Help needed very little computer skills
Posted 19 February 2012 - 06:31 AM
Posted 19 February 2012 - 01:03 PM
Download OTL from
and Save it to your desktop.
Run OTL (Vista or Win 7 => right click and Run As Administrator)
select the All option in the Extra Registry group then Run Scan.
You should get two logs. Please copy and paste both of them.
Can you run Combofix?
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:
:!: It must be saved to your desktop, do not run it :!:
:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html
Download and Save this file -- to your Desktop -- from either of these two sources:
Doubleclick on ComboFix to start the program.
* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.
Can you post the MBAM log?
IF all else fails I expect this is a variation of the Bundespolizei fraud so you might be able to fix it by following the isntructions here:
Posted 20 February 2012 - 11:06 AM
Type with an Enter after the line:
Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains. Go to Startup tab and uncheck everything. OK and
reboot. Cancel msconfig when it comes up.
Then see if you can run OTL or combofix. If not then try one of the bootable CD scans:
Posted 21 February 2012 - 06:59 AM
Posted 21 February 2012 - 10:29 AM
Not sure what indagoupdater.exe is and datamn~1.exe is probably something you don't need but don't think it's the bug.
Can you get into Safe Mode with Command prompt and follow these instructions?
Posted 21 February 2012 - 04:22 PM
Posted 21 February 2012 - 05:57 PM
If none of the safe mode options will work then you will need to boot from a CD or USB drive (if your PC is new enough that that is also an option). I would try Hiren's boot CD.
Download, save and then right click on it and Extract All. Click on BurnToCD.cmd and follow the instructions to burn the CD. Then move the CD to the sick PC and boot off the CD. (You may need to change the boot order so the CD drive comes before the hard drive. See: http://www.hirensboo...-order-in-bios/ )
Select the miniXP option.
That will allow you to get in to modify files. We don't want to delete the bad files. Just replace them with renamed copied of explorer.exe.
Also check 'Start Up' in the start menu - these you can delete.
Apparently this thing is mutating rapidly. You may also need the off-line registry editor:
Also get PC Regedit
from the link on the lower half of this page:
If you boot from it following the instructions then you can check the registry values mentioned here:
Note: They say to look at
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ could also be infected.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users