Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista Total Security 2011


  • This topic is locked This topic is locked
16 replies to this topic

#1 SmokingHoney

SmokingHoney

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:London
  • Local time:06:34 PM

Posted 04 June 2011 - 01:11 AM

Hi

Hopefully I am sending all the info you need this time because I really really need some help... I'm goin a bit :crazy:

I am now posting from my infected PC. The problem is something called Vista Total Security 2011.

It wont let me do a system restore, edit my user account info, install windows security updates or install anything...

I have followed the helpful instructions you posted on this page: http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011


I downloaded http://download.bleepingcomputer.com/reg/FixNCR.reg on a clean pc like you said, but when I tried to install it on this pc i get an error message stopping me from doing so.

Same thing with DDS logs and the GMER log



I am uploading the screenshots to show you what message I'm getting.


Pleeeeeeeeeeze help!

Thankyooooooooooooooooou x

Attached File  pic1.h1.jpg   71.4KB   4 downloads

Attached File  pic2.h2.jpg   63.72KB   4 downloads

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:34 PM

Posted 11 June 2011 - 07:35 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 SmokingHoney

SmokingHoney
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:London
  • Local time:06:34 PM

Posted 13 June 2011 - 11:32 AM

Woo Hoo!

Thanx soooooooooooo much for gettin back to me, your a star!

Just wanna add another issue to the, um, issue...

My windows movie maker program has disappeared - along with ALL my projects!!!!!!!!!!!!!

sendin screenshot about When I try to open it...

Hope to hear from u soon - not sure what happens next???

Attached Files



#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:34 PM

Posted 13 June 2011 - 06:12 PM

When the fix fails it usually means there's other unplanned malware on the machine blocking the support.

Can you run Unhide and see if that finds the missing programs

http://download.bleepingcomputer.com/grinler/beta/unhide.exe


Next, let's try and break down its defence against installing the help you need.

Download and Run RKill

Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • Please post the resulting log in your next reply.


Next run Combofix. If we've dealt with the block this will run. If not, post back and let me know

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#5 SmokingHoney

SmokingHoney
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:London
  • Local time:06:34 PM

Posted 13 June 2011 - 07:21 PM

Hiya

Its not that the fix didn't work, but because I cant install anything that i download I can't find out if it works...


Tried to use the links you sent but got the same errors - am sending screenshots again xxx

Attached Files



#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:34 PM

Posted 13 June 2011 - 07:28 PM

Have you got access to another computer and a flashdrive? If yes...

Download Combofix onto the clean machine and transfer it onto the flashdrive.

Now boot the machine into safe mode

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.
Please see here for additional details.

Now attempt to run Combofix from there.


Let me know if you don't have an alternative machine to use.
Posted Image
m0le is a proud member of UNITE

#7 SmokingHoney

SmokingHoney
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:London
  • Local time:06:34 PM

Posted 17 June 2011 - 04:05 AM

Hello again, and thanx for the reply...

I'm just letting you know I've been busy with work thats why I havn't got back to you yet, i hope you don't think I'm taking to long as i really appreciate the help.....

And, i have a friend coming over tonight :gathering: to help me follow your instructions so I will do what you said & get straight back to you...

Chat soon! xxx :kiss:

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:34 PM

Posted 17 June 2011 - 01:10 PM

I was wondering where you'd got to. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#9 SmokingHoney

SmokingHoney
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:London
  • Local time:06:34 PM

Posted 19 June 2011 - 12:41 AM

Hey

So me and my mate did exactly what you said, used a flash to run combofix and everytime it starts scanning the disk it goes into blue screen of death.

my friend also ran a windows scan disk on the system disk what took 4 hours and then tried running combofix in safe mode again and we get the same problem.

any more ideas......?

thanx xxx

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:34 PM

Posted 19 June 2011 - 05:41 AM

any more ideas......?


Oh yes, got plenty more.


Did you get a recovery disk with the machine?
Posted Image
m0le is a proud member of UNITE

#11 SmokingHoney

SmokingHoney
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:London
  • Local time:06:34 PM

Posted 20 June 2011 - 12:50 AM

nope...

only a microsoft works disk

and books 'guide to vista' and 'troubleshooting and recovery manual'

#12 SmokingHoney

SmokingHoney
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:London
  • Local time:06:34 PM

Posted 20 June 2011 - 01:02 AM

the 'manual' says to re-install your pc with a destructive recovery or non-destructive rec to put pc back to factory default settings...

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:34 PM

Posted 20 June 2011 - 02:04 PM

You have the choice then.

We can keep trying to boot the machine and save it

OR

You can backup all the files on the machine and then use the non-destructive or destructive option.


I will warn you that the first option could get more complicated than we have been so far.
Posted Image
m0le is a proud member of UNITE

#14 SmokingHoney

SmokingHoney
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:London
  • Local time:06:34 PM

Posted 22 June 2011 - 10:00 AM

Is there no option for getting rid of the virus? xxx

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:34 PM

Posted 22 June 2011 - 06:49 PM

A destructive or non-destructive recovery will remove the virus. The difference is whether you want to keep your files or not. This is the easier option.

The alternative way would be to boot the computer using an alternative operating system and then try to diagnose the problem from there.

I would recommend you try running the non-destructive recovery now. This will reinstall the operating system and take (almost) every infection with it and allow the machine to boot again and we can then check for malware.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users