Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help!!!! Ntuserlite and many more


  • This topic is locked This topic is locked
8 replies to this topic

#1 Myster_P

Myster_P

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 15 April 2017 - 05:41 AM

Idk how it happened, but I'm in a pickle. I been fighting it for awhile, please tell Me what to do I don't really want to do another recovery on this machine. Has beaten everything I've thrown at it

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:42 AM

Posted 16 April 2017 - 08:46 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

When completed it will create a log. Please post the content on your next reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===


Please post the logs.

Let me know what problems persists.

#3 Myster_P

Myster_P
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 16 April 2017 - 12:03 PM

The only one I can run is farbar

#4 Myster_P

Myster_P
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 16 April 2017 - 12:12 PM

My computer just reset and now my use account is missing

#5 Myster_P

Myster_P
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 16 April 2017 - 12:52 PM

Ok back into my profile, chrome wont run now neither will farbar, but i got rouge killer scanning right now, about 50% done and 12 things found, 2 of which I didn't know about 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:42 AM

Posted 17 April 2017 - 08:21 AM

Run the Farbar tool and post both logs.

Stop the RogueKiller if still running.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:42 AM

Posted 23 April 2017 - 08:45 AM

Are you still with me?

#8 Myster_P

Myster_P
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 23 April 2017 - 03:38 PM

I am sorry i just got my email back online. i managed to finally get my computer into advanced start up and from there i i restroed to a previous point (always making restore points). the virus wasn't taken off computer with the restore, but it was not active and i was able to install malwarebytes and remove all infected files and rougekiller is coming back clean as well as avast. All is well thank you for your help, nothing was working, not even farbar so i had to literally trick my computer into advance start up because that was also disabled but always carry a PE drive just in case right!!



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:42 AM

Posted 24 April 2017 - 07:29 AM

If you want you can nor Run the Farbar tool and post the FRST and Addition.txt files for my review.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users