Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Infected! Can't open or download any file! HELP! [Sol


  • This topic is locked This topic is locked

#1
bluehammer

bluehammer

    Member

  • Member
  • PipPip
  • 13 posts
Hi,

Got a virus or Trojan somehow. Searched the internet and tried multiple ideas to correct this problem, but nothing seems to help.
I read some of the topics that sounded like my problem, but just keep running into walls.
I tried to run the exehelper and rkill files, but none of them will work. Tried using the Vipre Rescue but it would not unzip.
When I try to run a program or try to download a program, the User account control box pops up. It is asking if I want the program to make changes to this computer and I'll pick the 'Yes' box, the box dissappears and nothing else happens.
All programs that I already have on my computer (Ad-Aware,Mozilla Firefox,Incredimail,Excel, etc.) will not open. The only program that I have been able to open is the calculator. I found 2 Internet Explorer programs in my program list, Internet Explorer and Internet Explorer(64-bit).
The Internet Explorer will not open but the Internet Explorer(64-bit) will.
NEED HELP!!!!!

Edited by bluehammer, 03 February 2012 - 11:17 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK using the 64bit explorer do the following
Try the programme two or three times.. If it still fails then rename it to winlogon

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix

    Posted Image
  • The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.

THEN

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

FINALLY

Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
bluehammer

bluehammer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
i can not get Roguekiller to run, even if I rename it Winlogon. When I try to run it, UAC box pops up, I pick YES, the UAC goes away and nothing happens.
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Can you access safe mode ?
  • 0

#5
bluehammer

bluehammer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Yes
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Can you try roguekiller from there please
  • 0

#7
bluehammer

bluehammer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Doesn't work. Roguekiller renamed as Winlogon and tried to run it as administator.
Windows orb pops up for 3-4 seconds and then goes away and nothing else happens.
The only difference now is that the UAC doesn't pop up.
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK from safe mode lets try this.. If it fails do you have access to another computer to download and burn a CD ?

Note: If using Firefox right-click on any download links and choose Save As

Please download OTH to your desktop

Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.

Posted Image

Then select Start OTL. OTL will now run

Paste in the custom scan and then run scan
  • 0

#9
bluehammer

bluehammer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTC will not start. I do have access to another computer but it does not have a CD drive.
Can I use a flash drive?
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It just so happens that we have a variation that will work from USB

IMPORTANT:
You will need a flash drive with a size of 512 Mb or bigger. Make sure that you do not leave anything important on the flash drive, as all data on it will be deleted during the following steps.

    • Download OTLPEStd.exe from the following link and save it to your Desktop: mirror1.
    • Download eeepcfr.zip from the following link and save it to your Desktop: the mirror
    • Finally, if you do not have a file archiver like 7-zip or Winrar installed, please download 7-zip from the following link and install it: the mirror
  • Once you have 7-zip install, decompress OTLPEStd.exe by rightclicking on the folder and choosing the options shown in the picture below. Please use a dedicated folder, for example OTLPE, on your Desktop

    Posted Image

  • Open the folder OTLPEStd which will be created in the same location as OTLPEStd.exe and right-click OTLPE_New_Std.iso. Select 7-Zip and from the submenu select Extract files... and extract the content onto your Desktop in a OTLPE folder:

    Posted Image

  • Please also decompress eeepcfr to your systemroot (usually C:\).
  • Empty the flash drive you want to install OTLPE on.
  • Go to C:\eeecpfr and double-click usb_prep8.cmd to launch it.
  • Press any key when asked to in the black window that opens.
  • As indicated in the image, make sure you have selected the correct flash drive, before proceeding.
    For Drive Label: type in OTLPE.
    Under Source Path to built BartPE/WinPE Files click ... and select the folder OTLPE that you created on your Desktop.
    Finally check Enable File Copy.

    Posted Image


  • Click on Start, accept the disclaimers and wait for the program to finish.
Your bootable flash drive should now be ready!

THEN

Ensuring that the sick computer is set to boot from USB
details here

Insert the drive and start the computer

  • As the PE needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.Note : as you are running from USB it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

Advertisements


#11
bluehammer

bluehammer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I now have a problem making the bootable flash drive. The PeToUSB program doesn't recognize the flash drive so I can't select it as the destination drive. I can see it as a drive in 'my computer'. What am I doing wrong?
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Try this

Right-click PeToUSB and select "Run as Administrator"
  • 0

#13
bluehammer

bluehammer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
When I run the usb_prep8.cmd file as admin, The black box pops up, I press any key and another black box pops up instead of the PeToUSB box. This new black box says 'Prepares Windows XP localsource for copy to USB' and gives me choices 0,1,2,3,4,5,F and Q. Do I select one of these?
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Slightly different instruction here could you try these http://forums.majorg...ad.php?t=216844

If that should fail then rename Roguekillere to iexplore
  • 0

#15
bluehammer

bluehammer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
i renamed RogueKiller as iexplorer and tried to run it as admin in safemode. The windows orb popped up for about 5 sec and then went away and nothing else happened. I watched Roguekiller pop up in the the task manager processes tab, but after 5 seconds, it disappeared.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP