50
VBASE006.VDF : 7.11.0.5 2048 Bytes 12/14/2010 19:23:50
VBASE007.VDF : 7.11.0.6 2048 Bytes 12/14/2010 19:23:50
VBASE008.VDF : 7.11.0.7 2048 Bytes 12/14/2010 19:23:50
VBASE009.VDF : 7.11.0.8 2048 Bytes 12/14/2010 19:23:50
VBASE010.VDF : 7.11.0.9 2048 Bytes 12/14/2010 19:23:50
VBASE011.VDF : 7.11.0.10 2048 Bytes 12/14/2010 19:23:50
VBASE012.VDF : 7.11.0.11 2048 Bytes 12/14/2010 19:23:50
VBASE013.VDF : 7.11.0.52 128000 Bytes 12/16/2010 20:54:35
VBASE014.VDF : 7.11.0.91 226816 Bytes 12/20/2010 22:12:47
VBASE015.VDF : 7.11.0.122 136192 Bytes 12/21/2010 00:09:26
VBASE016.VDF : 7.11.0.156 122880 Bytes 12/24/2010 14:41:13
VBASE017.VDF : 7.11.0.185 146944 Bytes 12/27/2010 19:39:57
VBASE018.VDF : 7.11.0.228 132608 Bytes 12/30/2010 21:23:58
VBASE019.VDF : 7.11.1.5 148480 Bytes 1/3/2011 22:45:39
VBASE020.VDF : 7.11.1.37 156672 Bytes 1/7/2011 14:30:06
VBASE021.VDF : 7.11.1.65 140800 Bytes 1/10/2011 18:12:43
VBASE022.VDF : 7.11.1.87 225280 Bytes 1/11/2011 19:47:36
VBASE023.VDF : 7.11.1.124 125440 Bytes 1/14/2011 03:12:21
VBASE024.VDF : 7.11.1.155 132096 Bytes 1/17/2011 03:12:22
VBASE025.VDF : 7.11.1.189 451072 Bytes 1/20/2011 03:12:25
VBASE026.VDF : 7.11.1.230 138752 Bytes 1/24/2011 03:12:26
VBASE027.VDF : 7.11.2.12 164352 Bytes 1/27/2011 03:12:27
VBASE028.VDF : 7.11.2.43 178176 Bytes 2/1/2011 03:12:28
VBASE029.VDF : 7.11.2.44 2048 Bytes 2/1/2011 03:12:29
VBASE030.VDF : 7.11.2.45 2048 Bytes 2/1/2011 03:12:29
VBASE031.VDF : 7.11.2.50 60928 Bytes 2/1/2011 03:12:29
Engineversion : 8.2.4.158
AEVDF.DLL : 8.1.2.1 106868 Bytes 1/10/2011 19:23:26
AESCRIPT.DLL : 8.1.3.53 1282427 Bytes 2/2/2011 03:12:46
AESCN.DLL : 8.1.7.2 127349 Bytes 1/10/2011 19:23:26
AESBX.DLL : 8.1.3.2 254324 Bytes 1/10/2011 19:23:26
AERDL.DLL : 8.1.9.2 635252 Bytes 1/10/2011 19:23:25
AEPACK.DLL : 8.2.4.9 512374 Bytes 2/2/2011 03:12:44
AEOFFICE.DLL : 8.1.1.16 205179 Bytes 2/2/2011 03:12:42
AEHEUR.DLL : 8.1.2.70 3191159 Bytes 2/2/2011 03:12:41
AEHELP.DLL : 8.1.16.0 246136 Bytes 1/10/2011 19:23:19
AEGEN.DLL : 8.1.5.2 397683 Bytes 2/2/2011 03:12:32
AEEMU.DLL : 8.1.3.0 393589 Bytes 1/10/2011 19:23:18
AECORE.DLL : 8.1.19.2 196983 Bytes 2/2/2011 03:12:31
AEBB.DLL : 8.1.1.0 53618 Bytes 1/10/2011 19:23:18
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/10/2011 19:23:32
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/10/2011 19:23:30
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 19:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 1/10/2011 19:23:31
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 1/10/2011 19:23:31
AVARKT.DLL : 10.0.22.6 231784 Bytes 1/10/2011 19:23:27
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/10/2011 19:23:28
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 19:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 1/10/2011 19:23:31
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 19:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 1/10/2011 19:23:52

Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Tuesday, February 01, 2011 22:14

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned
Scan process 'ViewMgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ViewpointService.exe' - '1' Module(s) have been scanned
Scan process 'PRISMXL.SYS' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'WLanCfgG.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'WLService.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ding.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Master boot sector HD5
[INFO] No virus was found!

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '1707' files ).



End of the scan: Tuesday, February 01, 2011 22:15
Used time: 00:49 Minute(s)

The scan has been done completely.

0 Scanned directories
2181 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
2181 Files not concerned
5 Archives were scanned
0 Warnings
0 Notes

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:19 AM

Posted 01 February 2011 - 10:36 PM

OK, no you have the latest version and database {Engineversion : 8.2.4.158}

We may still have rogue app on here

Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

Run RKill.... {{if you want to read about RKILL -->>RKill - What it does and What it Doesn't

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.

EDIT: forgot to say you are most welcome...big girl :lmao: But you are doing great.
Just about everything you'll need to know about using the forum is here in New User Orientation

Edited by boopme, 01 February 2011 - 10:47 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Darlene M

Darlene M
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 01 February 2011 - 11:15 PM

I will try to get to all this tomorrow, in between snow shoveling sessions. If for any reason I disapper for awhile, it could be that I lost power or lost cable. If you are also in the area of this storm... stay safe!

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:19 AM

Posted 01 February 2011 - 11:45 PM

I hear ya... be safe and careful shoveling... We'll keep a light on fer ya.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Darlene M

Darlene M
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 02 February 2011 - 11:34 PM

Gee... I was all ready to tackled this next list of tasks, but when I reboot in safe mode with networking, I can't get online. All I get is the screen that says "Internet Explorer cannot display the webpage." I did it again and got the same result.

Now, am I supposed to be rebooting into safe mode with networking before I do all the other stuff you mentioned? Or should I be downloading RKill and that SAS in normal mode then switching to safe mode with networking?

So, I'm stumped... for now. Also, I assume when I do the stuff you asked me to do, I should be doing it all one right after another, correct? Meaning I don't do other stuff in between, correct? I just need to know so I can set aside the time.

#15 Darlene M

Darlene M
  • Topic Starter

  • Members
  • 98 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 02 February 2011 - 11:36 PM

After reading my post, I'm not sure I'm being clear. What I tried to do was reboot into safe mode with networking then come back here to use the links you gave me. But, I could not get online. I'm not sure if I should be downloading all the stuff first, then just running those scans and stuff while in safe mode with networking. Sorry if I'm confusing. It's hard for me to make sense when I have no clue what I'm talking about! :wacko:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users