[skorpeo]

Is there a way to restore to a previous time? Can I run malware from safe mode since its already on that computer?

[Advertisements]

you can but it would be pointless since the infection is in your router

like I said, the mbam step isn't important, you need to reset the router

[Rorschach112]

you can but it would be pointless since the infection is in your router

like I said, the mbam step isn't important, you need to reset the router

[skorpeo]

Ok, new dilema. I spoke to my ISP and they say that if my latops can connect then there is no roblem with the router settings. But to focus on the virus. Once i can access my files they can tall me through changind the settings.on my desktop if necessary. Pls help.

[Rorschach112]

you keep ignoring my advice. your isp is wrong.

am going to close this if you persist in not following the steps i've laid out

[skorpeo]

I'm not ignoring your advice, I'm just keeping you abreast of what is going on. I've followed everything you have told me up to this point. I'm trying to understand what is happening and I'm facing not being able to access very important files. Threatening to close my post just adds more stress. Once I reset the router will I be able to get on the internet? Its the only way that I've been able to use the internet with my laptop.

[skorpeo]

I reset the modem and notihing, I still can not get on the internet. The ISP tried to help me but nothing worked. They even had me reset the modem as well, then had me disconnect the modem from the router and run it straight to the computer and I still could not get connected. When I opened IE I noticed that there was a message on one of the lines, that read in big RED letters OOPPSSS! looks like your internet connection is down. and it had the circle slash too. This is as far as I've been able to get.

[Rorschach112]

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

[skorpeo]

I did the tdsskiller and nothing. What ever it is has hijacked my browsers so I cant get on the internet. I've reset both my router and modem and I still have the same problem. I can connect to the internet to get my emails using outlook express. but everytime I open a browser, I cant connect. My internet explorer has a bar that says ooppss! looks like your internet connection is down! in big red letters.

[Rorschach112]

if this doesn't fix it then I think format is the only solution


Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them
  
  Click me
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

[skorpeo]

Well, I've reset the browsers to their default settings and was able to get on the internet now. Malwarebytes and Spybot have found some stuff and cleaned them up and here is the resulting log from combofix. I am running norton antivirus and now I have a worning saying that windows automatic updates is not set, but when I go to control panel automatic updates, its set to update daily.  comboscan1.txt   54.78KB   90 downloads

[Rorschach112]

do you have the log from mbam ?



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::


Folder::
c:\documents and settings\NetworkService\Local Settings\Application Data\sykfpbivu

TDL::
c:\windows\system32\drivers\disk.sys
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:6522


Registry::

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



hows it running after that

[skorpeo]

here is the malware log  mbam-log-2010-09-08 (21-10-18).txt   1.01KB   110 downloads

[skorpeo]

here is the CFScript log.  comboscan2.txt   68.72KB   117 downloads

[Rorschach112]

hows the pc running

[skorpeo]

it seems to be running better, now the only issue, I'm trying to resolve is this,my Norton antivirus is showing a red x on the icon saying that I've turned off the windows automatic updates, however when I go to auto updates in control panel, it show that it is set to auto update daily. I've run the windows malicious software tool removal and its come back clean. Where could the problem lie now? Again thanks for all your help getting me to this point.