Posted 27 March 2011 - 11:16 AM
Posted 28 March 2011 - 05:56 PM
My name is Cold Titanium , and I will be assisting you with your problem. I am still in training, so all my replies need to be checked by an expert first. So there may be a slight delay in between replies.
Please follow all of my instructions without skipping anything. Also, please refrain from experimenting around whilst I am helping you. At times some of the things I tell you to do may seem unnecessary and frustrating, but just stick to it and we'll get through
Note: Please save these instructions in a file or print them out, as the internet may not be available while we are fixing the system.
I'm clearing my fix now.
Posted 29 March 2011 - 01:42 PM
We need to kill those malicious processes long enough to run our tools.
We have PLAN A and PLAN B available. If nothing from Plan A will work, then move on to Plan B.
If you can't access the Internet from the infected machine then you'll have to use a flash drive to transfer programs and logs. If that is the case I'd like you to protect the flash drive by running this program first:
Do this on the clean machine if you can't download files
- 1 - Flash Drive Disinfector
Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
- Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
- The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
- Wait until it has finished scanning and then exit the program.
- Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.
Note: If using Firefox right-click on any download links and choose Save As
Please download OTH to your desktop
Please download OTL to your desktop
Please download the attached file Scan.txt to your desktop
Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.
Then select Start OTL. OTL will now run
- Double-click on the Custom Scans box and a message box will popup asking if you want to load a custom scan from a file
Select Scan.txt that you downloaded
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Click the Internet Explorer button, post these logs in your Virus Removal topic. If IE still won't work then copy the logs onto the Flash Drive and post from the clean computer.
Download RogueKiller to your desktop
- Quit all running programs
- For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
- When prompted, type 1 and validate
- The RKreport.txt shall be generated next to the executable.
- If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top make sure it is set to Standard Output.
- Ensure the Use SafeList is selected for Extra Registry
- Under the Custom Scans/Fixes box at the bottom, paste in the following
%systemroot%\*. /mp /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
- Click the Run Scan button. Do not change any settings unless otherwise told to do so.
- When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
- Download GMER to your desktop
- Right-Click and extract it to the desktop
- Double-Click gmer.exe
- If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
- In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
- Then click the Scan button & wait for it to finish. (Please be patient as it can take some time to complete)
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
After it finishes scanning
- Click on the [Save..] button, and in the File name area, type in "ark.txt"
- Save it to your desktop
Post ark.txt in your next reply
Post OTL.txt, RKreport.txt, and ark.txt in your next reply...
Posted 02 April 2011 - 09:44 AM
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users