[LSEactuary]

umm i dont know if i have a partition or not. i dont even know what that is...

how do i check?

Edited by LSEactuary, 20 November 2010 - 09:28 AM.

[Advertisements]

After typing

'map' after the c:\windows prompt i get

C: NFTS 9998MB \ DEVICE\HARDDISK0\PARTITION 1
E: NFTS 186159MB \DEVICE\HARDDISK0\PARTITION 2
D: NFTS 286158MB \ DEVICE\HARDDISK1\PARTITION 1
J: \ DEVICE\CDROM1
K: \DEVICE\CDROM2

Edited by LSEactuary, 20 November 2010 - 09:35 AM.

[LSEactuary]

After typing

'map' after the c:\windows prompt i get

C: NFTS 9998MB \ DEVICE\HARDDISK0\PARTITION 1
E: NFTS 186159MB \DEVICE\HARDDISK0\PARTITION 2
D: NFTS 286158MB \ DEVICE\HARDDISK1\PARTITION 1
J: \ DEVICE\CDROM1
K: \DEVICE\CDROM2

Edited by LSEactuary, 20 November 2010 - 09:35 AM.

[Elise]

If you have only XP installed and the other partition is just for data storage, you can go ahead with the fixmbr command.

[LSEactuary]

okay it says 'the new master boot command has been sucessfully written'.

[LSEactuary]

YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY!

IT WORKED!!!!

Should I scan it and post logs or something to make sure everythigs fine? What shall I use?

[Elise]

Yes, please do so.

OTL
-----
Please download OTL from one of the following mirrors:

• • This is THE Mirror
• Save it to your desktop.
• Double click on the icon on your desktop.
• Click the "Scan All Users" checkbox.
• Push the Quick Scan button.
• Two reports will open, copy and paste them in a reply here:
  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

[LSEactuary]

scan complete - only 1 report came up (attached)

btw a lot of files are on my computer that i recall deleting. loads of temporary files too. what shall i do?

Attached Files

•  OTL.Txt   52.85KB   542 downloads

[Elise]

Hi again, there is still some malware alive there, so lets get rid of that.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
• Double click on Combofix.exe and follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[LSEactuary]

heres the combofix report:

Attached Files

•  log.txt   15.4KB   591 downloads

[Elise]

Hi, that was still quite some malware and more to go.

CF-SCRIPT
-------------
We need to execute a CF-script.

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yfixatofoke"=-

File::
c:\windows\oxuwoyul.dll

Driver::
jtflnqg
ahxljnbn
cstgbops
epqnanfy
ewfdbvpr
fazsnxbs
hlkbiybv
izguimaq
jraxstkx
lgcqxfww
mohlczml
qkyotxfh
sufumffj

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[LSEactuary]

i hope this helps...

Attached Files

•  log.txt   13.37KB   563 downloads

[Elise]

Hi there, that is looking quite okay now. How are things running? Any problems left?

Please rerun OTL, click the NONE button, then change the value under Extra Registry to "use safelist" and click Run Scan. Post me extra.txt

[LSEactuary]

Thanks! Everything's working perfectly atm. I'm asking everyone to save stuff on their USBs so the computer remains 'empty' just in case. Ill scan it again on Friday/the weekend - that gives it enough time to 'settle down'! lol

Thanks so much for the help though - I owe you £200!

[Elise]

Hi there, I'm glad to hear that.

To make sure everything stays clean, I recommend to post extra.txt as instructed, so we can make sure all your programs are up to date.

[LSEactuary]

as requested....

Attached Files

•  extra.Txt   49.8KB   537 downloads