Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hitman Pro caused fatal system error c000021a trying to remove t5rc.dl


  • Please log in to reply

#31
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,794 posts
  • MVP
Start, Run, services, OK

You should be able to find

LiveUpdate
Automatic LiveUpdate Scheduler

right click on each and select Properties then change Startup Type: to Disabled then APPLY.

That should stop the services from trying to start.

If it's running OK then I think we are done and can clean up:

e need to clean up System Restore.

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Run OTL. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.


Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

Advertisements


#32
Sunny7

Sunny7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Hey, Ron, lately it seems I get back to this computer about once a week to work on it. Sorry for the delays.

When I do "Start, Run, services, OK" - nothing happens. Am I missing something?

I did delete all of the old Adobe stuff, and tried to install new versions of everything.

Thanks for the tip about disabling Javascript in Adobe- I think I had problems before with something malicious loading on my computer with javascript.

Can you explain what this stuff is? - "Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them."

I will continue with the clean-up after we get the live update and services squared away. By the way, I started using the hippo app on both of my computers. Thanks!

Edited by Sunny7, 22 February 2012 - 12:11 PM.

  • 0

#33
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,794 posts
  • MVP
see if Start, Run, services.msc, OK will work.

Here's an article on P2P:
http://www.esecurity...2p_file_sharing

IF you don't have any P2P software there is nothing to worry about. Here is a list of the most popular at this time:


Ares 2.1.8

BearShare Lite 5.2.5

BitComet 0.99

Cabos 0.8.2

DC++ 0.791

eMule 0.50a

FrostWire 5.3.2

iMesh 11.0

LimeWire Basic 5.5.16

Shareaza 2.5.5.0

uTorrent 3.1.2 Build 26763

Vuze 4.7.0.2
  • 0

#34
Sunny7

Sunny7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
OK, I get it now, P2P is peer to peer file sharing. Duh! I've never partaken of any of these programs, unless my computer was hijacked with some of this malware:-(.

I was able to disable the 2 references to Live Update "LiveUpdate & Automatic LiveUpdate Scheduler,'" and Norton seems to update OK, so it must be using a different version of Live Update. Thank you.

I reviewed all of your prior instructions and these are things I have not done yet, but maybe they are not necessary based upon the latest postings of my logs. I don't think that you have found any more instances of malware on my system.

Should I do any of the following or just continue with instructions to clean up since we are done? I feel pretty good about things, but you are the expert!

From your February 1st post...

"Clear the Java Cache by following the instructions on
http://www.java.com/...ugin_cache.xml"

NOTE: We did the following commands using OTL about java cache in the post on Feb.15th, so the above instruction was probably done with these commands:
:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[RESETHOSTS]


From your January 30th post...

"Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here."

Thank you again for your time and patience. You are a gem!
  • 0

#35
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,794 posts
  • MVP
Clear the Java Cache - I've had some cases where OTL did not do a good job. Other than that we are finished.
  • 0

#36
Sunny7

Sunny7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Hi Ron!

I deleted the java cache per your instructions.
I cleared the restore points with OTL.

I was not able to use your command to uninstall combofix, because Norton had quarantined it, as soon as I installed Norton. So right now when I do a search of *combofix*, I find a folder called C:\combofix and the quarantined stuff in a folder called C:\Qoobox. What is the best way to clean this up?

I could try to use Norton to restore it from Quarantine, and then try to use your command to uninstall it or should I just delete the C:\combofix folder? I guess this is how stuff gets left behind on a computer.

Thanks.
  • 0

#37
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,794 posts
  • MVP
You can just delete the two folders.
  • 0

#38
Sunny7

Sunny7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Hi Ron,

Thank you again for all of your help! I have learned a lot, and I am so grateful that there are people like you willing to help us (as opposed to those who destroy our computers with viruses and malware). Thank you! Thank you! Thank you!

I have 2 final questions for future reference:

1. Is there a way to save this entire thread of my topic for later perusal? I don't know how long these posts are kept on the website's forum, but I would like to be able to refer back to it.

2. Are there any free anti-virus/anti-malware products that you would recommend as a second or third scanner on my system to be run periodically. I always keep my security software up-to-date, but you know how easy it is to infect a computer these days.
  • 0

#39
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,794 posts
  • MVP
If you right click on it and select View page Source then you can File, Save. You would have to do that for each page of your thread so total of three files.

I would run Malwarebytes' Anti-Malware once in a while and perhaps the ESET online scan:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

The AVG Rescue CD is nice. http://www.geekstogo...ystem-tutorial/

You boot off it and it can update its database then scan your system without Windows being up so malware can't hide.
  • 0

#40
Sunny7

Sunny7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Do you really want me to post the logs from ESET Online Scanner or were those lines of "stock replies" for helping people with their computer problems?
  • 0

Advertisements


#41
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,794 posts
  • MVP
stock reply
  • 0

#42
Sunny7

Sunny7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Bless you and thank you! :cheers:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP