[JSntgRvr]

1. Launch Notepad, and copy/paste the contents of the quote box below into a new Notepad file. Save it with file name options.txt and save as file type: all files to your desktop.

RegSearch Options File

[Search]
srosa

[Exclude]

[Options]
Filter=KVDLUI

• Open the Regsearch folder , and double click on regsearch.exe
• Click "Import" in the lower left corner and browse to the options.txt file that you just saved on your desktop. Do not choose the one in the RegSearch folder itself.
• Click OK and Registry Search will scan your registry for the file(s), and a Notepad box will open with a report.
• Please reply here with the entire contents of the Notepad file from RegSearch.

Go to Start -> Run copy and paste the following command and click OK:

CMD /C Dir /a:-d "C:\Documents and Settings\user" >"%userprofile%\Desktop\Getit.txt"

It shall produce a text file on your desktop, Getit.txt. Open this file in Notepad and post its contents.

[Advertisements]

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Open the extracted SDFix folder and double click RunThis.bat to start the script.

• Type A to create a System Report
• Please be patient as this scan may take some time
• When the scan has finished post back the SystemReport.txt from the SDFix folder

[JSntgRvr]

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Open the extracted SDFix folder and double click RunThis.bat to start the script.

• Type A to create a System Report
• Please be patient as this scan may take some time
• When the scan has finished post back the SystemReport.txt from the SDFix folder

[Karol33]

Regsearch results have been uploaded and Getit.txt also.

The system report is too big to upload, will try to post it in the reply.

Attached Files

•  RegSearchRESULT.txt   6.25KB   148 downloads
•  Getit.txt   473bytes   151 downloads

Edited by Karol33, 02 March 2008 - 07:44 PM.

[Karol33]

Can you give me a site too upload the system report?

Edited by Karol33, 02 March 2008 - 07:45 PM.

[Karol33]

Can you give me a site too upload the system report?

Edited by Karol33, 02 March 2008 - 07:45 PM.

[JSntgRvr]

Please go here:
The Spy Killer Forum

• Click on "New Topic"
• Put your name, e-mail address, and this as the title: "To JSntgRvr"
• Put a link to this thread in the description box.
• Then next to the file box, at the bottom, click the browse button, then navigate to this file:
  
  
  • System report
• Click Open.
• Click Post.

[Karol33]

Done.

[JSntgRvr]

There is a lot of information to examine. Will get back to you soon.

[JSntgRvr]

Download the enclosed folder. Save and extract its contents to the desktop. It is important that it is saved on your desktop. It is an application, Mypoppy.exe. Once extracted, doubleclick on Mypoppy.exe. It shall produce a report for you. Be patient, it may also restart the computer. Once finished, please post its report in a reply.

[Karol33]

Same as before, I only get a blue window an a white pulsing line.

[Karol33]

Ok i have another problem. I got a call from my internet provider today, Time Warner and they said that my pc is sending out Spam/Junk Mail and they said if I don't get rid of it soon they will suspend my internet connection, can you help me with this because I don't know what to do it? Is bagle sending it or something else that came with it?

Edited by Karol33, 03 March 2008 - 05:58 PM.

[JSntgRvr]

There is a major infection in that computer.

Download the enclosed folder. Save and extract its contents in your C:\ folder. It is important that you save this folder in the C:\ folder. Once extracted, open the BagleFix folder and double click on the Fixme.bat file. the computer will restart. After the restart is completed, please run the following command (Start-> Run, copy and paste->Click OK):

"%userprofile%\desktop\MyPoppy.exe" /killall

If still receiving the same error, then please remove your Antivirus program and download and run this file:

http://files.avast.c...eta/aswbeta.exe

It will download the latest BETA version of AVAST Antivirus. Run the Scan and letme know the outcome

[JSntgRvr]

Before downloading and installing aswbeta.exe, download the free edition:

http://www.avast.com..._protectio.html

Don't know if this BETA update will work on the Free Edition.

[Karol33]

Did what you said. The combofix thing worked it ran and deleted a lot of files, but it didn't produce a log, it said that it was preparing a log but nothing happened after a while. I ran the AVAST free edition got 17 infections of bagle and I deleted all of them.

Some odd things happened but its nothing probably, my time changed to military.

I got a catchmelog I will copy it here. Most of my apps came back online also.

file zipped: C:\Windows\system32\drivers\srosa.sys -> catchme.zip -> srosa.sys ( 124890 bytes )
PE file "C:\Windows\system32\drivers\srosa.sys" killed successfully
file zipped: C:\Windows\system32\drivers\srosa.sys -> catchme.zip -> srosa.sys.1 ( 124890 bytes )
file "C:\Windows\system32\drivers\srosa.sys" deleted successfully

[Karol33]

After that I ran a deep scan and got some more infections and I deleted them all and no problems so far.