How do you get rid of Antimalware Doctor? Also Xp Home Security 2012?
Started by
Rwtfnow
, Jun 12 2011 09:53 AM
#1
Posted 12 June 2011 - 09:53 AM
#2
Posted 12 June 2011 - 09:56 AM
Hi there lets try this little combo - do you have the ability to transfer programmes to the sick computer
Download RogueKiller to your desktop
THEN
Download OTL to your Desktop
Download RogueKiller to your desktop
- Quit all running programs
- For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
- When prompted, type 1 and validate
- The RKreport.txt shall be generated next to the executable.
- If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
THEN
Download OTL to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
%temp%\smtmp\*.* /s
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Post both logs
#3
Posted 12 June 2011 - 10:01 AM
I am not sure on how to transfer programs to the computer.
#4
Posted 12 June 2011 - 10:14 AM
Do you have a USB drive ?
Or can you burn a CD
This is on the basis that you have no internet connection on the infected computer
Or can you burn a CD
This is on the basis that you have no internet connection on the infected computer
#5
Posted 12 June 2011 - 10:29 AM
yes i do i will try the usb drive
#6
Posted 12 June 2011 - 10:40 AM
i get that thing to my sick computer but it will not run it
#7
Posted 12 June 2011 - 10:49 AM
Could you run RogueKiller but rename it to winlogon
If not we could burn a cd and work outside of windows
If not we could burn a cd and work outside of windows
#8
Posted 12 June 2011 - 10:50 AM
yeah i tried both names and they didnt run. lets try the cd
#9
Posted 12 June 2011 - 10:56 AM
OK this may give you internet access as well
Please print these instruction out so that you know what you are doing
Latest version: v3.1.46.0
OTLPENet.exe
MD5=79209302A1AFB2490808DB890A815CED
Size: 127,222,215b / 121.3MB
Please print these instruction out so that you know what you are doing
Latest version: v3.1.46.0
OTLPENet.exe
MD5=79209302A1AFB2490808DB890A815CED
Size: 127,222,215b / 121.3MB
- Download the attached scan.txt to a USB drive [attachment=50775:scan.txt]
- Download OTLPENet.exe to your desktop
- Ensure that you have a blank CD in the drive
- Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
- Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here - As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
- Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy - Double-click on the OTLPE icon.
- Select the Windows folder of the infected drive if it asks for a location
- When asked "Do you wish to load the remote registry", select Yes
- When asked "Do you wish to load remote user profile(s) for scanning", select Yes
- Ensure the box "Automatically Load All Remaining Users" is checked and press OK
- OTL should now start.
- Double click the Custom scans and fixes box
- In the dialogue locate the scan.txt you have on the USB
- Press Run Scan to start the scan.
- When finished, the file will be saved in drive C:\OTL.txt
- Copy this file to your USB drive if you do not have internet connection on this system.
- Right click the file and select send to : select the USB drive.
- Confirm that it has copied to the USB drive by selecting it
- You can backup any files that you wish from this OS
- Please post the contents of the C:\OTL.txt file in your reply.
#10
Posted 12 June 2011 - 11:12 AM
during what steps do i switch the cd over to the sick computer?
#11
Posted 12 June 2011 - 11:19 AM
As soon as it is burnt then use the CD to boot the sick system to a PE environment
Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
#12
Posted 12 June 2011 - 11:36 AM
RogueKiller V5.2.2 [06/05/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Jeremy Gunther [Admin rights]
Mode: Scan -- Date : 06/12/2011 10:34:38
Bad processes: 2
[SUSP PATH] xgs.exe -- c:\documents and settings\localservice\local settings\application data\xgs.exe -> KILLED
[SUSP PATH] setui70vir.exe -- c:\documents and settings\jeremy gunther\application data\1bd90a06d9d7fec39db71ffa9a5a6aa4\setui70vir.exe -> KILLED
Registry Entries: 14
[SUSP PATH] HKCU\[...]\Run : setui70vir.exe (C:\Documents and Settings\Jeremy Gunther\Application Data\1BD90A06D9D7FEC39DB71FFA9A5A6AA4\setui70vir.exe) -> FOUND
[BLACKLIST DLL] HKLM\[...]\Run : USB2Check (RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-2000478354-1677128483-854245398-1003[...]\Run : setui70vir.exe (C:\Documents and Settings\Jeremy Gunther\Application Data\1BD90A06D9D7FEC39DB71FFA9A5A6AA4\setui70vir.exe) -> FOUND
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[FILEASSO] HKCU\[...]Software\Classes\.exe\shell\open\command : ("C:\Documents and Settings\LocalService\Local Settings\Application Data\xgs.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKCU\[...]Software\Classes\exefile\shell\open\command : ("C:\Documents and Settings\LocalService\Local Settings\Application Data\xgs.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKLM\[...]Software\Classes\.exe\shell\open\command : ("C:\Documents and Settings\LocalService\Local Settings\Application Data\xgs.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKLM\[...]Software\Classes\exefile\shell\open\command : ("C:\Documents and Settings\LocalService\Local Settings\Application Data\xgs.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKCR\[...]exefile\shell\open\command : ("C:\Documents and Settings\LocalService\Local Settings\Application Data\xgs.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKCR\[...].exe\shell\open\command : ("C:\Documents and Settings\LocalService\Local Settings\Application Data\xgs.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command : ("C:\Documents and Settings\LocalService\Local Settings\Application Data\xgs.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") -> FOUND
HOSTS File:
67.205.118.181 www.google.com
67.205.118.182 search.yahoo.com
67.205.118.182 www.bing.com
Finished : << RKreport[1].txt >>
RKreport[1].txt
Just got the roguekiller to work!!!!!!!!!!
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Jeremy Gunther [Admin rights]
Mode: Scan -- Date : 06/12/2011 10:34:38
Bad processes: 2
[SUSP PATH] xgs.exe -- c:\documents and settings\localservice\local settings\application data\xgs.exe -> KILLED
[SUSP PATH] setui70vir.exe -- c:\documents and settings\jeremy gunther\application data\1bd90a06d9d7fec39db71ffa9a5a6aa4\setui70vir.exe -> KILLED
Registry Entries: 14
[SUSP PATH] HKCU\[...]\Run : setui70vir.exe (C:\Documents and Settings\Jeremy Gunther\Application Data\1BD90A06D9D7FEC39DB71FFA9A5A6AA4\setui70vir.exe) -> FOUND
[BLACKLIST DLL] HKLM\[...]\Run : USB2Check (RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-2000478354-1677128483-854245398-1003[...]\Run : setui70vir.exe (C:\Documents and Settings\Jeremy Gunther\Application Data\1BD90A06D9D7FEC39DB71FFA9A5A6AA4\setui70vir.exe) -> FOUND
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[FILEASSO] HKCU\[...]Software\Classes\.exe\shell\open\command : ("C:\Documents and Settings\LocalService\Local Settings\Application Data\xgs.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKCU\[...]Software\Classes\exefile\shell\open\command : ("C:\Documents and Settings\LocalService\Local Settings\Application Data\xgs.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKLM\[...]Software\Classes\.exe\shell\open\command : ("C:\Documents and Settings\LocalService\Local Settings\Application Data\xgs.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKLM\[...]Software\Classes\exefile\shell\open\command : ("C:\Documents and Settings\LocalService\Local Settings\Application Data\xgs.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKCR\[...]exefile\shell\open\command : ("C:\Documents and Settings\LocalService\Local Settings\Application Data\xgs.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKCR\[...].exe\shell\open\command : ("C:\Documents and Settings\LocalService\Local Settings\Application Data\xgs.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command : ("C:\Documents and Settings\LocalService\Local Settings\Application Data\xgs.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") -> FOUND
HOSTS File:
67.205.118.181 www.google.com
67.205.118.182 search.yahoo.com
67.205.118.182 www.bing.com
Finished : << RKreport[1].txt >>
RKreport[1].txt
Just got the roguekiller to work!!!!!!!!!!
#13
Posted 12 June 2011 - 11:44 AM
OK re-run RogueKiller and select option 2
Once done this should enable you to run OTL
Once done this should enable you to run OTL
#14
Posted 16 June 2011 - 11:31 AM
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users