Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Bunch of Trojans: Downloader, FakeAlert, DNSchanger, BHO, Agent, PUM.h


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run it from safe mode ?
  • 0

Advertisements


#17
Garrett33

Garrett33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
I can sure try! lol
  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How much RAM do you have on your computer ?
  • 0

#19
Garrett33

Garrett33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
448MB of RAM, on a Mobile AMD Sempron, 1.79GHz

Safe mode did not work. It restarted and asked how to start, tried safe mode with networking, didn't start. So I started windows normally.
  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK Lets try another analysis programme slightly different to the first

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is too large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Check the box that says Scan All Users
  • Under Additional Scans check the following:
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

  • Under the Custom Scan box paste this in


    %SYSTEMDRIVE%\*.exe
    /md5start
    volsnap.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    CREATERESTOREPOINT

  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.
  • 0

#21
Garrett33

Garrett33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
It starts scanning then gets to: Scanning HKEY_USERS\a bunch of numbers\Internet Explorer settings, and becomes unresponsive.
  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It looks as though the only way we are going to find out what is wrong is to work outside of windows... Can you burn a programme to a CD ?

Please print these instruction out so that you know what you are doing

Latest version: v3.1.46.0

OTLPENet.exe
MD5=79209302A1AFB2490808DB890A815CED
Size: 127,222,215b / 121.3MB

  • Download the attached scan.txt to a USB drive
  • Download OTLPENet.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)

  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Double click the Custom scans and fixes box
  • In the dialogue locate the scan.txt you have on the USB
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#23
Garrett33

Garrett33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
I followed all the steps correctly, but when I got to step 8 there was no OTLPEN.exe. Instead there was OTPLE, so I opened that assuming it was the same thing. Step 10: It did not ask me if I wish to load remote registry. I was asked step 11. Then there was no box to automatically load all remaining users. I just restarted the computer cause I'm afraid of messing something up lol.
  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Continue as you were, there will be slight variations dependant on the system

Run OTLPE and when the log has generated post that here please
  • 0

#25
Garrett33

Garrett33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
It started scanning firfoxs settings and became unresponsive. After letting it sit for just a couple of minutes, I tried to restart the computer. Everything froze except for the pointer. I had to hold down the power button to get it off.
  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I think you also have some system problems as well

Could you re-run AVP but just do the second part (the analysis run)
Then attach the zip file
  • 0

#27
Garrett33

Garrett33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Here it is.

Attached Files


  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Not a great deal showing there, I feel your best bet would be to invest in some more RAM

  • Re-run AVPTool
  • Select the Manual Disinfection tab and press Script execution
    Posted Image
  • Where it states Insert text script in the following box copy the below script and press Run script
    Copy from Begin until End
    Posted Image
    begin
    SetAVZPMStatus(True);
    SetAVZGuardStatus(True);
    SearchRootkit(true, true);
     DeleteFile('C:\Documents and Settings\Administrator\Local Settings\Temp\_uninst_93306840.bat');
     BC_DeleteFile('C:\Documents and Settings\Administrator\Local Settings\Temp\_uninst_93306840.bat');
    BC_ImportDeletedList;
    BC_ImportAll;
    ExecuteSysClean;
    BC_Activate;
    RebootWindows(true);
    end.

  • Your system will reboot on completion, if it does not please do so yourself
  • On completion please run another analysis scan and attach the zip file

  • 0

#29
Garrett33

Garrett33

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Being an unemployed college student, money is scarce lol. RAM isn't high on my list. This computer isn't actually slow though, it runs videos great, the internet is decent, it does stall sometimes though, and I don't play games on it. But it would definitely be nice.
Its only been freezing up since the virus and running the scans.

It froze on startup. So I turned it off, back on and now it says it found new hardware and wants to install software for "unknown". I just left it open.

Also I started the Automatic scan on accident, and it didn't stop it this time. I stopped it myself since I wasn't instructed to do that scan. I think it's possible now though. I did another manual disinfection scan and opened the report sending folder. There was only one zip file, seems like there should be two, but this one is 1kb smaller so I guess they're different.

Attached Files


  • 0

#30
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Actually RAM is quite cheap a 1GB stick comes out at around £8.00 or $15.00 if you go to crucial and run the scanner it will tell you what type and how much

Does it give an indication of what hardware has been found ?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP