Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CANNOT REMOVE ROVNIX.V OR ROVNIX.GEN!C VIRUS, PLEASE HELP


  • This topic is locked This topic is locked
76 replies to this topic

#1 trendyb

trendyb

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 10 January 2014 - 11:36 AM

So I have done everything....I you.tubed...I did the safe mode, regedit , cc cleaner. I still can't remove. I run MSE every chance I get and it still says it finds it but can't remove. wants to me run windows defender offline but wont let me download to my usb. can someone please help?

 


I have pics of the screen when the mse scan is finished.



BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:04 PM

Posted 14 January 2014 - 03:08 PM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 

Please download DDS from either of these links
 
LINK 1
LINK 2
 
and save it to your desktop.

  • Disable any antivirus programs during the scan (If you have difficulty properly disabling your protective programs, refer to this link here )
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:
 
DDS.txt
 
Attach.txt
----------
 

weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

81mYIKe.jpg  AdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:04 PM

Posted 16 January 2014 - 05:56 PM

Still here?


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#4 trendyb

trendyb
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 16 January 2014 - 08:08 PM

yes running now...I will copy and paste results soon.



#5 trendyb

trendyb
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:10:04 PM

Posted 16 January 2014 - 08:40 PM

ok I found a forum last week and did what they told another user that having the same issue as I was to do. I thought I had gotten rid of the virus, but lately the internet explorer will freeze up again. but when I run scans, they show clean. so I did what u requested. here is the logs....

 

 

Attached Files



#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:04 PM

Posted 17 January 2014 - 12:30 PM

ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.
 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.  
  • Please post the C:\ComboFix.txt for further review.

  • WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #7 trendyb

    trendyb
    • Topic Starter

    • Members
    • 52 posts
    • OFFLINE
    •  
    • Local time:10:04 PM

    Posted 17 January 2014 - 12:44 PM

    My only hesitation on the combo fix is that I have used that before and it does something to my acpi kernel mode drive, and my computer then says I have registry issues....

    #8 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:11:04 PM

    Posted 17 January 2014 - 02:11 PM

    Hi,
     
    I know what that is and it is actually not a problem.....do you see something like this...  Illegal operation attempted on a registry key that has been marked for deletion  If that is the case, do not worry....go ahead and run ComboFix.   :)


    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #9 trendyb

    trendyb
    • Topic Starter

    • Members
    • 52 posts
    • OFFLINE
    •  
    • Local time:10:04 PM

    Posted 18 January 2014 - 02:30 PM

    ok before I do one more question. did u see anything in those reports that lead u to believe there is still something on the computer?



    #10 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:11:04 PM

    Posted 18 January 2014 - 04:37 PM

    Well with some of the entries that were found by AdwCleaner, there are almost always leftovers.  Are you going to run ComboFix?   :)


    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #11 trendyb

    trendyb
    • Topic Starter

    • Members
    • 52 posts
    • OFFLINE
    •  
    • Local time:10:04 PM

    Posted 18 January 2014 - 05:35 PM

    Yes ;) I'll do it when i get in tonight

    #12 trendyb

    trendyb
    • Topic Starter

    • Members
    • 52 posts
    • OFFLINE
    •  
    • Local time:10:04 PM

    Posted 18 January 2014 - 10:54 PM

    ok here we go.....tell me what u see

     

     

     

    Attached Files



    #13 trendyb

    trendyb
    • Topic Starter

    • Members
    • 52 posts
    • OFFLINE
    •  
    • Local time:10:04 PM

    Posted 18 January 2014 - 10:57 PM

    ahhh and I have the acpi kernel drive error again



    #14 jeffce

    jeffce

      Bleepin' Super Saiyan


    • Malware Response Team
    • 3,442 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:USA
    • Local time:11:04 PM

    Posted 19 January 2014 - 10:18 AM

    Tell me exactly what the error says....  :)


    WFxJwA4.png
     
    mvp_horizontal_fullcolor-(copy2).jpeg
     


    #15 trendyb

    trendyb
    • Topic Starter

    • Members
    • 52 posts
    • OFFLINE
    •  
    • Local time:10:04 PM

    Posted 19 January 2014 - 11:10 AM

    A little box pops up and at the top of the box it says "JAN2OSD" and inside the box it says "Can't open ACPI kernel Mode Driver". then while typing this the screen froze for a couple of minutes....then these boxes popped up when I clicked on them. I attached below. I turned MSE back on but it won't me turn on defender.






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users