Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CF wont run


  • This topic is locked This topic is locked
16 replies to this topic

#1 mltor0806

mltor0806

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 29 March 2012 - 08:00 PM

Good evening all you amazingly patient, knowledeable and thorough folk who help us terrified panicky people infected with malware =)

My PC has been infected. I ran MalwareBytes as well as SuperAntiSpyware and they both cleaned up some infection (SAS just cleaned up cookies)

PC still wont boot in normal mode, just hangs with spinning wheel cursor pointer.

Downloaded and ran ComboFix. Downloaded it to the d'top and named it to 1.exe. It began running and 8 hours later has not progressed. I tried re-running it and same thing. I am at a loss.

I would prefer to try and rescue rather than wipe.

PLEASE HELP....again!

BC AdBot (Login to Remove)

 


#2 mltor0806

mltor0806
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 29 March 2012 - 08:04 PM

Oh also whatever this is hid all my files, I have already run unhide.exe

#3 mltor0806

mltor0806
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 29 March 2012 - 08:07 PM

OHHH and.....when it first happened it cleared my desktop and I only had an icon for a shortcut to System Check...or something similiarly named.

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:44 AM

Posted 29 March 2012 - 08:10 PM

Please follow the instructions in ==>Malware Removal and Log Section Preparation Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

Most importantly please be patient till you get a reply to your topic. If you receive a reply from the HelpBot, then please follow the instructions outlined in the helpbot's post.

#5 mltor0806

mltor0806
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 29 March 2012 - 09:30 PM

Followed the guideline, was able to log on to safe mode with networking ( always have been able to ), was able download all applications listed in the prep guide.

I ran DeFogger succesfully

I could NOT run dds.scr. I began the app at 9:50 and at 10 pm everything froze up. I left it and at 10:19 I checked in again and the time on the pc was still showing 10 pm....EUREKA, i have learned to stop time ;)

Downloaded and launched GMER, but the only options are Service, Registyr, Files....nothing else. I presume it is because I am in safe mode with networking?

What shall I do?

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:44 AM

Posted 29 March 2012 - 09:59 PM

can you try regular mode?

#7 mltor0806

mltor0806
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 29 March 2012 - 10:04 PM

I was able to boot to normal. Began running the dds and a window, whar seemed to be an internet explorer window, popped up about refinancing and asked if I wanted to leave the page or stay on the page.

A couple minutes later pc was unresponsive.

I left the pop up window alone.

#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:44 AM

Posted 29 March 2012 - 10:43 PM

Please try running Rkill.

#9 mltor0806

mltor0806
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 30 March 2012 - 07:19 AM

ok so ran RKill and oddly it didnt stop anything.

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03/30/2012 at 8:15:02.
Operating System: Windows 7 Professional


Processes terminated by Rkill or while it was running:



Rkill completed on 03/30/2012 at 8:16:18.



Starting the process over again.

#10 mltor0806

mltor0806
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 30 March 2012 - 11:16 AM

same result.

Ran DeFogger fine.

Ran RKill...showed nothing.

Tried to run DDS, after 15 minutes completely locks up the PC.

While running DDS popup internet windows kept appearing. One of the telling me to add a twitter account and another about Financing.

If I go to Google and click a link from a search it redirects me, whereas if I type int he URL there is no problem.

#11 mltor0806

mltor0806
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 30 March 2012 - 11:30 AM

Update

I booted to safe mode with networking and downloaded the symantec tool to remove the google redirector.


Upon reboot it told me an MBR infection had been found. I repaired it and booted VERY quickly to normal.

I was able to run DDS now. and will continue with the process.

#12 mltor0806

mltor0806
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 30 March 2012 - 11:32 AM

working on the list and will post to http://www.bleepingcomputer.com/forums/index.php?app=forums&module=post&section=post&do=new_post&f=22

#13 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:44 AM

Posted 30 March 2012 - 12:10 PM

Include the symantec results too.

#14 mltor0806

mltor0806
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 30 March 2012 - 03:01 PM

ok new post updated ... can close this one.

#15 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:44 AM

Posted 30 March 2012 - 03:04 PM

what is the link?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users