Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Urgent Help!


  • This topic is locked This topic is locked

#1
GenJins

GenJins

    New Member

  • Member
  • Pip
  • 2 posts
Okay, my urgent problem Is, Antivirus 8 got onto my computer, ran a scan and started spamming messages at me with how I have got urgent trojans on my computer, I noticed how this couldn't be possible, so I searched It up on my other computer and I realized It was a rogue antivirus, It recommended me to install MalwareBytes Anti - Malware (The help site of course), so I did and after the scan was complete It found 248 infected objects, I removed it all and restarted my computer and It seemed fine, I then THOUGHT that I wouldn't need this Malwarebytes Anti - Malware program any more, so I deleted it stupidly... so then after the next morning when I turned on my computer logged on etc, I realized I could not open up any files in my documents and all. the message came up like this, "C:\Users\Myname<\Documents\My Received Files\TFC.exe, This goes for all of my C files and installations such as Internet Browsers games. An other problem I have been having with this Is Internet browsers, Google Chrome Internet 8 wont at all, Internet 8 will but I can't go back to my previous pages nor close It down.. Opera Browser will work, but It does not work very well. My friend recommended me to come to you, since he recommended TFC and GMER, To try and get rid of this virus once and for all and make sure It is fully out, after I told him how I can't open up files nor installations, and how I stupidly deleted the Malware Bytes program. He said come to the "geeks" of this place and see If they can help you out with a fix to get it off... I really do hope you can get rid of this for me with some very helpfull advice! and to be honest, I'm not very smart with computers so, I'd need to understand on what I need to do clear and fast, before I brake down on what problems I am having and how I don't want it, It will be a massive thanks If you could give me helpfull advice so I can be on my way with my work and stuff. Once again thanks and see you soon :{.

Basic Stuff:
AV8 got onto my computer
Malwarebytes then deleted it and the infections
Deleted MBAM stupidly
Files won't open and a virus found on scan
Internet Browsers won't correctly work
Installations nor programs from my files will not open.
Other things I have not yet discovered or know about

P.s My system is a compaq, If that matters... I have windows vista, No I don't have logs of last nights scan on MBAM of my problem and did not know of this site until my friend told me, Yes I am a noob.. why do you think I deleted MBAM and thought the virus was totally gone. Sneakers, so I cannot install OTL MBAM etc nor open up my files. I have to do this without really installing anything or something that would get past the virus, since the left over fragments I think? will stop installations of programs I need. Yet again, I am a noob and I won't really know how to tackle It on my own, so with much information I need to do, screenshots etc, will really help me out. Thanks

Edited by GenJins, 04 October 2010 - 11:37 PM.

  • 0

Advertisements


#2
CatByte

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,705 posts
  • MVP
Hi

Please do the following:

Please boot into the options menu > reboot your machine and tap F8 repeatedly on start up until an options screen appears > arrow up to "last Known Good Configuration" > Hit enter.

See if your machine behaves normally so programs will download and scan:

If they will, please run the following programs:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.



NEXT


Scan With RootKitUnHooker

  • Please Download Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers and Stealth
  • Uncheck the rest. then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished and then click File > Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in your next reply.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"



If you still cannot download and run those programs, please try and run this program first:

It will run directly from a USB stick:



Please download exeHelper to your desktop.
  • Double-click on exeHelper.com to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Then try running DDS and RKU

NEXT


If you still are unable to run those programs and you are being told the programs are infected, then try the following:

If you have an active internet connection, copy/paste the links below into your browser, don't click them or the rogue might redirect. If you don't have an active internet connection, download the tools from another machine, and transfer them to the affected machine via USB flash drive.


Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.


http://download.blee...inler/rkill.exe
http://download.blee...inler/rkill.com
http://download.blee...inler/rkill.scr



Note:

You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message. Run rkill repeatedly until it's able to do it's job. This may take a few tries. You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.

At this point, you should now be able to run analysis tools.

Once the tool has run, do NOT reboot the machine, and then try to run DDS and RKU.

If for some reason the machine reboots, repeat the process. Again, try not to restart the machine.


NEXT


If you are still having no luck running the programs, then try running them in safe mode:

Please reboot and start to tap F8 repeatedly on startup until the options menu appears > arrow up to Safe mode with networking"

Now see if the scans will run:
  • 0

#3
CatByte

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,705 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP