Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unknow virus found + Trojan Horse [Solved]


  • This topic is locked This topic is locked

#31
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

The below is probably a factor but not a lot we can do about that unless you actually install some upgraded Memory Modules(RAM - random access memory). Though Microsoft claims XP will run with a mere 128 MB installed in my humble opinion a bare minimum of 1 GB is far better and or as much as any one machines actual motherboard can support. For example in the past with older Dell rigs I once owned running XP(Dimension 2400 & 3100 respectively), had 2 GB of RAM installed etc.

494.42 Mb Total Physical Memory | 117.52 Mb Available Physical Memory | 23.77% Memory free
1.13 Gb Paging File | 0.72 Gb Available in Paging File | 64.09% Paging File free

You could check with Crucial, they have a small scanner(CrucialScan.exe) which is perfectly safe to download and run. Which will advise if your system can support any upgraded memory modules. Though were you could actually purchase some in your current locale I have absolutely no idea I'm afraid.

I think we can actually rule out the actual Hard-Drive free space as the C drive had more than enough now:-

Drive C: | 19.53 Gb Total Space | 9.17 Gb Free Space | 46.93% Space Free | Partition Type: NTFS

Though if I recall the actual drive is in need of some in-depth maintenance, so we will proceed with that.

For the time being we will leave attempting to install the Recovery Console as I do not think we will actually need to run ComboFix again. Not ideal but these things do happen. If in the event we do need to access the aforementioned Recovery Console, we could always do so via your actual XP Installation CD-ROM. For interest sake If memory serves correctly you can also actually install the Recovery Console using the XP Installation CD-ROM, however that would most likely be problematic and we would encounter the exact same problem.

My only real concern would be if we encounter a similar problem trying to install Service Pack 3, however we can cross that particular bridge so to speak when and if it arises. For now lets proceed as follows, completing the below may take some time...

Hard-Drive Maintenance/Repair:

Note: for the CHKDSK portion you may refer to this tutorial of mine here and follow the instructions for Graphical Mode if you so wish.

Click on Start >> Run and type cleanmgr in the box and press OK.

  • Ensure the boxes for Temporary Files, Temporary Internet Files and Recycle Bin are checked.
  • You can choose to check other boxes if you wish but they are not required.
  • Click on OK then Yes.
Then:-

  • Click on Start again >> Run... then type in CMD and click on OK.
  • At the Command Prompt C:\ > type the following:
  • CD C:\ and hit the Enter/Return key.
  • Now type in DEFRAG C: -F
  • A Analysis report will be displayed and then Windows will start the Defragmention run automatically.
  • This may take some time, when completed the Command Prompt C:\ > will appear.
  • Now type in CHKDSK C: /R and hit the Enter/Return key.
  • When prompted with:

CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)

  • Hit the Y key then at the Command Prompt C:\ >
  • Type in EXIT and and hit the Enter/Return key.
  • Now Reboot(Restart) your computer.
Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

Posted Image

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be canceled and you computer will continue to boot-up as normal.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here to run the scan...

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Eset Log.

  • 0

Advertisements


#32
evolutionpill

evolutionpill

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Hi
Trust you had a good weekend.

1 Regarding the memory and this pc over all

I hear what you saying, and considering that “she” is an old model (that is really out dated) I suppose it is time to invest in a newer model. I have actually been considering this. It takes me a while to do, as honestly, I prefer to use something until I cannot any longer. Now Im weighing up whether to buy a straight up new laptop or having a desk top and an Ipad and then to use this pc as my backup storage unit (Reformat completely and disconnect the internet). But this will have to wait for another couple of months as I can buy this in Hong Kong on my return – cost -legal products, English on offer (which is critical), and close enough to mainland should there be a problem with the PC). In the mean time if I can get this pc just able to function till then ( in lure of what you said that if I cannot even run a basic recovery console program what will it be trying to run the SP3) and also by then I will finish my contract with my internet SP and investigate a more reputable SP.
By the way I did check out crucial and it seems that I can upgrade
Memory Type: DDR PC2700, DDR (non-ECC)
Maximum Memory: 2GB
Currently Installed Memory: 512MB
Total Memory Slots: 2
Available Memory Slots: 0
256MB
DDR PC2700
256MB
DDR PC2700

2. Regarding the Recovery console, Could I not try simply double clicking on the WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe and trying to create the recovery console or does it have to go through combofix.

3. “For interest sake If memory serves correctly you can also actually install the Recovery Console using the XP Installation CD-ROM, however that would most likely be problematic and we would encounter the exact same problem.”
I do have the CD ROM if you like we could try, I would just need Instructions on how?

4. PC update over the past few days:
4.1 IE keeps closing ( window appears - IE has experienced a problem and must close) 90% of the time when I open it to run, so I have reverted to using Firefox. By the way you don’t possibly have instructions on how to convert the Chinese Firefox into English

4.2 My avg picked up a Trojan DNS Changer, I ran MWBAM below the source of this : (just a side note when I updated MWBAM a window come up with Run time error 6 – Overflow)
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters|DhcpNameServer (Trojan.DNSChanger) -> Bad: (219.141.136.10) Good: () -> Quarantined and repaired successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E21A50FD-326F-46B7-90B0-CED202A1549F}|DhcpNameServer (Trojan.DNSChanger) -> Bad: (219.141.136.10) Good: () -> Quarantined and repaired successfully

4.3 When I open the internet (IE or Firefox) it still comes up with a band on top of the page with an advert of some sorts in chinese (still the same as the previous attachment )

5. Regarding today’s tasks.
5.1 Disk Check. (followed instruction to the letter), however when rebooting to continue Disk check the follow blue screen appeared. “stop c000021a: fatal system error. Windows subsystem process terminated with status ox c 0000005). I switched off the pc and when it restarted it went straight to what it was suppose to do in disk check.

5.2 Disk fragmentation, was 26% fragmented now 24%

5.3 ESET online, I have been trying for the last 3 hours, it will not get past the downloading signature database, keep coming up with error 2012. ( my avg is totally disabled, and im not touching the PC.

Sorry about the length e mail tonight. Again I really do appreciate your patience with me and my pc, but as mentioned above I think it is time to put this one out to pasture.
  • 0

#33
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

I will answer your questions in full after I have had another review of all logs posted so far. In the meantime please check if you can actually run the below scan for myself...

We have done so before but this time I would like to check if the actual Anti-Virus component can be downloaded and ran also etc.

Re-scan with aswMBR:

  • Double-click on aswMBR.exe to launch the application.
  • When prompted with The application can use the Avast! Free Antivirus for scanning >> select Yes
  • Now click on the Scan button to start scan
  • On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply

  • 0

#34
evolutionpill

evolutionpill

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
VIOLA, a numbers of hours and patience, i managed to finally run the scan. One good thing about the program is that it retains the segments that it had downloaded before the error, so clicking "back" and pressing start it would continue from where it left off, and once it downloaded the database the scanning took about 20 minutes. Below both log reports.


ESET

[email protected] as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=36882
[email protected] as downloader log:
Can not open [email protected] as downloader log:
Can not open internetCan not open [email protected] as downloader log:
Can not open internetCan not open [email protected] as downloader log:
Can not open internetCan not open [email protected] as downloader log:
Can not open internetCan not open [email protected] as downloader log:
Can not open internetCan not open [email protected] as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c35ed1658400f941a383819940b67aa9
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-07-17 04:15:43
# local_time=2012-07-17 12:15:43 (+0800, China Standard Time)
# country="South Africa"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1024 16777191 100 0 23645148 23645148 0 0
# compatibility_mode=8192 67108863 100 0 56031 56031 0 0
# scanned=97075
# found=0
# cleaned=0
# scan_time=5723

ASWMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-17 12:28:03
-----------------------------
12:28:03.569 OS Version: Windows 5.1.2600 Service Pack 2
12:28:03.569 Number of processors: 1 586 0xD06
12:28:03.569 ComputerName: SF2 UserName:
12:28:06.453 Initialize success
12:40:50.772 AVAST engine defs: 12071601
12:51:09.993 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:51:10.013 Disk 0 Vendor: Hitachi_HTS541612J9AT00 SBDOA70H Size: 114473MB BusType: 3
12:51:10.043 Disk 0 MBR read successfully
12:51:10.043 Disk 0 MBR scan
12:51:11.485 Disk 0 Windows XP default MBR code
12:51:11.505 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 20002 MB offset 63
12:51:12.917 Disk 0 Partition - 00 0F Extended LBA 94460 MB offset 40965750
12:51:12.937 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 29996 MB offset 40965813
12:51:13.017 Disk 0 Partition - 00 05 Extended 29996 MB offset 102398310
12:51:13.037 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 29996 MB offset 102398373
12:51:13.067 Disk 0 Partition - 00 05 Extended 34467 MB offset 225263430
12:51:13.097 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 34467 MB offset 163830933
12:51:13.167 Disk 0 scanning sectors +234420480
12:51:13.808 Disk 0 scanning C:\WINDOWS\system32\drivers
12:51:42.640 Service scanning
12:52:11.121 Modules scanning
12:52:21.355 Disk 0 trace - called modules:
12:52:21.375 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
12:52:21.385 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x857d19c0]
12:52:21.385 3 CLASSPNP.SYS[f766005b] -> nt!IofCallDriver -> \Device\0000007d[0x857cd140]
12:52:21.395 5 ACPI.sys[f75b6620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x857cd3f0]
12:52:21.966 AVAST engine scan C:\WINDOWS
12:52:27.304 AVAST engine scan C:\WINDOWS\system32
12:55:02.667 AVAST engine scan C:\WINDOWS\system32\drivers
12:55:16.087 AVAST engine scan C:\Documents and Settings\sfvb
12:58:14.533 AVAST engine scan C:\Documents and Settings\All Users
13:00:12.293 Scan finished successfully
13:04:21.511 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\sfvb\Desktop\MBR.dat"
13:04:21.521 The log file has been saved successfully to "C:\Documents and Settings\sfvb\Desktop\aswMBR2.txt"
  • 0

#35
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

In the mean time if I can get this pc just able to function till then ( in lure of what you said that if I cannot even run a basic recovery console program what will it be trying to run the SP3) and also by then I will finish my contract with my internet SP and investigate a more reputable SP.

The age of your machine and the fact so long without critical updates is a major factor all told, the latter more so from a security point of view as I mentioned to your good self in my first post in this topic.

Trying to even download SP3 may be problematic apart from will it even install but we might as well give it a try as nothing ventured etc. However I am beginning to suspect the actual Operating System may be damaged also now.

By the way I did check out crucial and it seems that I can upgrade


Obviously having the max of 2GB your machine can support would be better but as I mentioned prior I have absolutely no idea what the cost would be and or where to purchase in your current locale. You may just be able to purchase some at a relatively reasonable price as you can currently in say UK/Europe etc.

Though if you are planning on replacing the machine and merely use it as you outlined, might not just be worth doing so. Overall that would be at your own discretion...

Regarding the Recovery console, Could I not try simply double clicking on the WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe and trying to create the recovery console or does it have to go through combofix.

No point now but for interest sake the below explains how to install the Recovery Console using the XP Installation CD-ROM:-

How to install and use the Recovery Console in Windows XP

IE keeps closing ( window appears - IE has experienced a problem and must close) 90% of the time when I open it to run, so I have reverted to using Firefox. By the way you don’t possibly have instructions on how to convert the Chinese Firefox into English

Not good at all but I will be advising re-installing IE8 at some point...As for what you asked re FireFox, the below should do so:

Launch Firefox and type about:config in the in the Address Bar >> depress the Enter/Return key >> acknowledge the here be dragons! prompt if displayed.

Scroll down and double-click on general.useragent.locale >> at the prompt enter string value, type in en-GB >> OK

Then scroll down again and double-click on intl.accept_languages >> at the prompt enter string value, type in en-gb, en >> OK >> restart the browser.

Firefox should now run in UK English for you etc.

My avg picked up a Trojan DNS Changer, I ran MWBAM below the source of this : (just a side note when I updated MWBAM a window come up with Run time error 6 – Overflow)
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters|DhcpNameServer (Trojan.DNSChanger) -> Bad: (219.141.136.10) Good: () -> Quarantined and repaired successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E21A50FD-326F-46B7-90B0-CED202A1549F}|DhcpNameServer (Trojan.DNSChanger) -> Bad: (219.141.136.10) Good: () -> Quarantined and repaired successfully

That is your ISP yet again, though should not actually be a problem since you should still be using OpenDNS...

When I open the internet (IE or Firefox) it still comes up with a band on top of the page with an advert of some sorts in chinese (still the same as the previous attachment )

OK lets apply a custom Host-File and lock it as follows:-

Please Download HostsXpert and unzip it to your computer, somewhere where you can find it.

The root of the system drive would be a ideal location EG: C:\

  • Double click on HostsXpert.exe to launch the programme.
  • Check to see if top button on left hand side says Make Writable?
    • If it does. click on it then proceed to next instruction.
    • If not, just proceed to next instruction
  • Click on Restore MS Hosts File to restore your Hosts file to its default condition
  • When prompted to confirm, click OK.
  • Click on the Download button (lower left hand side)
    • Click on MVPs Hosts... button.
    • Click on Replace button.
    • Press OK in the box that pops up. (HostsXpert will now download and update your Hosts file)
  • When finished.
    • Click on File Handling button.
    • Click on Make Read Only? to secure it against infection.
  • Exit the programme.

Disk Check. (followed instruction to the letter), however when rebooting to continue Disk check the follow blue screen appeared. “stop c000021a: fatal system error. Windows subsystem process terminated with status ox c 0000005). I switched off the pc and when it restarted it went straight to what it was suppose to do in disk check.

