Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

XP Antivirus 2012 nightmare infection/please help/can't run log [C


  • This topic is locked This topic is locked

#1
sasba858

sasba858

    Member

  • Member
  • PipPip
  • 72 posts
I can not create a log by way of the OTL tool, because I am so badly infected. I am typing this post on another computer. On my infected laptop my Internet Explorer will not open to allow me to get in your website to download the OTL tool. If there is any other bypasses I am open for suggestions on trying them. In an effort to gain back access to the internet, I asked windows to return to the last working configuration but still this "XP Antivirus 2012 - unregistered version" popup is still showing up automatically scanning, and turning my Firewall OFF and Virus Protection OFF. Also, it might not be safe to run OTL tool and post a log anyway, because the Firewall is disabled and can not be enabled.

Here are some things that are happening.

The main popup starts running a scan that finally says the following:

XP Antivirus 2012 - unregistered version
33 infections (with list of 33 infections malware, worms, etc...)
Firewall - OFF
Virus protection - OFF



I can open my Avast up and do a scan even though the Avast icon in my tray has a yellow ! marked in it, but in Avast the Real Time shield is turned OFF, and I am not being allowed to turn it ON.


When I try to open Malwarebytes, or Windows XP firewall I get an Avast security recommendation I get a popup box with this message:

File: C:/documents and settings/my name/...dty.exe

Open By: C:Windowsexplorer.exe


I have also read this popup somewhere:

WIN 32: ALUREON-AOWCRTK INFECTION

Object C:/WINDOWS/SYSTEM32/DRIVERS/1PSEC.SYS




Any and all help would be deeply appreciated.

Edited by sasba858, 17 December 2011 - 02:49 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there before we begin do you have a USB flash drive you can use ? Or failing that a CD

On the Host (good one you are using ) Computer download the following programme to protect it during the file transfer stages. Whilst this programme is running ensure you have the USB plugged in

Download Panda vaccinate from here
Follow the instructions on the page to protect the host computer and the USB

Once done download the following programmes to the USB and run them on the sick computer from the USB

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


IF BOTH SHOULD FAIL

OK next we will work outside of windows then Please print these instruction out so that you know what you are doing
  • Download OTLPENet.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start
  • Drag and drop this attached scan.txt into the Custom scans and fixes box, or double click the scan box
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#3
sasba858

sasba858

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Thanks so much Essexboy for the quick reply and help.

I do have a USB flash drive and will try following your post then get back with you when I am finished, are have any problems along the way.
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The roguekiller run should enable you to run the OTL programme, unless it is a new resistant variant in which case we will need to work outside of windows
  • 0

#5
sasba858

sasba858

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Should I run the Panda on my Host (good one I am using ) Computer before pulling out the flash drive and transferring it into my sick computer and running the Panda there?

Edited by sasba858, 17 December 2011 - 04:43 PM.

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes run Panda on the clean computer, at this stage no requirement to run it on the poorly one
  • 0

#7
sasba858

sasba858

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
I have been trying to get the my Lexar jump drive with the downloads on it to work in the sick computer but it won't let me pull it up.

These are the options I get from the USB jump drive when I click on it in my tray with the sick computer:
(None of them below will open up up the Panda or any else on the USB jump drive)

1. USB Mass Storage Drive

2. Lexar Jumpdrive USB Device

3. Geneic Volume (D:)

Edited by sasba858, 17 December 2011 - 05:24 PM.

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK can you burn a cd and go to the OTLPE step
  • 0

#9
sasba858

sasba858

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts

OK can you burn a cd and go to the OTLPE step


Ok, I just burned the CD. I am confused about the next part. Does it mean to reboot my host computer that has the burnt CD in it, or just take the CD out of my host computer and do that process on the sick computer?
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Use the CD to boot the sick computer - once I have looked at the data I should be able to give you a quick fix to stabilise it
  • 0

Advertisements


#11
sasba858

sasba858

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
So I guess you are saying that I can remove the CD from the Host computer, and just insert it in the sick computer.Is that correct?

The I sick computer is a Dell Vostro 1520, and my Setup utility is Phoenix Securecore ™ I can enter this Setup Utility by tapping the F2 key. Are you familar with "Phoenix Securecore setup utility" because it is not like any of screens in the (How to Set BIOS to Boot from CDROM) link in your post above?
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That is correct, no I am not familiar with that bios

However, when you get into the bios this is the page where you change the boot order. You need to have the CD as first boot

Page 37 here
  • 0

#13
sasba858

sasba858

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
I did that and it now has the following thing happening.

STARTING REATOGO-X-PE

Okay! Now I have REATOGO-X-PE installed with the icons showing up on the left side of the screen.

I will follow instructions and get back to you.

Edited by sasba858, 18 December 2011 - 11:43 AM.

  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Thats right it will take several minutes to boot the computer to the reatogo desktop
  • 0

#15
sasba858

sasba858

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
I have the data on the notepad, but I do not know how I can get it to this website since the sick computer does not have a internet connection.

My usb flash drive is not being recognized when I insert it into the sick computer like it normally would using windows. Do you have any other suggestions as to copying the log in the notepad?

Edited by sasba858, 18 December 2011 - 01:00 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP