[triedeverything]

My wifes laptop has been infected, no programs will open at all.
She was surfing a celebrity gossip site & suddenly a warning box poped up saying she is infected.
A fake malware removal came up which shows many viruses then tells her to purchase the program to remove.
A small ballon box pops up @ bottom stating TCrdMain.exe can not start is infected by W32/Blaster.worm.
Another warning bow pops up stating firewall warning hidden file transfer to remote host detected.
The laptop is a Toshiba windows vista, she uses firefox to surf.
Geekstogo has helped me in the past & I hope the results with this situation will be as wonderful as previously.
Thankyou in advance

[Advertisements]

Hi
. I'm Michael and I'm going to help you fix your computer

Note: Before we start the process you should:

• POST your logs, don't attach them, as it makes it harder to read. Also please don't edit any log in any case
• Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
• Topics that are idle for 4 days after I post instructions will be closed, unless I'm notified of the delay.
• Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.

I'd suggest you keep this computer disconnected from the Internet as far as possible, to prevent further re-infections.
If you are going to disconnect the computer from the internet, you can use another clean computer to transfer your programs to the infected one.


Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply


Also in Desktop there should be a file called MBR.dat after that, zip it and then attach it here



Next:


OTL Custom Scan

• Download OTL to your Desktop
• Double click on the icon to run it.
• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top, make sure Stadard output is selected.
• Select Scan all users
• Check the boxes beside LOP Check and Purity Check.
• Under the Custom Scans/Fixes box copy and paste this in:
  
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  CREATERESTOREPOINT
  
• Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open OTL.Txt in Notepad window.
• Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

[michaelg9]

Hi
. I'm Michael and I'm going to help you fix your computer

Note: Before we start the process you should:

• POST your logs, don't attach them, as it makes it harder to read. Also please don't edit any log in any case
• Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
• Topics that are idle for 4 days after I post instructions will be closed, unless I'm notified of the delay.
• Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.

I'd suggest you keep this computer disconnected from the Internet as far as possible, to prevent further re-infections.
If you are going to disconnect the computer from the internet, you can use another clean computer to transfer your programs to the infected one.


Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply


Also in Desktop there should be a file called MBR.dat after that, zip it and then attach it here



Next:


OTL Custom Scan

• Download OTL to your Desktop
• Double click on the icon to run it.
• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top, make sure Stadard output is selected.
• Select Scan all users
• Check the boxes beside LOP Check and Purity Check.
• Under the Custom Scans/Fixes box copy and paste this in:
  
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  CREATERESTOREPOINT
  
• Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open OTL.Txt in Notepad window.
• Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

[triedeverything]

Hi Michael, thanks for the reply my daughters boyfriend resolved the issue w/ the laptop.
You can close this post, thanks again.

[michaelg9]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.