Bunch of Trojans: Downloader, FakeAlert, DNSchanger, BHO, Agent, PUM.h
Started by
Garrett33
, Jul 31 2011 03:03 AM
#16
Posted 03 August 2011 - 02:02 PM
#17
Posted 03 August 2011 - 02:10 PM
I can sure try! lol
#18
Posted 03 August 2011 - 02:18 PM
How much RAM do you have on your computer ?
#19
Posted 03 August 2011 - 02:27 PM
448MB of RAM, on a Mobile AMD Sempron, 1.79GHz
Safe mode did not work. It restarted and asked how to start, tried safe mode with networking, didn't start. So I started windows normally.
Safe mode did not work. It restarted and asked how to start, tried safe mode with networking, didn't start. So I started windows normally.
#20
Posted 03 August 2011 - 02:31 PM
OK Lets try another analysis programme slightly different to the first
To ensure that I get all the information this log will need to be attached (instructions at the end) if it is too large to attach then upload to Mediafire and post the sharing link.
Download OTS to your Desktop
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
To ensure that I get all the information this log will need to be attached (instructions at the end) if it is too large to attach then upload to Mediafire and post the sharing link.
Download OTS to your Desktop
- Close ALL OTHER PROGRAMS.
- Double-click on OTS.exe to start the program.
- Check the box that says Scan All Users
- Under Additional Scans check the following:
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
- Under the Custom Scan box paste this in
%SYSTEMDRIVE%\*.exe
/md5start
volsnap.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
CREATERESTOREPOINT
- Now click the Run Scan button on the toolbar.
- Let it run unhindered until it finishes.
- When the scan is complete Notepad will open with the report file loaded in it.
- Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
#21
Posted 03 August 2011 - 03:02 PM
It starts scanning then gets to: Scanning HKEY_USERS\a bunch of numbers\Internet Explorer settings, and becomes unresponsive.
#22
Posted 03 August 2011 - 03:09 PM
It looks as though the only way we are going to find out what is wrong is to work outside of windows... Can you burn a programme to a CD ?
Please print these instruction out so that you know what you are doing
Latest version: v3.1.46.0
OTLPENet.exe
MD5=79209302A1AFB2490808DB890A815CED
Size: 127,222,215b / 121.3MB
Please print these instruction out so that you know what you are doing
Latest version: v3.1.46.0
OTLPENet.exe
MD5=79209302A1AFB2490808DB890A815CED
Size: 127,222,215b / 121.3MB
- Download the attached scan.txt to a USB drive
- Download OTLPENet.exe to your desktop
- Ensure that you have a blank CD in the drive
- Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
- Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here - As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
- Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy - Double-click on the OTLPE icon.
- Select the Windows folder of the infected drive if it asks for a location
- When asked "Do you wish to load the remote registry", select Yes
- When asked "Do you wish to load remote user profile(s) for scanning", select Yes
- Ensure the box "Automatically Load All Remaining Users" is checked and press OK
- OTL should now start.
- Double click the Custom scans and fixes box
- In the dialogue locate the scan.txt you have on the USB
- Press Run Scan to start the scan.
- When finished, the file will be saved in drive C:\OTL.txt
- Copy this file to your USB drive if you do not have internet connection on this system.
- Right click the file and select send to : select the USB drive.
- Confirm that it has copied to the USB drive by selecting it
- You can backup any files that you wish from this OS
- Please post the contents of the C:\OTL.txt file in your reply.
#23
Posted 04 August 2011 - 11:21 PM
I followed all the steps correctly, but when I got to step 8 there was no OTLPEN.exe. Instead there was OTPLE, so I opened that assuming it was the same thing. Step 10: It did not ask me if I wish to load remote registry. I was asked step 11. Then there was no box to automatically load all remaining users. I just restarted the computer cause I'm afraid of messing something up lol.
#24
Posted 05 August 2011 - 11:34 AM
Continue as you were, there will be slight variations dependant on the system
Run OTLPE and when the log has generated post that here please
Run OTLPE and when the log has generated post that here please
#25
Posted 05 August 2011 - 04:21 PM
It started scanning firfoxs settings and became unresponsive. After letting it sit for just a couple of minutes, I tried to restart the computer. Everything froze except for the pointer. I had to hold down the power button to get it off.
#26
Posted 06 August 2011 - 08:44 AM
I think you also have some system problems as well
Could you re-run AVP but just do the second part (the analysis run)
Then attach the zip file
Could you re-run AVP but just do the second part (the analysis run)
Then attach the zip file
#27
Posted 06 August 2011 - 02:28 PM
Here it is.
Attached Files
#28
Posted 06 August 2011 - 02:36 PM
Not a great deal showing there, I feel your best bet would be to invest in some more RAM
- Re-run AVPTool
- Select the Manual Disinfection tab and press Script execution
- Where it states Insert text script in the following box copy the below script and press Run script
Copy from Begin until End
begin SetAVZPMStatus(True); SetAVZGuardStatus(True); SearchRootkit(true, true); DeleteFile('C:\Documents and Settings\Administrator\Local Settings\Temp\_uninst_93306840.bat'); BC_DeleteFile('C:\Documents and Settings\Administrator\Local Settings\Temp\_uninst_93306840.bat'); BC_ImportDeletedList; BC_ImportAll; ExecuteSysClean; BC_Activate; RebootWindows(true); end.
- Your system will reboot on completion, if it does not please do so yourself
- On completion please run another analysis scan and attach the zip file
#29
Posted 06 August 2011 - 03:29 PM
Being an unemployed college student, money is scarce lol. RAM isn't high on my list. This computer isn't actually slow though, it runs videos great, the internet is decent, it does stall sometimes though, and I don't play games on it. But it would definitely be nice.
Its only been freezing up since the virus and running the scans.
It froze on startup. So I turned it off, back on and now it says it found new hardware and wants to install software for "unknown". I just left it open.
Also I started the Automatic scan on accident, and it didn't stop it this time. I stopped it myself since I wasn't instructed to do that scan. I think it's possible now though. I did another manual disinfection scan and opened the report sending folder. There was only one zip file, seems like there should be two, but this one is 1kb smaller so I guess they're different.
Its only been freezing up since the virus and running the scans.
It froze on startup. So I turned it off, back on and now it says it found new hardware and wants to install software for "unknown". I just left it open.
Also I started the Automatic scan on accident, and it didn't stop it this time. I stopped it myself since I wasn't instructed to do that scan. I think it's possible now though. I did another manual disinfection scan and opened the report sending folder. There was only one zip file, seems like there should be two, but this one is 1kb smaller so I guess they're different.
Attached Files
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users