Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Norton Internet Security flagged Trojan.Viknok!inf - System Infected


  • This topic is locked This topic is locked
3 replies to this topic

#1 compuser89

compuser89

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 19 April 2014 - 11:02 PM

Hello  BleepingComputer.Com

 

Today Norton Internet Security flagged the Trojan.Viknok!inf on my machine.  It indicated that I need to do a manual removal.    I executed a System Restore Point in Windows (not in Safe Mode) without rebooting.  All Programs -->Accessories-->System Tools-->System Restore

I back dated the restore point a few days to April 16, 6:59:21am.

I then rebooted.  I rebooted normaily and did not reboot in Safe Mode.

In the back of my mind I was thinking that I should have rebooted first in Safe Mode w/Networking and then attempted a restore point.  But I did not.

 

It took awhile to reboot.  Initally there was nothing on the desktop, no icons.  It took a minute or two to reboot.  Eventually the icons returned but there were a lot of things missing in the System Tray on the far right.  Most notably was a missing Norton internet Security Icon along with most everything else.    The system will open a Browser (Firefox 11) and some other executables like Notepad and PSPad Editor.  I have not tried anything deeper than that.  

 

At this point I did additional searches online and found a thread started by a gentleman earlier today with the exact same problem as me here: http://www.bleepingcomputer.com/forums/t/531695/trojanviknokinf-detected-please-help-me-remove/

 

I went through the exact steps described by B-boy/StyLe on post #2.

I have the three files described in his post: 

1. FRST.txt  

2. Addition.txt

3. Search.txt

The information anchoring his post says that his assistance in the thread link above is for that gentleman's computer system, so I decided to start a fresh topic here regarding my matter even though it is identical.

After registering for the forum, I saw the requirements to download DDS.  I have now done that too.  And I've created the two files mentioned when starting

 

Other than running FRST.exe and dds.com in that order, I have done nothing else to my system.  No reboots, no edits to anything.   I am computer literate.  Very.  But, I will not proceed until I hear further.   

 

Here are a couple of technical notes that may be helpful.  I cannot cut and paste files over my network, so the only way I could save the required .txt files above was to open them in PSPad and save them over the Network from my deskop computer (the infected machine) to my notebook.     I am posting to this forum from my notebook.  Not my desktop.    Additionally rpcss.dll is intact in the correct location here c:/windows/system32/rpcss.dll   The file date is 4/20/2009 1:18pm ,file size 392KB.  So it appears that it has not been overwritten like some trojans do.  I will say that when I rebooted the machine on the first attempt after infection, it too some time reading rpcss.dll.  Usually the system reads this file on boot very quickly, probably less than a second.

 

On a separate note, I have a second desktop that is built very similar to my infected machine.  It has minimal software installed, but it has an identical Operating System and specifications.  It is partitioned differently, but it is very similar to my infected machine.  I run my OS on C:/  and save most of my data to E:/ , F:/  & G:/  

I cannot do backups at the moment with dragging and dropping, or cutting and pasting.  I have a lot of data and don't want to loose it.  I can possible slave a drive if needed, but will wait for further input before doing that.   

My OS is Win XP Service Pack 3.  

 

Again, although I am technical, I have not done anything to the computer and will await further response from someone in this forum.    

Attached are various files.  DDS & FRST text files.  I will cut and past the DDS information like the instructions indicate.   You will note that FRST.exe was running in the background when I ran DDS.com.  You will see this in the log files.  I do believe I also had SuperAntySpyware running in the background too. 

 

Thanks for any help you can provide and I hope the information I have provided is helpful and I'm not two steps ahead of you and have annoyed you by doing this.  But, the gentleman's problem in the other thread is identical to mine, so I decided to do the same steps described in that thread.  I will wait further input here to proceed and will ignore that thread unless I'm intructed to do otherwise. 

 

Cheers.

 

**************************

 

Attachments: 

1. dds.txt

2. attach.txt

3. FRST.txt

4. Addition.txt

5. Search.txt

 

