Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got a virus, don't know which


  • This topic is locked This topic is locked
4 replies to this topic

#1 marknamy

marknamy

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Charleston, SC - USA
  • Local time:04:30 PM

Posted 26 January 2013 - 10:38 PM

Trying to clear backlog of emails in a hurry and wasn't careful. I now have a solid white screen and no response when trying to opening task manager. Tried to F8 and do restore point and won't work. Tried safe modes and system just shuts down and restarts. Virus has already tagged all of my contacts so I've since deleted all contacts from another computer and am keeping the infected unit off-line. I can see my desktop for a brief second while the computer is actually shutting down so I know its working. Tried following along with a posting titles "This damn FBI $200 virus...Please help" posted by cy31 on 24 Aug, 2012. I followed along and have attached the FRST notepad file. Really wish I could try to troubleshoot more myself, but have no clue as to where to start since I don't know the virus/malware name.Attached File  FRST.txt   28.45KB   1 downloadsAttached File  FRST.txt   28.45KB   1 downloads

Hopefully most of the operating system, anti-virus used, etc... answered in the log below.

I'm new to this forum and really appreciate the availability. I've participated in some VW forums along the way and have provided and received a lot of advice there. These community forums have to go down as one of the greatest resources ever developed.

I'm not completely a computer NOOB, but would much rather develop a chip's doping requirements than add the 1's and 0's to it later. Just never been a software guy. Thanks again for any assistance.

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:30 PM

Posted 26 January 2013 - 11:50 PM

Hello
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.



Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

HKU\Mark\...\Winlogon: [Shell] explorer.exe,C:\Users\Mark\AppData\Roaming\skype.dat [46592 2011-11-16] ()
HKLM\...\RunOnce: [*Restore] C:\windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\PFW: 
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
C:\Users\Mark\AppData\Roaming\skype.dat
C:\Users\Mark\AppData\Roaming\skype.ini

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.



Is it booting ok now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:30 PM

Posted 29 January 2013 - 03:46 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 1-2 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 marknamy

marknamy
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Charleston, SC - USA
  • Local time:04:30 PM

Posted 29 January 2013 - 09:24 PM

With a little perseverance, I was able to take care of this little problem. Definitely a virus, was able to finally coax machine to do a restore point and recover by running several versions of anti-virus (McAffe didn't pick it up). Thank you for your attention to this, much appreciated.
Mark

#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:30 PM

Posted 29 January 2013 - 11:15 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users