Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Security Pro


  • Please log in to reply
21 replies to this topic

#1 xxgraywolf

xxgraywolf

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Valley,Utah
  • Local time:10:41 PM

Posted 03 November 2013 - 09:26 PM

I posted at another forum under title,can I be helped iv'e been turned over by a virus,and thankfully,boopme,was kind enought to respond and direct me to this forum,If I can be helped i SINCERELY have no problem waiting until its my turn however long that it may take I know I cant be the only person out there lacking in computer prouse. My computer is a dell tower I guess old by todays standards ,but what the heck so am I. iT HAS a PENTIUM 4 prossessor and is or was running a Windows XP Proffesional operating system Which until now seemed fine for my meger needs. As i indicated in the title I am infected with the Security Pro Virus. I did'nt sign up for there bogus program I guess for awhile I was better at recognizing threats.. Ive tryed booting into safe mode,no luck I tryed my reinstallation disk for a repair,no luck It lets me get to my home page but I cannot do anything Like download and run R- kill or any thing else I( assume So I'm left with the hope that the bleeping community can assist me.If you need additional info. from me for when you can proceed please let me know  and again I would especially like to THANK boopme for your responce.Oh also I hope I am useing the forums correctly and not incorrectly in not please straighten me out OK, until You can get to me im out xxgraywolf.


xxgraywolf

BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:09:41 PM

Posted 03 November 2013 - 10:54 PM

xxgraywolf,

:welcome: to BC Forums!

Let's try the following:

Turn on your PC, or restart it.

Tap the F8 key to enter the Windows Advanced Options Menu.

Using the arrow keys on your keyboard, highlight the Windows XP Safe Mode with Command Prompt option and press Enter.

Windows may need to know which operating system installation you want to select.
Using your arrow keys, highlight the correct operating system (XP) and press Enter.
Note: if you don't see this menu. Just move on to the next step.

To enter Safe Mode with Command Prompt, you must log on with an Administrator account or an account that has administrator permissions.
If you are not sure if your account has administrator privileges, select the Administrator account.

At the Command Prompt, type C:\windows\system32\restore\rstrui.exe and press Enter.

At the System Restore window, follow all the steps to restore your computer to an earlier time and date before the infection.

Post back on whether you were able to restore, and we will proceed from there.

Old duck...


#3 xxgraywolf

xxgraywolf
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Valley,Utah
  • Local time:10:41 PM

Posted 08 November 2013 - 05:54 PM

Thank you Aaflac for being kind enough to respond to my post. I apoligize for the delay in responce but I could,nt find my post ,additionally I fully exzpected as described in the forum, that It would take at least a week to get a responce. Anywho I cannot boot into safe mode so I went to the command prompt and followed your direction but when The computer rebooted and the restore window appeared it stated that it could,nt be restored and that no changes were made so I tryed a couple more times to no avail. the earliest date I could use was Oct.20,2013 if that is of any help I would have went back further but could not. If you need additional info on the system I will try and get that to you. I cannot get on the net due to the virus or load any kind of help software as though I would know the right one anyway, with my limited ability around computers, I,m trying. But I date back to an earlier time, in the tech. revolution.
xxgraywolf

#4 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:09:41 PM

Posted 08 November 2013 - 11:47 PM

Let's try the following...
 
Step :step1:Note: You need to run the version of FRST compatible with your system. Your XP system should be 32-bit (if your system can't run the 32 bit version, then please stop and try the 64-bit version. Only one version will run on your system. The one that runs will be your version).
 
Step :step2:
  • Plug the pen drive into the infected PC.
  • Boot the infected machine into Windows, and use the Command Prompt as you did before.
Step :step3:
  • At the Command Prompt window, type in notepad, and press Enter
  • Notepad opens. Under the File menu select: Open.
  • Select My Computer and find your pen drive letter, make note of it, and close Notepad.
  • At the Command Prompt window type x:\frst (or, for x64 bit version type e:\frst64) and press: Enter
    Note: Replace letter x with the drive letter of your pen drive!!
  • The tool starts to run.
  • At the program console, press  the Scan button. The scan may tke a few minutes...
  • When done, a report named FRST.txt is created on the pen drive.
  • Remove the pen drive using the Safely Remove Hardware icon on the bottom right of the tray.
  • Shutdown the computer using the following at the Command Prompt: shutdown -s -t 10
Place the pendrive in the clean computer, and pease provide the FRST.txt in your reply.

Edited by Aaflac, 09 November 2013 - 01:31 AM.

Old duck...


#5 xxgraywolf

xxgraywolf
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Valley,Utah
  • Local time:10:41 PM

Posted 12 November 2013 - 11:45 PM

I,m sorry Aaflac but I have no idea what a pen drive is It will prabably make you crazy having to try and help such an inept computer user. Some times I need help to get to the help as is in this situation I hope  you will still consider giving it a go for me If Nothing else I should represent a challange to a person such as yourself ,who knows the ins and everything outs of these machines. I,ll close for now and try and find out what a pen drive is and where to get one if I can,depending on cost ,I guess.. As before THANK YOU for your help


xxgraywolf

#6 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:09:41 PM

Posted 13 November 2013 - 12:25 AM

You will be a 'pro' when you get done here!!

This is what a pen drive looks like:

http://www.bestbuy.com/site/sandisk-cruzer-8gb-usb-2-0-flash-drive-black/9226777.p?id=1218062421405&skuId=9226777&ref=06&loc=01&ci_src=14110944&ci_sku=9226777&extensionType={adtype}:{network}&s_kwcid=PTC!pla!{keyword}!{matchtype}!{adwords_producttargetid}!{network}!{ifmobile:M}!{creative}&kpid=9226777&k_clickid=341e4ead-127a-9ba8-8a66-000079182b15

The one shown is 8 Gigabytes. You could even use a 2 Gigabyte, if cheaper.

They are also called flash drives.

Edited by Aaflac, 13 November 2013 - 12:26 AM.

Old duck...


#7 xxgraywolf

xxgraywolf
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Valley,Utah
  • Local time:10:41 PM

Posted 13 November 2013 - 10:53 PM

Once again I,m sorry, but I do.nt know what FRSTtex is.

As soon as I can Most likely tomarrow I will try and get the Pen drive And then I will follow your above mentioned directions if I can following which I will report back to you on the results.

     As always THANK YOU Aaflac for hanging in there with me, most anyone, prabably would have given up,But really I do appreciate your help.

     I,ll report back as soon as I have anything to report if thats Ok

                                                                      on the fly bye xx graywolf


xxgraywolf

#8 xxgraywolf

xxgraywolf
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Valley,Utah
  • Local time:10:41 PM

Posted 16 November 2013 - 11:51 PM

Hello Aaflac: Well I got a flash drive and loaded the farbar onto it and tryed to run it on the infected comp. as directed,however on the clean comp. it was drive E and on the infected one it was drive F does that make a difference, because it would,nt give me a window to run scan. Also I could,nt shut the comp. down useing the command s-t-10 does this info help you at all I hope so ,and also I hope I followed your inst. correctly I will await your reply as always THANK YOU for the time you,ve spent with me  thank you somehow seems not near enough for your help.


xxgraywolf

#9 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:09:41 PM

Posted 17 November 2013 - 01:15 PM

...on the clean comp. it was drive E and on the infected one it was drive F does that make a difference...

When you type x:\frst, you need to replace the letter x with the drive letter of the flash drive in the infected computer.
 

...could,nt shut the comp. down using the command s-t-10

The command to shutdown is: shutdown -s -t 10
Make sure you have a space in between the following, otherwise it will not work:
shutdown -s
-s -t
-t 10

Try it again, you can do it.
Also, you may want to make a copy of the instructions to run FRST, and they might be easier to follow.

Old duck...


#10 xxgraywolf

xxgraywolf
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Valley,Utah
  • Local time:10:41 PM

Posted 18 November 2013 - 03:43 AM

Hello again Aaflac

     I tryed several times to run the software in the infected comp' to no avail when i run it on the clean comp. everything works just as you described. Also when I plug into the infected comp. the indicator light on the pen drive lights up momentarily then goes out as opposed to the clean comp.until the icon says its safe to remove it.

     S0oo what do you think i should do now Shoot myself or maybe the comp virus starter, mediforically of course, I need to keep my humor in order to salvage my sanity.

     I THANK YOU and will await your responce  xx graywolf out


xxgraywolf

#11 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:09:41 PM

Posted 18 November 2013 - 02:15 PM

Humor is always good...lots better than getting mad.

 

Need to ask you a couple of questions...

 

1. How are you getting to the Command Prompt, thru Start > Programs > Accessories > Command Prompt, or some other way?

 

2. Plug in the USB drive, and wait 2 or 3 minutes, then, can you go to Start > Computer, and double-click Computer, and see if the USB drive is there?

 

If it is there, can you right-click, select Open?

 

If the USB drive opens, do you see FRST?

 

If you do, double-click it to run the program.

 

 

Post back on whatever happens.

 

There are other options and programs, however, I am trying to keep this as simple as possible.

 

Just hang in there and put the gun away...better yet, throw all the bullets away!!

 

Got a hammer, instead?    :smash:


Edited by Aaflac, 18 November 2013 - 02:17 PM.

Old duck...


#12 xxgraywolf

xxgraywolf
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Valley,Utah
  • Local time:10:41 PM

Posted 19 November 2013 - 03:01 AM

Your right Aaflac. the hammer worked fine on my toes.

     I did as you suggested I got into the flash drive ,and to the FRSTprogram but could not open it to run the scan.

