Help Microsoft Security Essentials Alert Has Taken Over My Computer On
#1
Posted 05 November 2010 - 03:40 PM
#2
Posted 05 November 2010 - 03:44 PM
Do you have any idea where you got this infection from ?
OK first we will have a look at the system and pinpoint the main nasties
GMER Rootkit Scanner - Download - Homepage
[*] Download GMER
[*] Extract the contents of the zipped file to desktop.
[*] Double click GMER.exe.
[*] If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
[*] In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Click the image to enlarge it
- Then click the Scan button & wait for it to finish.
- Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
- Save the log where you can easily find it, such as your desktop.
Please copy and paste the report into your Post.
THEN
Download OTL to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click on Minimal Output at the top
- Click on Scan all users
- Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
- Double click inside the Custom Scan box at the bottom
- A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
- Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
- Select scan.txt and click Open. Writing will now appear under the Custom Scan box
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
#3
Posted 05 November 2010 - 04:17 PM
#4
Posted 05 November 2010 - 04:22 PM
If not we can try OTL's big brother, I will give the instructions for that just in case
Download OTS to your Desktop and double-click on it to run it
- Make sure you close all other programs and don't use the PC while the scan runs.
- Select All Users
- Under additional scans select the following
Reg - NetSvcs
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
File - Purity Scan
- Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
- When the scan is complete Notepad will open with the report file loaded in it.
- Please attach the log in your next post.
#5
Posted 05 November 2010 - 04:49 PM
Attached Files
#6
Posted 05 November 2010 - 05:11 PM
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.
[Unregister Dlls]
[Files/Folders - Created Within 30 Days]
NY -> win32.exe -> C:\WINDOWS\win32.exe
NY -> rscy.xgo -> C:\WINDOWS\System32\rscy.xgo
NY -> feel0.dll -> C:\WINDOWS\System32\feel0.dll
NY -> dNeGp02030 -> C:\Documents and Settings\All Users\Application Data\dNeGp02030
[Files/Folders - Modified Within 30 Days]
NY -> 6to4v32.dll -> C:\WINDOWS\System32\6to4v32.dll
NY -> Fsajizebufisaw.dat -> C:\WINDOWS\Fsajizebufisaw.dat
NY -> Wnafotegixivaz.bin -> C:\WINDOWS\Wnafotegixivaz.bin
NY -> p6qps.dll -> C:\WINDOWS\System32\p6qps.dll
[Files - No Company Name]
NY -> 6to4v32.dll -> C:\WINDOWS\System32\6to4v32.dll
NY -> Wnafotegixivaz.bin -> C:\WINDOWS\Wnafotegixivaz.bin
NY -> Fsajizebufisaw.dat -> C:\WINDOWS\Fsajizebufisaw.dat
NY -> p6qps.dll -> C:\WINDOWS\System32\p6qps.dll
NY -> 7EgpN4 -> C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\7EgpN4
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
THEN
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
#7
Posted 05 November 2010 - 09:37 PM
Attached Files
#8
Posted 06 November 2010 - 04:51 AM
Download Dr Web from here http://www.freedrweb.com/?lng=en link on the top right of the page, tick the EULA and then download
It will download as an 8 digit file save it to your desktop
Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that
AS SOON AS DR WEB HAS COMPLETED
Retry Combofix from normal mode
#9
Posted 06 November 2010 - 07:06 AM
#10
Posted 06 November 2010 - 07:11 AM
That will take you to the licence page, tick that you accept the licence at the bottom
Click continue and the download should start
#11
Posted 06 November 2010 - 08:40 AM
#12
Posted 06 November 2010 - 08:51 AM
Also is the computer behaving itself now ?
#13
Posted 06 November 2010 - 11:38 AM
Attached Files
#14
Posted 06 November 2010 - 12:18 PM
This may not find anything but it is a fast programme - and it will confirm certain areas clear, then we will run MBAM to clear some slightly different areas. Again a fairly fast scan
Please read carefully and follow these steps.
- Download TDSSKiller and save it to your Desktop.
- Extract its contents to your desktop.
- Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
- If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
THEN
Please download Malwarebytes' Anti-Malware from Here.
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
#15
Posted 06 November 2010 - 04:20 PM
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users