**************************

dds.txt

**************************

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Owner at 21:51:37 on 2014-04-19
.
============== Running Processes ================
.
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\SimracewayUpdater\SRWUpdate.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\vtigercrm-5.2.1\apache\bin\Apache.exe
C:\Program Files\vtigercrm-5.2.1\mysql\bin\mysqld-nt.exe
C:\Program Files\vtigercrm-5.2.1\apache\bin\Apache.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\WDC\SetIcon.exe
C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SUPERAntiSpyware\2c86ba2d-3d0a-411c-a277-711d990b18e7.com
C:\Program Files\Norton Internet Security\Engine\19.9.1.14\symerr.exe
C:\Program Files\Norton Internet Security\Engine\19.9.1.14\symerr.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Owner\Desktop\FRST.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\PSPad editor\PSPad.exe
C:\Documents and Settings\Owner\Desktop\FRST.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: SFCDisable = dword:-99
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\19.9.1.14\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\19.9.1.14\ips\ipsbho.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: 68dd0687: {EB43AF8A-4974-45AD-E4C1-2A5D2F6AD4B7} -
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\19.9.1.14\coieplg.dll
uRun: [JBrIvuwsjXBVY] c:\documents and settings\all users\application data\JBrIvuwsjXBVY.exe
uRun: [ISUSPM] c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [AdobeBridge] <no file>
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy media creator 7\drag to disc\DrgToDsc.exe"
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking11\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking11\Ereg.ini
mRun: [SetIcon] \Program Files\WDC\SetIcon.exe
mRun: [UserFaultCheck] c:\windows\system32\dumprep 0 -u
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /install
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: MaxRecentDocs = dword:18
mPolicies-Explorer: NoSMConfigurePrograms = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoRecentDocsNetHood = dword:1
mPolicies-Explorer: MemCheckBoxInRunDlg = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: NameServer = 192.168.15.1 192.168.1.1
TCP: Interfaces\{91FAD1AB-774A-4DF5-AA99-7FA94AB80E4B} : DHCPNameServer = 192.168.15.1 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\kqzpf2r4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.internic.net/whois.html
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.1.3\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\kqzpf2r4.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
.
============= SERVICES / DRIVERS ===============
.
R? Adobe Version Cue CS4;Adobe Version Cue CS4
R? AR9271;Wireless Network Adapter Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? DragonSvc;Dragon Service
R? Eventlog32;Event Log
R? NIS;Norton Internet Security
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? !SASCORE;SAS Core Service
S? BHDrvx86;BHDrvx86
S? ccSet_NIS;Norton Internet Security Settings Manager
S? EraserUtilRebootDrv;EraserUtilRebootDrv
S? IDSxpx86;IDSxpx86
S? NAVENG;NAVENG
S? NAVEX15;NAVEX15
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? Simraceway Update Service;Simraceway Update Service
S? SymDS;Symantec Data Store
S? SymEFA;Symantec Extended File Attributes
S? SymIRON;Symantec Iron Driver
S? vtigercrmApache521;vtigercrmApache521
S? vtigercrmMysql521;vtigercrmMysql521
.
=============== File Associations ===============
.
FileExt: .js: Applications\PSPad.exe="c:\program files\pspad editor\PSPad.exe" "%1" [UserChoice]
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-04-20 02:02:41    --------    d-----w-    C:\FRST
2014-04-19 23:34:53    --------    d-----w-    c:\documents and settings\owner\local settings\application data\NPE
.
==================== Find3M  ====================
.
2014-03-07 09:00:31    8941568    ---ha-w-    c:\documents and settings\owner\ntuser.tmp
.
============= FINISH: 21:51:46.91 ===============

 

 

 

**************************

attach.txt

**************************

 

.
==== Installed Programs ======================
.
µTorrent
7-Zip 4.65
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AiO_Scan
Alibre Design
Alibre PartLibrary
Alt-Tab Task Switcher Powertoy for Windows XP
Bend It for Windows
CamStudio version 2.7
Compatibility Pack for the 2007 Office system
Connect
DBF to XLS
DivX Setup
Double Driver
Dragon NaturallySpeaking 11
Drive Image
DVD Decrypter (Remove Only)
DVD Shrink 3.2
eMachineShop
F1 2012
Ferrari Virtual Academy version 1.3
Foxit Reader 5.1
Fraps (remove only)
Garmin USB Drivers
Garmin WebUpdater
GTR Evolution
GTR Evolution Demo
HandBrake 0.9.8
HashCheck Shell Extension (x86-32)
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
Intel® Graphics Media Accelerator Driver
Ipswitch WS_FTP Pro Uninstall
Jasc Image Robot 1.21 ESD
Java™ 6 Update 13
JIAN MarketingBuilder
KeyShot4 4.0 32 bit
kuler
Logitech Gaming Software 5.08
Macromedia Contribute 3.11
MediaLooks QuickTime Source 1.7.0.6 (DirectShow Filter)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft AppLocale
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Windows Application Compatibility Database
Miro Video Converter
Mozilla Firefox 11.0 (x86 en-US)
Mozilla Thunderbird (1.5)
MSXML 4.0 SP3 Parser
MSXML 6.0 Parser
NetBeans IDE 6.9.1
Norton Internet Security
Notepad++
NVIDIA Control Panel 296.10
NVIDIA Display Control Panel
NVIDIA Graphics Driver 296.10
NVIDIA HD Audio Driver 1.3.12.0
NVIDIA Install Application
NVIDIA nView 136.18
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Update 1.7.11
NVIDIA Update Components
Open Command Prompt Shell Extension (x86-32)
PartitionMagic
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
POP Peeper
PowerQuest Drive Image 2002
PowerQuest PartitionMagic 8.0
PSPad editor
QFolder
QuickTime Alternative 2.8.0
Realtek High Definition Audio Driver
rFactor (remove only)
RocketDock 1.3.5
Roxio Easy Media Creator 7
Scan
Security Update for CAPICOM (KB931906)
Simraceway 28.86
Skype™ 3.8
Sothink DHTML Menu 9
Steam
Stylizer
Suite Shared Configuration CS4
SUPERAntiSpyware
Theora Converter .NET
Unlocker 1.8.7
User Profile Hive Cleanup Service
VC80CRTRedist - 8.0.50727.6195
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking
vtigercrm-5.2.1
WD Media Center Driver
WebFldrs XP
WhisperReporter
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
WinMerge 2.12.4
YPOPs! 0.9.7.3
.
==== End Of File ===========================
 




 

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 compuser89

compuser89
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:59 AM

Posted 20 April 2014 - 03:44 AM

As an update, I was able to reboot the computer in Safe Mode with networking.  I do believe I may have hit the wrong F key when I first tried booting in Safe Mode at the very beginning of the virus/trojan detection process.  The room was dimly lit and I had to move fast in the boot cycle.

 

I now have the machine in Safe Mode and I'm doing backups of E:/ & F:/.

It is substantial amounts of data 600 gigs and I have to move it over to another desktop via a 10/100 router/switch.  So it will take awhile.  Probably overnight. 

Sorry about the typos and misspellings in my first post.   Loose instead of lose, and a couple of other errors.



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:59 PM

Posted 24 April 2014 - 11:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/531713 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:59 PM

Posted 29 April 2014 - 11:10 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users