[MVPExchange]

I have the Windows Recovery Virus. I have followed several different instructions on how to fix it but it is not working.

I ran the rkill.scr.
When I run the TDSS killer, no infections are found.
When I run the Malwarebytes Anti Malware program the only thing that comes up is the PUM.Hijack.startmenu, which doesn't seem to be the problem.

I have tried everything in both normal mode and safe mode but nothing is locating the actual virus.

Any help would be appreciated. I am running Windows 7.

Thanks,
Jon

[Advertisements]

Hi there three programmes for you to run

• Download RogueKiller and save it on your desktop.
• Quit all programs
• Start RogueKiller.exe.
• Wait until Prescan has finished ...
• Click on Scan

• Wait for the end of the scan.
• The report has been created on the desktop.
• Click on the Delete button.

• The report has been created on the desktop.

• Next click on the ShortcutsFix
  
  
• The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.

THEN

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Under the Custom Scan box paste this in
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  consrv.dll
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  C:\Windows\assembly\tmp\U\*.* /s
  %Temp%\smtmp\1\*.*
  %Temp%\smtmp\2\*.*
  %Temp%\smtmp\3\*.*
  %Temp%\smtmp\4\*.*
  CREATERESTOREPOINT
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

FINALLY

Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply

[Essexboy]

Hi there three programmes for you to run

• Download RogueKiller and save it on your desktop.
• Quit all programs
• Start RogueKiller.exe.
• Wait until Prescan has finished ...
• Click on Scan

• Wait for the end of the scan.
• The report has been created on the desktop.
• Click on the Delete button.

• The report has been created on the desktop.

• Next click on the ShortcutsFix
  
  
• The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.

THEN

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Under the Custom Scan box paste this in
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  consrv.dll
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  C:\Windows\assembly\tmp\U\*.* /s
  %Temp%\smtmp\1\*.*
  %Temp%\smtmp\2\*.*
  %Temp%\smtmp\3\*.*
  %Temp%\smtmp\4\*.*
  CREATERESTOREPOINT
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

FINALLY

Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.