Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"please wait while the connection is being established" virus


  • This topic is locked This topic is locked

#1
tattwin

tattwin

    Member

  • Member
  • PipPip
  • 16 posts
Hi everybody,
I'm too dealing with this. I appreciate so much your help.

I already tried a few things before... unfortunately i hadn't found you guys at the time!


I had the virus and wouldn't allow me to do anything.
I used avira (found a guide that suggested doing so) and now i can get into safe mode.
i run malwarebytes' anti-malware, which fixed an issue... but i could't update it since i have no internet connection while on safe mode.
(if I run safe mode with net access i had no desktop icon, menu, right click, task manager etc)

so I run farbar recovery system tool, and here's the log.

hope you can help me, thank you for your time!



*edited for clarity

Attached Files

  • Attached File  FRST.txt   15.66KB   114 downloads

Edited by tattwin, 05 June 2012 - 05:10 AM.

  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello tattwin and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

For this step you will need another, clean, PC and blank CD. You will burn this tool on CD on clean PC and then use this CD to do scan on your infected system. Please print these instruction out so that you know what you are doing

  • Download OTLPEStd.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\\OTL.txt file in your reply.

Step 2

Please don't forget to include these items in your reply:

  • OTL log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
tattwin

tattwin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi Maliprog,
thanks for your assistance.

Ujnfortunately I did not have luck with OTLPE.

At step 11
11.Ensure the box "Automatically Load All Remaining Users" is checked and press OK

I got the following error:
Registry Access Error, ret=1017:
The system has attempted to load or restore a file into the registry, but the specified file is not in a registry file format.


:(
  • 0

#4
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
That was easy way. Please try these two steps now in Safe Mode. If you manage to run both tools then try to start your system in Safe mode with networking and let me know results.

Step 1

We need to disable malware processes on your system first

  • Download TheKiller to your Desktop
  • Note that TheKiller is renamed as explorer.exe
  • Run it by double click (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Press OK button after program finish
  • Do not restart your system after this step
NOTE: If malware blocks TheKiller from running please try to run it several more times


Step 2

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#5
tattwin

tattwin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Just to make sure: what desktop do i run The Killer from?
the CD boot operative system Reatogo desktop that contains OTL?
Because on safe mode of
Course i have no desktop/icons... So i would have to run it from the prompt.

Thank you
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please try to run both steps from your infected desktop if there is a chance. Leave bootable OTLPE CD for now. We will get to it later again.

Let me know if you manage to run tools.
  • 0

#7
tattwin

tattwin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Run TheKiller from safe mode, here's the log
(you dodn't ask for it... but just in case!)

Attached Files


  • 0

#8
tattwin

tattwin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
After running TheKiller, I had no prompt, BUT i found out TaskManager worked now.

From then I run OTL.

Here's the log!

THANKS!!!

Attached Files

  • Attached File  OTL.txt   66.44KB   52 downloads

  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Good job! Let's continue.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKLM\..\Toolbar: (Protection Bar) - {F06E2ABE-3A50-4079-BE25-FC100D9EAA25} - File not found
    O4 - HKLM..\Run: [dlxVLNiTSbbfN8U] File not found
    O4 - HKU\.DEFAULT..\Run: [dlxVLNiTSbbfN8U] File not found
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\user\Dati applicazioni\Apple_Store.exe) - File not found
    O20 - HKU\.DEFAULT Winlogon: UserInit - (\Apple_Store.exe) - File not found
    [2012/06/02 17.31.15 | 000,235,008 | ---- | C] (tfytfyffytf) -- C:\Apple_Store.exe.vir
    [2012/06/02 17.14.48 | 000,235,008 | ---- | M] (tfytfyffytf) -- C:\Apple_Store.exe.vir


    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles
Step 2

Please restart Windows in Normal mode now. Update Malwarebytes and do Quick Scan. Post log after the scan.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • Malwarebytes log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#10
tattwin

tattwin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Run OTL.
rebooted:

-ASDTray.exe missing component error dialog message.
-no icons on desktop, everything else seems ok.

here's the OTL log

Attached Files


  • 0

Advertisements


#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Do Malwarebytes scan and post log.

After that download Unhide.exe from here to your desktop and run ti. It should unhide all your files/icons.

Let me know results.
  • 0

#12
tattwin

tattwin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
also, windows informs me there were 2 microsoft visual c++ errors


here's the malwarebytes's log:

Attached Files


  • 0

#13
tattwin

tattwin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
here's unhide log

icons are back!

what do i do with the malwarebyte results?

Thanks!!!!!!!!!!!!!!

Attached Files


Edited by tattwin, 06 June 2012 - 01:32 PM.

  • 0

#14
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please remove all what Malwarebytes found. Restart your system after this and let me know if you still get errors from Windows. Write it down for me as you did before so I can try to find solutions for them.
  • 0

#15
tattwin

tattwin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
done!
the only error I still get is:

ASDtray.exe - impossible to find component
Can't start the programm. MSVCP100.dll not found. Reinstalling program could fix the issue.

looks like it refers to anvisoft anvi smart defender. Can I just uninstall it?

So far everything else seems to be working!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP