Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware disabled my kaspersky internet security


  • This topic is locked This topic is locked
13 replies to this topic

#1 akhiljena

akhiljena

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 18 June 2013 - 12:56 PM

Malware disabled my kaspersky internet security
Also it has disabled the safemode and i m not able to clear the malware with hirens boot cd. 
will kaspersky rescue disk help?
the malware is not allowing me to even open kaspersky website or download the .iso image of the rescue disk.

i have the combofix and hijack this log files. please help me.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 2, 32 bit
Processor: Intel Pentium II processor, x86 Family 6 Model 37 Stepping 5
Processor Count: 4
RAM: 2484 Mb
Graphics Card: Intel® HD Graphics, 256 Mb
Hard Drives: C: Total - 39997 MB, Free - 30414 MB; D: Total - 80003 MB, Free - 24944 MB; E: Total - 80003 MB, Free - 28846 MB; F: Total - 105230 MB, Free - 26758 MB;
Motherboard: LENOVO, 0585C66
Antivirus: None

Please help me. Please


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:49 AM

Posted 22 June 2013 - 10:15 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 akhiljena

akhiljena
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 24 June 2013 - 05:26 AM

thank you...

 

ADW---

 

 

# AdwCleaner v2.303 - Logfile created 06/20/2013 at 23:15:31
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Administrator - NIST
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\adwcleaner.exe
# Option [Search]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\PackageAware
Folder Found : C:\Documents and Settings\All Users\Application Data\~0
Folder Found : C:\Documents and Settings\All Users\Application Data\Speedbit
 
***** [Registry] *****
 
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\SpeedBit
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\SpeedBit
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v7.0.5730.13
 
[OK] Registry is clean.
 
-\\ Google Chrome v10.0.612.1
 
File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [1279 octets] - [20/06/2013 22:57:06]
AdwCleaner[R2].txt - [1398 octets] - [20/06/2013 22:58:52]
AdwCleaner[R3].txt - [1270 octets] - [20/06/2013 23:15:31]
AdwCleaner[S1].txt - [369 octets] - [20/06/2013 22:57:35]
 
########## EOF - C:\AdwCleaner[R3].txt - [1389 octets] ##########
 

 

 

JRT----

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Administrator on Mon 06/24/2013 at 15:41:18.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/24/2013 at 15:49:20.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

AND THE VIRUS IS NOT ALOWING ME TO VISIT THE KASPERSKY SITES

AND I AM NOT EVEN ABLE TO DOWNLOAD THE SECURITY CHECK SOFTWARE... 

 

THANK YOU



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:49 AM

Posted 24 June 2013 - 08:29 AM

How about this one.

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+


#5 akhiljena

akhiljena
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 25 June 2013 - 11:46 AM

thank you...

 

i tried to remove the malware with Kaspersky rescue disk 10. But after the disinfection my computer failed to reboot. 

The logon screen of Windows XP comes and then a blue screen comes and the computer reboots. Like it has entered a reboot loop.

Please help me as i am not able to boot the system.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:49 AM

Posted 25 June 2013 - 12:57 PM

I will report your problem to the experts.

Someone will take care of you.

Stay with us.

#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 AM

Posted 25 June 2013 - 02:59 PM

Hi,

 

Do you have a blank USB flash drive we can use?  Does the blue screen stay up there long enough for you to read the error name and code?  (E.g. 0x0000007B)?

 

-etavares



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 akhiljena

akhiljena
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 26 June 2013 - 11:40 AM

hello,

 

yes I have a blank usb...

The blue screen doesnt stay long. i tried to take a pic of it. it has the errors----

0x0000007B(0xB9CCF524, 0xC0000034, 0x00000000, 0x00000000)



#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:49 AM

Posted 26 June 2013 - 07:10 PM

Hello, akhiljena.
Try this please.  You will need a USB drive.
 
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert back in your working computer and navigate to report.txt
  •  
    Please note - all text entries are case sensitive
     
    Copy and paste the report.txt for my review
     
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #10 akhiljena

    akhiljena
    • Topic Starter

    • Members
    • 10 posts
    • OFFLINE
    •  
    • Local time:04:19 PM

    Posted 26 June 2013 - 10:44 PM

    Hello etavares,

     

    After I select English from the welcome screen of xPUD, the screen goes blank and stays like that...:(

     

    thanx in advance..



    #11 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:06:49 AM

    Posted 28 June 2013 - 05:15 AM

    How long did you leave it to try?  On one of my computers it takes 10 minutes to boot, on the other it takes 1 minute.

     

    -etavares



    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #12 akhiljena

    akhiljena
    • Topic Starter

    • Members
    • 10 posts
    • OFFLINE
    •  
    • Local time:04:19 PM

    Posted 30 June 2013 - 01:27 AM

     hello etavares,

     

    i left it for over half an hour. nothing happens. 

     

    took the laptop to a solution center which installed windows 8.

     

    Thank you very much for all your support and patience. :)



    #13 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:06:49 AM

    Posted 30 June 2013 - 06:19 AM

    OK, thanks for the update.  Glad to hear it's back up and running.  Hope you get used to windows 8 quickly.  :)



    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #14 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:06:49 AM

    Posted 30 June 2013 - 06:19 AM

    It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users