Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

file iexploreexe is infected by w32/blaster.worm


  • This topic is locked This topic is locked
61 replies to this topic

#1 kynsmama

kynsmama

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 20 February 2012 - 10:04 PM

I was browsing the internet on my old desktop. The kids usually use this computer, so no telling what they have done, but when I did a yahoo search, I was redirected. Then a pop-up of some kind came up, I thought I closed it out, but then it closed my IE browser. And has this Internet Security warning. Says it has found 1 useless and unwanted file on your computer. I cannot reopen internet explorer. It seems to open when I click on it, but disappears after just a second. Help. Im sure I need to run a bunch of stuff to get all the viruses and such off this computer If you could talk me thru it, I would greatly appreciate it. Thanks.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:56 PM

Posted 20 February 2012 - 10:17 PM

If you cannot download the tools,use a different browser

Please download exeHelper to your desktop.

http://www.raktor.net/exeHelper/exeHelper.com

Double-click on exeHelper.com to run the fix.

A black window should pop up, press any key to close once the fix is completed.

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Post the clean log


Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Edited by narenxp, 20 February 2012 - 10:17 PM.


#3 kynsmama

kynsmama
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 20 February 2012 - 10:24 PM

I tried starting the computer in safe mode and got the blue screen twice. Now what?

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:56 PM

Posted 21 February 2012 - 12:44 AM

If you can run the tools in regular mode then its ok.

good luck

Edited by narenxp, 21 February 2012 - 12:45 AM.


#5 kynsmama

kynsmama
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 21 February 2012 - 09:49 AM

I tried downloading the tools to a cd then running them on the desktop. I could only get it to come on, if i started it with its last successful start. And when i tried to run the tools, it wouldnt allow me to. Saying the exe file was unable to open.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:56 PM

Posted 21 February 2012 - 11:37 AM

what is your operating system?

Right click and select-RUN as administrator and try to run it

#7 kynsmama

kynsmama
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 21 February 2012 - 01:21 PM

it is windows xp

#8 kynsmama

kynsmama
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 21 February 2012 - 01:27 PM

Just tried to restart computer with last successful start and got the blue screen of death! Ugh Is there anything I can do?

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:56 PM

Posted 21 February 2012 - 01:35 PM

Ok try this

Download and copy the tools to infected PC

http://download.bleepingcomputer.com/reg/FixNCR.reg

http://www.bleepingcomputer.com/download/anti-virus/rkill


Launch the FIXNCR.reg ,click YES to import it

Launch RKILL now,if you cannot run it


Right click on malwarebytes

Select -Run as

Uncheck ''protect my computer from unauthorized program activity''

See if you can install malwarebytes now

#10 kynsmama

kynsmama
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 21 February 2012 - 04:05 PM

I cant get the computer to come on in either regular or safe mode I keep getting the blue screen. Is there anything I can do?

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:56 PM

Posted 21 February 2012 - 04:56 PM

Ok,let me ask someone to help you

#12 hamluis

hamluis

    Moderator


  • Moderator
  • 55,896 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:56 PM

Posted 21 February 2012 - 05:05 PM

Added to Unbootables List, someone will be assisting you shortly.

Louis

#13 kynsmama

kynsmama
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 21 February 2012 - 06:25 PM

thanks

#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:56 PM

Posted 21 February 2012 - 08:17 PM

:welcome:

We will need to view the system status from an external environment. You will need a USB drive and a CD to burn. There will be several steps to follow.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download driver.sh by noahdfear to your USB drive
  • Also Download Query.exe by noahdfear to the USB drive. In your working computer, navigate to the USB drive and click on the Query.exe. A folder and a file, query.sh, will be extracted.
  • Once this process is completed, download Dumpit by noahdfear to the USB drive.
  • Remove the USB & CD and insert them in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • In some computers you need to tap F12 and choose to boot from the CD, in others is the Esc key. Please consult your computer's documentation.
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Then type bash driver.sh -af
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

    Winlogon.exe

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    volsnap.sys

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    explorer.exe

  • Press Enter
  • After it has completed the search enter the next file to be searched
  • Type the following:

    Userinit.exe

  • Press Enter
  • After the search is completed type Exit and press Enter.
  • After it has finished a report will be located in the USB drive as filefind.txt
  • While still in the Open Terminal, type bash query.sh
  • Press Enter
  • After it has finished a report will be located in the USB drive as RegReport.txt
  • Confirm that you see the file dumpit in your USB drive and double click on it.
  • After it has finished a report will be located in your USB drive named mbr.zip
  • Plug the USB back into the clean computer post the contents of the report.txt, filefind.txt and RegReport.txt in your next reply. The mbr.zip file must be attached to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:56 PM

Posted 21 February 2012 - 08:28 PM

Hello, just letting you know I moved this topic to Here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.

Please remember to click the Watch Topic button at the top right and select Immediate Notification so you do not miss any replies now that you were moved.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users