[Matt633rle]

OK there is another option that is being trialled at the moment

Download rogue killer from here to your desktop

Run the programme in normal mode - you may need to try this several times, any popups from the virus leave open do not close them



Press 1 on this screen and a notepad will open please post that

The problem with doing this procedures is... As the 1st window appears... it also, immediately starts going thru my registry.... and because of this... I immediately stop the 1st window.... so, I am very concerned about doing this..... so, please confirm if you still want me to do this....

Second... I can send you the original file I received the virus from... I know where & what & when I opened it..... do you want this so you can put it on a "test computer".. and see what it does?

Third... When I restart my computer in normal now (after the 1st attempt)... the "virus window".. no longer "starts".. but, I am unable to run any malware cleaners... so, I am not sure the "rogue cleaner" will work, but I will try...

Edited by Matt633rle, 23 February 2011 - 12:31 PM.

[Advertisements]

I must admmit I will be interested to see what the new programme reports. Initially it will just be doing a scan

So once we have the OTL log and I am looking at it could you try the rogue killer in normal mode and
A) see if it runs
B) let me see any log it can produce

[Essexboy]

I must admmit I will be interested to see what the new programme reports. Initially it will just be doing a scan

So once we have the OTL log and I am looking at it could you try the rogue killer in normal mode and
A) see if it runs
B) let me see any log it can produce

[Matt633rle]

Yes....

[Essexboy]

If you could Zip and upload the file I will take it and then remove it from your post. The author of rogue killer is now following this thread

[Matt633rle]

I can forward it to an email address only... I still have the original email that caused this... please advise what email address.

[Essexboy]

I will PM

What progress so far ?

We are currently getting a standardised set of instructions for this - the main point so far

Option 1 (SCAN)

In this mode, the program will only kill the infectious process and inform the user of the infected registry keys, but no changes shall be made. In this way you can safely generated report and post it

[Matt633rle]

Status so far..... I am unable to restart OTL.... it is booting from CD.. BUT... it is taking me to drive C: (I have to main drives..) I have attempted now, 15 times... still trying to get to your program on the disk...

[Essexboy]

What is you main drive ?

Does the reatogo desktop come up ?

[Matt633rle]

What is you main drive ?

Does the reatogo desktop come up ?

The main drive is C:.... , NO, I cannot get reatogo desktop to come up now.......

My second drive is D;... upon reboot, I have my system set up to give me the option of which drive I want to access, then by default (after 30 sec) it defaults to C:.... that is what it is doing.. When I "am able".. to press "enter".. at the prompt "Boot from CD"... it is as if it is not "recognizing" my "keyboard entry"... so I went into BIOS to check... and it seems to be fine....

So.. "when I am able to press enter"... at the prompt "Boot from CD"... I press "enter"... it waits the 15 sec (default).. and (because I pressed enter).. it is going to my Drive C:... the 1st option on my list.....

FYI (my internet provider seems to be up and down... so if I don't respond right away... they are working on it., so please bare with me.)


Ok.. tried again... for sure... it is not "accepting my "enter' at the prompt.... Boot from CD"... so, I do have access to BIOS... what can I check in there....? And/or... I can go into safe mode.. do you want me to attempt to run the "Rogue Killer"?

Edited by Matt633rle, 23 February 2011 - 01:59 PM.

[Essexboy]

Could you try safe mode and see if you can run rogue killer from there please

[Matt633rle]

ok

[Matt633rle]

Could you try safe mode and see if you can run rogue killer from there please

ok.. in safe mode w/networking... here is the file...

Another question... can I "run the CD".. from this mode....

Attached Files

•  RKreport.txt   816bytes   557 downloads

Edited by Matt633rle, 23 February 2011 - 02:12 PM.

[Essexboy]

OK it has Identified it - now before I run the removal element could you downlod, and run OTL for me in safe mode with networking ( a bit of belt and braces here)

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Under the Custom Scan box paste this in
  
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

[Matt633rle]

sorry... can't run it....

Edited by Matt633rle, 23 February 2011 - 02:26 PM.

[Essexboy]

Lets go for it then, Run rogue killer and select option 2, once done then retry OTL please

Option 2 (Delete)

In this mode, the program will also kill the infectious process, but also target registry keys allowing the rogue to restart at startup and delete them.

Furthermore, if among these registry keys a proxy was found (IE or Firefox),RogueKiller will prompt the user if he wants to keep it or not. A proxy is not necessarily malicious!