Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

can't run rkill or tdsskiller...malware problem


  • Please log in to reply
8 replies to this topic

#1 maggieg

maggieg

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 03 February 2012 - 11:37 AM

Been looking all over for how to solve my problem. Have 3 pcs on a home network. Laptop is the worst with Internet Security 2012 warnings all over it. 1 desktop is S L O W (the one I'm using to post this), and the other one just runs slow normally :)

Laptop won't let me access internet. Downloaded rkill and tdsskiller and sdsetup_revwire to desktop and transferred via flash to laptop. But laptop won't open any of them. Even tried renaming them -- no luck. Then downloaded your "eXplorer" rename, and that appears to "try" to open (small, "dos-like" screen -- don't know what to call it -- tries to flash open several times, sometimes with some text in it, but I can't read it), but I can't tell if it has run or not, and nothing else changes.

pls help!

Edit: Moved topic from Vista to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:38 AM

Posted 03 February 2012 - 12:58 PM

Hello...

Please follow our Removal Guide here Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue .
After reading how the malware is misleading you ...
You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Also the other tool log.. A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 maggieg

maggieg
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 03 February 2012 - 02:32 PM

sorry...just getting back to this. I downloaded fixNCR.reg to a flash, and tried to open it on the laptop, and nothing happens. Should there be some way to tell if the registry changes were made?

thanks

#4 maggieg

maggieg
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 03 February 2012 - 02:40 PM

i've tried "merging" it multiple times, and all I get is a quiet windows "ding"...

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:38 AM

Posted 03 February 2012 - 02:53 PM

That was probably all. It is just a registry adjustment. It worked if the tools run.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 maggieg

maggieg
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 03 February 2012 - 02:54 PM

...but they don't...unfortunately. still can't get either the rkill or the tdsskiller or the eXplorer to open up...

suggestions?

and I still can't run firefox or IE...

Edited by maggieg, 03 February 2012 - 02:54 PM.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:38 AM

Posted 03 February 2012 - 03:00 PM

Try agin from safe mode, How to start Windows in Safe Mode
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 maggieg

maggieg
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 03 February 2012 - 05:22 PM

well, I was in safe mode with networking... but I rebooted in just "safe mode" and things went swimmingly from there on.

Looks like I'm back in business. thanks for your help, and btw, nice 2T4:3 ref :)



Here's the log from MBAM after it finished:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.03.10

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Maggie Garay :: MLGARAY-LAPTOP [administrator]

2/3/2012 3:46:08 PM
mbam-log-2012-02-03 (15-46-08).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 312711
Time elapsed: 1 hour(s), 23 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Maggie Garay\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QLBRDXFZ\load_13[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Maggie Garay\AppData\Local\Temp\B7F8.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Maggie Garay\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:38 AM

Posted 03 February 2012 - 07:41 PM

You're welcome. Yeah,it was that pesky Fakealert.
It's my favorite text. :thumbup2:

Before we mop up .....

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users