[CompCav]

It killed them didn't it??

[Advertisements]

Reboot into normal mode and try to run everything as listed in Post #6


Regards,

CompCav

[CompCav]

Reboot into normal mode and try to run everything as listed in Post #6


Regards,

CompCav

[UndoubledZim]

its still killing them taking awhile (either that or its frozen at 3/4th of the way )

all of them except VIrtool:js/obfuscator.CA have a recommended action of remove but that one has quarantine

[CompCav]

Let all the recommended actions be done then when it finishes you can reboot into normal mode and do the steps in Post #6

I am glad it is finding these and I am hopeful we will be able to work on finishing the cleanup with our normal tools in normal mode!!!(Fingers crossed)


CompCav

I am teaching tomorrow so need to get to bed now. Will post again if I can before 6am Central time and if not some time around 3pm Central time.

[CompCav]

If you can make note of what some of there names are no need for all.


Thanks,

CompCav

[UndoubledZim]

well I still can't seem to open roguekiller = (

most of the things it fixed were Exploits in java it looked like I already restarted before I read your post though so I don't know how to get the names back

[CompCav]

That is OK can any programs run??

[UndoubledZim]

none of the antivirus things will seem to be in the same boat as before

Edit: I put the CD back in and it shows the history

Quarantined
Trojandownloader:HTML/Renos
Exploit:html/Iframeref.Y
Trojandownloader:java/openconnection.HC
exploit:java/cve-2010-0840.BZ
virtool:js/obfuscator.CA

some others that were removed

rogue:win32/fakerean
trojan:win32/alureon.FK
trojan:win32/malagent

all the rest were Exploit:java/CVE etc

Why would it quarantine them should I try to make it remove them or are they harmless once quarantined

Edited by UndoubledZim, 22 March 2012 - 10:02 PM.

[CompCav]

Let's try this:


Step 1.

• download the CleanAutoRun utility to your good computer and transfer it with your USB drive to your ailing computer desktop.
• run the utility by right clicking the icon and selecting Run as administrator...
• after the utility window appears on the screen, press any button to finish the process.
• Reboot and try to run any program. I f they work run RogueKiller followed by OTL.

If that works let me know if not go on to Step 2.


Step 2.

Download AVPTool from Here to the desktop of your good computer, rename it AVP, and transfer it to the desktop of your ailing computer.

Run the program

First we will run a virus scan

Click the cog in the upper right



Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan


Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information



On completion click the link to locate the zip file to upload and attach to your next post




Step 3.


Please post the log and attach the zip file to your next reply.

Please update me on how the computer is performing.

[UndoubledZim]

cleanautorun opens a command prompt which instantly disappears

AVP asks if I want to allow it then doesen't do anything

Edited by UndoubledZim, 22 March 2012 - 10:51 PM.

[UndoubledZim]

also would it be safe to run that CD on my clean computer just to be sure its clean?

[CompCav]

Step 1.

Download and Install Combofix

Download ComboFix from one of the following locations to the desktop of your good computer:

Link 1
Link 2

Copy ComboFix onto your USB drive and then insert it in the ailing computer and copy it to the desktop.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Click the Windows Key + R at the same time and the run box will open.

Type the following command in the box "%userprofile%\desktop\combofix.exe" /killall then hit ENTER

Important: Make sure you include the quotation marks and a single space before /killall

When finished, it shall produce a log for you. Post that log in your next reply.


Accept the disclaimer and allow to update if it asks





When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.



Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

After the run you may have internet problems or access to something problems. Simply reboot the computer.

Please post the log in your next post.

If it does not run go on to Step 2.


Step 2.

• If the previous run of CombFix did not work we will use a script to initiate the tool.
• Download CFScript.txt to your good computer and put it on your USB drive.
   CFScript.txt   9bytes   251 downloads
• Copy CFScript.txt to the desktop of your ailing computer.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


If neither Step 1 or 2 ran please go on to Step 3.


Step 3.

We have tried several tools and have not corrected the problem. Since this has been taking a long time with no real progress it would be more efficient to reformat and reinstall using your recovery partition. This would require backing up all your data. If you are willing to start focusing on this solution please let me know.

Also here are a few questions concerning the preparation for this step:

Have you already made a backup of your data or do you need to do that?

Do you need help backing up your data?

Since windows is not working properly to go to recovery from within your normal mode windows we will need to access it on boot up or, if that is also corrupted, from a set of recovery disks. Did you make and do you have a set of recovery disks?


Regards,

CompCav

[CompCav]

Typically we only use bootable tools when we cannot run our "Normal Mode" tools. I would recommend that you do a scan with your existing antivirus after updating the definitions. As another look you could download and install MalwareBytes tool. Do not accept the trial unless you want the paid version when you install it using this process:

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

[UndoubledZim]

Well step 1 and 2 didn't work. I really have no idea about anything concerning system reformatting, but im willing to do it if it will make the computer run. I really don't have any information that I need to have preserved.

The system didn't come with any system restore disks that im aware of, and me being the idiot that I am never thought to make any.

[CompCav]

The system didn't come with any system restore disks that im aware of, and me being the idiot that I am never thought to make any.

Don't be too hard on yourself, we will deal with this as it comes. Very few people prepare the disks until an event like this so please do not feel bad.

I will be back with a path forward later today or late tomorrow. Thank you for your patience and perseverance.


Regards,

CompCav