[amolari]

I downloaded a 'crack' file and it was an .exe file wich was a virus. Suddenly AVG Free was unoperative. When I tried to reactivate it, I got the message: "XXX.exe is not a valid win32 application". Same happened with webroot Spy sweeper, and other programs; any .exe would receive the same message. When I tried to access Safe Mode, it wouldn't let me. With the help of SafeBootKeyRepair, smithFraudFix and ComboFix, I am now able to enter Safe Mode, But that's about it. HijackTis would not start, same as any other antivirus installation. I am actually running Stinger 3'8 but didn't have any result. I've been able to run Silent Runners, text file attached. How do I identify what kind of virus is attacking me?
Appreciate any help.

Attached Files

•  Startup_Programs__ANGELO__2008_02_13_22.39.55.txt   14.08KB   239 downloads

[Advertisements]

Hello

Delete ComboFix.exe and the folder C:\ComboFix and C:\qoobox


Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

• If you are using Firefox, make sure that your download settings are as follows:
  
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".
• During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  
• It is important you rename Combofix during the download, but not after.
• Please do not rename Combofix to other names, but only to the one indicated.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combo-Fix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

[Rorschach112]

Hello

Delete ComboFix.exe and the folder C:\ComboFix and C:\qoobox


Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

• If you are using Firefox, make sure that your download settings are as follows:
  
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".
• During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  
• It is important you rename Combofix during the download, but not after.
• Please do not rename Combofix to other names, but only to the one indicated.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combo-Fix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

[amolari]

No Rorschach112, ComboFix.exe is not a valid win32 application. I have no internet connection. I am running this from an old portable, so must copy combofix thru a pen driver. It seems that it won't let me run any .exe. Any other idea? Thanks.

[Rorschach112]

It should let you if you rename ComboFix to something like amolari.exe

Do this before you transfer it over

Try it in Safe Mode if it doesn't work in Normal Mode

[amolari]

I started safebootkeyrepair and SmitFraudFix, and could reach SafeMode. Opened Combo-Fix but reaching stage 41 said cannot open file xx because is in use. It restarted windows and got a message showing KMD.EXE wanting to do something, wich I stopped. What's next ? Use a hammer?

[Rorschach112]

Let KMD.exe run

Re-run ComboFix again and accept any prompts

Please do not use any other tools unless I specify to

[amolari]

My friend, I did this all day, when I run Combo_Fix, it reaches
stage 43, then : Cannot open file ---- because is being used by another process. I did this from Windows in normal mode and from Safe Mode.

[amolari]

Rorschach112, I did buy another computer, so no much hurry anymore, but still the old one is a good one, plus it contains information I would like to keep. It contains two hard IATA drives with the second containing most of the info I care for. The new unit I bought has the SATA drive, but I also have a 100 gigs external drive that could be used to transport the data. My concern is security, I don't want to infect the new unit.
Could you show me a way to 'cure' the old unit, reformat the drive, or ultimately retrieve the data safely?
Many Thanks

[Rorschach112]

Try the following, let me know if it works

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

[Rorschach112]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.