bugs chomping on screen?[CLOSED]
Started by
jimmydaggett
, Apr 18 2008 11:46 AM
#1
Posted 18 April 2008 - 11:46 AM
#2
Posted 18 April 2008 - 01:36 PM
Hi there,
Welcome to GeeksToGo. My name is RatHat, and I will try to help you get your files back.
The first thing we need to do is to see if we can get back into your computer, so I need to ask if you have tried using "Last know good configuration" when booting the machine.
If not, restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter "Last know good configuration" .
Let me know if you are now able to boot into Windows.
Regards,
RatHat
Welcome to GeeksToGo. My name is RatHat, and I will try to help you get your files back.
The first thing we need to do is to see if we can get back into your computer, so I need to ask if you have tried using "Last know good configuration" when booting the machine.
If not, restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter "Last know good configuration" .
Let me know if you are now able to boot into Windows.
Regards,
RatHat
#3
Posted 18 April 2008 - 02:17 PM
thank you for helping.
yeah i tried that but nothing seemed to change. the screen started filling up with junk again. safe mode is starting to not respond to anything. the name of the phony anti-spyware that popped up was Brave Sentry????
yeah i tried that but nothing seemed to change. the screen started filling up with junk again. safe mode is starting to not respond to anything. the name of the phony anti-spyware that popped up was Brave Sentry????
#4
Posted 18 April 2008 - 02:20 PM
Are you using the infected computer to post here?
#5
Posted 18 April 2008 - 02:25 PM
no sir
i am using my mac.
i am using my mac.
#6
Posted 18 April 2008 - 02:34 PM
OK, let's see if you can do this.
Please download ComboFix from Here or Here and save it to a CD or thumb drive (if you use a thumb drive, do not use it with any other computer until after we have cleaned your computer).
Transfer it to the infected computer.
Let me know if you manage to accomplish this, and if so post me the log that is produced.
Regards,
RatHat
Please download ComboFix from Here or Here and save it to a CD or thumb drive (if you use a thumb drive, do not use it with any other computer until after we have cleaned your computer).
Transfer it to the infected computer.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Let me know if you manage to accomplish this, and if so post me the log that is produced.
Regards,
RatHat
#7
Posted 18 April 2008 - 02:40 PM
alright i will give it my best shot. when i insert the disk into the infected computer do i run the program in safe mode? thanks again i will give this a whirl.
jimmy daggett
jimmy daggett
#8
Posted 18 April 2008 - 02:44 PM
It would be best if you could run it in Normal Mode, but if not, then please run an alternative program in Safe Mode:
Please download SmitfraudFix (by S!Ri) to your Desktop.
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
Next, please reboot your computer in Safe Mode by doing the following :
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning : running option #2 on a non infected computer will remove your Desktop background.
Please download SmitfraudFix (by S!Ri) to your Desktop.
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
Next, please reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning : running option #2 on a non infected computer will remove your Desktop background.
#9
Posted 18 April 2008 - 02:52 PM
ok sounds good. thanks.
#10
Posted 18 April 2008 - 03:05 PM
well here is an update.. i clicked on the smitfraud link and inserted a blank disk into my mac. and nothing is happening. i have parallels and can operate my mac as a pc should i move over into my vm? then try to burn the info onto a disk?
#11
Posted 18 April 2008 - 03:13 PM
That may be the way to go,unfortunately, I have no knowledge of Mac's, so cannot offer any advice on how it should be downloaded. If you can download by switching to PC mode and burning to CD, please download Combofix, and also Deckard's System Scanner (DSS) and OTScanIt.exe .
Copy them all to the CD, but just run SmitFraud for now.
Regards,
RatHat
Copy them all to the CD, but just run SmitFraud for now.
Regards,
RatHat
#12
Posted 22 April 2008 - 06:54 PM
Do you still require assistance with this log?
Regards,
RatHat
Regards,
RatHat
#13
Posted 28 April 2008 - 05:07 PM
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact myself or another staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
If you need this topic reopened, please contact myself or another staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users