Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with a virus that causes an AntiVirus programme to overreact


  • This topic is locked This topic is locked
4 replies to this topic

#1 nessyjord

nessyjord

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 17 February 2011 - 06:55 AM

I have followed the useful instructions to remove Malware from my system and all went well until I reached the GMER programme. Windows flashed repeatedly "Access Denied."

I am currently running windows on a guest account as this was the only way I could open internet explorer and use my computer constructively.

I have attached the log files to this post,

I have years worth of information stored on this computer and my Hard Drive broke down two weeks ago and I haven't got round to replacing it!

Heeeelp!

Many thanks in advance.Attached File  Attach.txt   10KB   3 downloadsAttached File  DDS.txt   7.03KB   6 downloads

BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:16 PM

Posted 23 February 2011 - 09:22 AM

Hi,

Welcome to Bleeping Computer.

My name is Shannon and I will be working with you to remove the malware that is on your machine.

I apologize for the delay in replying to your post, but this forum is extremely busy.

Please Track this topic - On the top right on this tread, click on the Option button, and, in the drop-down list, click on 'Track this topic'. Under Subscription Information, click on 'Immediate Email Notification' and then click on the Proceed button at the bottom.

Do Not make any changes on your own to the infected computer.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Now, let's look more thoroughly at the infected computer -

We need to see some information about what is happening in your machine. Please perform the following scan:
  • We need to create an OTL Report
  • Please download OTL from here:
  • Main Mirror
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "Use SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them into your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Once you have the above logs, click on the Add Reply button below, copy in the contents of the two OTL logs. Also include any comments that you might have concerning the infection(s) and the infected computer.
Shannon

#3 nessyjord

nessyjord
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 23 February 2011 - 04:49 PM

Shannon,

Thank you very much for your reply.

I assume that running the OTL scan whilst logged in as a guest user is fine providing that the `scan all users' check box was ticked? If not I'll have a go using the infected account, just means that I'll have a few problems opening the necessary programmes!

Many thanks again,

Jordan

Attached Files



#4 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:16 PM

Posted 24 February 2011 - 10:33 AM

Hi-

Sorry for the delay - crisis at work. Try to run OTL using your normal account but run it in safe mode.

This can be done by tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.
Please see here for additional details.

Copy the the output report into your reply instead of attaching it.

Thanks.
Shannon

#5 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:16 PM

Posted 04 March 2011 - 09:14 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
Shannon




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users