What can I try now my instructor of knowledge of these machines .THANK YOU Aaflac I promise not to bash the thing

if I can continue to solicit your knowledge and help OK.

    As ever I await your response.,but only when it is convient for you. I beleive your time is far more busy than mine.

                                                                                            as always your student xx graywolf

P.S.I sure appreciate your keeping things as much as possible in Lay terms until my bone head begins responding to glossary and common comp. language.sooner than later I hope.


xxgraywolf

#13 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:09:41 PM

Posted 21 November 2013 - 11:55 AM

You have a tough one here.

Doesn't look as if we will be doing this the easy way.

 

Do you have a CD Burner on a good computer?


Old duck...


#14 xxgraywolf

xxgraywolf
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Valley,Utah
  • Local time:10:41 PM

Posted 21 November 2013 - 10:07 PM

No! the cd burner is on the infected computer.

     Aaflac is there anyway we could set up a remote access to the computer,or does that open a dangerous can of worms!

What about doing some kind of clean install ,a young man at best buy suggested that I could go to add and remove programs in the control panel and just delete everything,If so would I be able to reinstall everything to include all Items needed to get up and running?

      I listen to people ,but rest assured I have not and will not attempt anything while I,m in your care, without your approval and direction.

      If It would be benifical to you in assisting me I, would be happy to provide you my Phone #, what ever works best for you is fine with me

                                                                                        until next xx graywolf  gone


xxgraywolf

#15 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:09:41 PM

Posted 22 November 2013 - 12:09 PM

Only provide assistance here, at these forums.

 

If you are interested in doing a fresh install, that is fine. The appropriate forum is (XP):

Link > http://www.bleepingcomputer.com/forums/f/56/windows-xp-home-and-professional/

 

Otherwise, take a look at the instructions below, and then, decide.

 

 

Let's try the following...

 

Please use a USB flash drive for this:

 

On a clean computer download Kaspersky WindowsUnlocker
Link > http://rescuedisk.kaspersky-labs.com/rescuedisk/updatable/kav_rescue_10.iso
Save to the Desktop.

 

Next, download the Kaspersky USB Rescue Disk Maker

Link > http://rescuedisk.kaspersky-labs.com/rescuedisk/updatable/rescue2usb.exe
Save to the Desktop.

 

Double click: rescue2usb.exe
Select Run, and then Install

 

On the Kaspersky USB Rescue Disk Maker window, click Browse
Click Desktop on the left
Double click the kav_rescue_10.iso downloaded earlier.

Select your USB device from the drop menu (if not already listed)
Click: START

krd10_4154_2_en.gif

Wait until the process is completed...
Click: OK

Remove the USB device from the clean computer.

 

Now, with the problem computer shut down, plug the USB flash drive into a USB port, and turn on the power.

When the computer starts, press the key that brings up the Boot Menu. (On some machines it is F12, F10, or F2)

From there, change the boot order, and select to boot from the USB drive.
Info > http://pcsupport.about.com/od/fixtheproblem/ss/bootorderchange.htm
Once you select the USB flash drive to boot from, press: Enter

 

When the Kaspersky Rescue Disk screen appears press any key within 10 seconds
krd_4470_2_en.png

For language, select: English  (highlighted by default), and press: Enter
Press 1 to accept the agreement.

 

Press Enter to select the Kaspersky Rescue Disk Graphic Mode (highlighted by default).

Once the program loads, close all windows.

Click the krd_8005_03_1_en.png button in the bottom left hand corner of the screen
Select: Terminal

 

At the Command Prompt copy/paste (with mouse): windowsunlocker 
Press: Enter
krd_8004_01_en-1.png

 

On the root: windowsunlocker screen press 1 (Unlock Windows) and press: Enter
krd_8005_05_en.png

 

The program cleans the Registry and displays the results in the window
krd_8005_06_en.png

 

Press 2 (Save boot sector copies) and press: Enter
krd_8005_07_en.png

 

Next, type 0 and then press: Enter
If the window does not close type Exit and press: Enter

 

On the Desktop double-click: File ManagerClick on Custom Path located just above the C: folder
Double-click the Var folder
Double-click the kl folder
Make sure the WUnlocker 1.0 file is present
krd_8004_04_en.png
Close the window.

 

Click the krd_8005_03_1_en.png button in the bottom left hand corner of the screen

Start the Kaspersky Rescue Disk utility
Click on My Update Center tab and press Start to download the latest update.

Next, select the Object Scan tab
Place a check next to C:\ and any other local drives
Then click: Start Objects Scan

Quarantine any malware found...

 

Click the krd_8005_03_1_en.png button in the bottom left hand corner of the screen
Select Shutdown then click Yes

 

Remove the USB device and attempt to boot your computer normally.

 

>> Please post back on whether the computer booted successfully.


Edited by Aaflac, 23 November 2013 - 11:59 AM.

Old duck...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users