Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Beaten down with bagle


  • Please log in to reply

#16
golfer_guy

golfer_guy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
fixthis is still doing errors, just like in

post 6

and 1st picture on that post



DO WE need to point it into another directory and not at the automatic
Docs and Setts

the cmd prompt opens to?






the other two also error out....(not an internal or external.....etc above)
where do we need to start them from (what dir). at the cmd prompt to get these to work please?
:)
thanks!





I dug around a while and found that in xphome, dos cmd prompts call from windows/system32, so I copied them to there, went back into safemode and they worked from there. (no errors) at least they ran. :)

I am doing the Kaspersky Scan you posted at the moment on that PC.
Will let you know :)

Also the scan needs to be done from IE not FFox.

Kahdah, you are great! TTY in the a.m. :):)

Edited by golfer_guy, 15 February 2008 - 10:15 PM.

  • 0

Advertisements


#17
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
That does not matter the infection is killing it as soon as it it executed.
Batch files set the directory.

Please just go aheah wit hthe panda scan as it will kill most of the files automatically.
  • 0

#18
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Question why are you running the batch file from the cmd prompt instead of just double clicking on it?

C:\Fixthis.bat is a .bat extention not a directory.
You typed in C:\Fixthis

All you have to do is double click on the little batch files I had you create otherwise they will not run.

I was re-looking at the screen shots you provided earlier that is why all of them come up with that error.

Please hold off on the Panda scan for now and redo what I posted Here then do the panda scan then let me know how it goes.

None of this will work if you do not do as instructed.
  • 0

#19
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
I never asked for a kaspersky scan please follow my instructions for the panda scan all of the online scan we use use IE unless we specify trend micro online scan.
  • 0

#20
golfer_guy

golfer_guy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
so sorry that I misspoke
It is Panda.

I apologize!
yikes sorry you're mad!

I am sorry too if I haven't thanked you enough for all your help.



the fixthis, got errors the way you had it originally and I am sorry, but thought maybe I was missing something so I tried it the way I gave you pictures.


sorry sorry sorry.
  • 0

#21
golfer_guy

golfer_guy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
PANDA found my fake eicar test files. nothing else.



I did these your way at cmd prompt Docs and Settings AND this way.
see attd.3 pics.



The last forum had me chasing my tail at the cmd prompt and then four days of fiddling, they said they were wrong on the batch files, and pointed me to another directory.............so sorry again
I thought, forgive me, the same thing was going on.





still getting:
_________ everything_________is not a valid win32 appl.



I will check in tomorrow night after work.
Thanks, much thanks again kahdah.




PS
above post:
when you mentioned


C:\Fixthis.bat is a .bat extention not a directory.
You typed in C:\Fixthis



that is because it didn't work the way it was from here to the notepad, with no errors in my pasting,
so I moved it to C and of course that should have worked if the commands were right on. that is why I had it pointing directly to C fixthis, 'cause fixthis was IN C.

Attached Thumbnails

  • sys32_delete.jpg
  • sys32_service.jpg
  • sys32_fixthis.jpg

Edited by golfer_guy, 16 February 2008 - 12:42 AM.

  • 0

#22
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts

yikes sorry you're mad!

Not mad but it takes time to do these fixes and I can assure you they are right.
I have dealt with this same infection on more than one occassion with the same instructions the same batch files and it worked.
The reason it says can not find the files specified is because they do not exist.

I did a test on my computer last night and when I saved a batch file to my desktop and ran it throguh the command prompt specifying the desktop directory it told me unrecognized or inoperable something something.
When I double clicked on it it ran and deleted the file I was trying to delete.

Trust me I would not give the wrong instructions.
=====================================================
There is the findfile.bat on your desktop still.

I would like for you to run that again and post the results please.
Just double click on it.

I would like to see if the C:\Windows\system32\drivers\down directory still is present.

Thank you.
  • 0

#23
golfer_guy

golfer_guy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
good a.m. and thanks for explaing.
sorry for the previous doubts.
my fault!



findfile.bat from desktop


Volume in drive C is Local Disk
 Volume Serial Number is 70C6-2488

 Directory of C:\WINDOWS\system32\drivers


 Directory of C:\Documents and Settings\Owner\Desktop

  • 0

#24
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please go ahead and uninstall all of your security programs.
Everything that had that error message about not being a win32 application.
Because they are corrupted.
I know you ran this earlier but I would now like for you to try it again.
================================================
Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Post that log in your next reply.

(Note if you cannot open the log it produces then right click on it and choose rename.
Rename it to .txt and you will be able to open it)

  • 0

#25
golfer_guy

golfer_guy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I will be doing the dr web scan tomorrow, sorry - just got told I have a doubleshift today and tonight.
Thanks man! :):)
  • 0

Advertisements


#26
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Long shift not very fun.

Ok no problem and you are welcome :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP