[riggsrl]

Hi
I know this has been asked before but I have went thru these forums for hours and tried all the fixes but no luck. I hope someone can help me with this problem. I CANNOT get any malware removal tool to work as if it does it crashes about mid point in scan. I have google redirects to but it seems to eat up .exe downloads. I tried otl but crashed right after starting. how I found out this virus was I ran one of the scanners for deep clean crashed first time ran second time but I still could not run anti malware program as it crashes when I open it. I hope someone can help me.
Thanks for any of your time
One other thing I am not an expert at computers just a novice but I can get thur things with a little help just try not to use computer slang and abbr. Sorry

[Advertisements]

OK lets try a little subterfuge shall we the OTL I am asking you to download this time is a slightly different variant

Note: If using Firefox right-click on any download links and choose Save As

Please download OTH to your desktop
Please download OTL to your desktop
Please download the attached file Scan.txt to your desktop

Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.



Then select Start OTL. OTL will now run

• Double-click on the Custom Scans box and a message box will popup asking if you want to load a custom scan from a file
  Select Scan.txt that you downloaded
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Click the Internet Explorer button, post these logs in your Virus Removal topic.

[Essexboy]

OK lets try a little subterfuge shall we the OTL I am asking you to download this time is a slightly different variant

Note: If using Firefox right-click on any download links and choose Save As

Please download OTH to your desktop
Please download OTL to your desktop
Please download the attached file Scan.txt to your desktop

Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.



Then select Start OTL. OTL will now run

• Double-click on the Custom Scans box and a message box will popup asking if you want to load a custom scan from a file
  Select Scan.txt that you downloaded
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Click the Internet Explorer button, post these logs in your Virus Removal topic.

[riggsrl]

I tried it 3 times does nothing. I had to redownload 3 times also because it if I click it again it does nothing 1 time it said I did not have permission to do it or something of that nature. That is when I hit kill process it does nothing

[Essexboy]

OK one final try before we revert to working outside of windows - do you have access to a cd burner - preferably on another computer


Download RogueKiller to your desktop

• Quit all running programs
• For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
• When prompted, type 2 and validate
• The RKreport.txt shall be generated next to the executable.
• If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

THEN

Retry OTL

[riggsrl]

hi I ran rougekiller got this report but OTL will not run and it won't delete so I can redownload it either says the path is not right

Attached Files

•  RKreport1.txt   1.88KB   84 downloads

[riggsrl]

just in case you don't want to open here it is
RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Randy [Admin rights]
Mode: Remove -- Date : 07/23/2011 13:02:14

Bad processes: 2
[SUSP PATH] visicom_antiphishing.dll -- C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.dll -> UNLOADED
[SUSP PATH] visicom_antiphishing.exe -- c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe -> KILLED

Registry Entries: 4
[SUSP PATH] HKLM\[...]\Run : Anti-phishing Domain Advisor ("C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe") -> DELETED
[BLACKLIST] HKLM\[...]\services : 1250137530 (1250137530.sys) -> DELETED
[BLACKLIST] HKLM\[...]\services : 1250137530 (1250137530.sys) -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:
127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 125.252.224.90
[...]


Finished : << RKreport[1].txt >>
RKreport[1].txt

[Essexboy]

Do you have a cd that we could burn a programme to ?



Download Dr Web from here Fill in the small form and download

It will download as an 8 digit file save it to your desktop

Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.