Disk fragmentation, was 26% fragmented now 24%

Overall not good and it may just be the actual Hard-Drive is worn out and or getting close to it. If in the futre it starts to say make any clicking noises that is a sure sign of imminent failure for example.

Not a lot that can be done though no harm running my prior Hard-Drive Maintenance/Repair again if you so wish as it may just make more of a difference this time round.

VIOLA, a numbers of hours and patience, i managed to finally run the scan. One good thing about the program is that it retains the segments that it had downloaded before the error, so clicking "back" and pressing start it would continue from where it left off, and once it downloaded the database the scanning took about 20 minutes

Good, the scan results are favourable though why Eset came up with this is somewhat perplexing:-

# local_time=2012-07-17 12:15:43 (+0800, China Standard Time)
# country="South Africa"

But in the great scheme of things not a particular issue for concern.

Next:

Please check for me if you can actually download the following and save to the desktop:-

WindowsXP-KB936929-SP3-x86-ENU.exe <-- once on the page click on the orange download tab.

It is quite large, around the 316 plus MB in size.

Now if problems you could say ask a friend to download this:-

xpsp3_5512.080413-2113_usa_x86fre_spcd.iso <-- once on the page click on the orange download tab.

Then actually burn the file to a CD etc and we could use that to install SP3.

Next:

Let myself know the outcome of the Firefox language change, if able to set the custom Host-File and whichever methodology you used for downloading SP3, do not attempt however to install SP3 just yet.
  • 0

#36
evolutionpill

evolutionpill

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Hi

First and foremost you have been spot on with your analysis from the start, and I thank you for that. Right at the beginning you made it very clear that this would be a potentially lost battle. However because of the process it has made me realise that it is time for a change (which I can now comfortably get behind) and also made me understand and learn a little more about the pc (wont say im out of the dark ages just yet, but there may be a glimmer of light up ahead..smile) so again thank you.

As you predicted download sp3 is problematic, I will continue to try. I am now trying to find a friend who can actually burn a cd for me before I depart (apparently CD also seem to be a thing of the past – I should just make a side comment that they are quite amused as they have been trying to get me updated for a year or so now).

Im thinking since my PC is virus free now, and we have a new plan of action including concerting this PC into my mass storage (without internet access), if I cannot get SP3 is that going to be a problem for the next couple months?

On that, thank you for advising that my hard drive may be close to damaged, I shall get a new one aswell when I convert this into storage unit.

I also was able to access the windows recovery console through the disk but did not run it, as u mentioned no point.

I tried what u recommended for firefox but alas it did not work. The languages on the top of the page and function keys still in Chinese (and I tried re installing different English version) and still downloads Chinese. I researched on internet and there doesn’t seems to be a solution.


I download Hostxpert and the problem on the top of the webpages seem to be resolved.

The issue about why South Africa was on may have come when I tried to change keyboard setting and country setting in hope that it may help with firefox when I tried to re install ( I read it somewhere) but of no use.

I have two question

1. I’ve been meaning to ask, my adobe reader (since we deleted java script ) right at the beginning is not allowing me to access those documents (do I need to re install?
2. 2. My system32 folder seem to have a huge number of files in it is this normal.

I would imagine now that we have figured out a plan that I will not be needing to take up more of ur valuable time, and im sure there are other folk needing ur attention.

Is there anything you still need me to do.
  • 0

#37
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

First and foremost you have been spot on with your analysis from the start, and I thank you for that. Right at the beginning you made it very clear that this would be a potentially lost battle. However because of the process it has made me realise that it is time for a change (which I can now comfortably get behind) and also made me understand and learn a little more about the pc (wont say im out of the dark ages just yet, but there may be a glimmer of light up ahead..smile) so again thank you.

OK and you are most welcome!

As you predicted download sp3 is problematic, I will continue to try. I am now trying to find a friend who can actually burn a cd for me before I depart (apparently CD also seem to be a thing of the past – I should just make a side comment that they are quite amused as they have been trying to get me updated for a year or so now).

Fair play, in the event you are able to create a SP3 Installation CD. Before actually installing SP3 I advise reading this Microsoft article.

Im thinking since my PC is virus free now, and we have a new plan of action including concerting this PC into my mass storage (without internet access), if I cannot get SP3 is that going to be a problem for the next couple months?

As it stands whilst your machine does not have SP3 installed, all critical updates and actually used to access the internet it will always be deemed a security risk being quite honest. I certainly would not use it for say any form of online banking for example. All I can say is be very cautious until the time the machine is taken offline permanently. Plus until it is always the distinct possibility it will become infected again I'm afraid.

It does not sit well myself leaving your machine thus as I take very seriously the Anti-Malware support for anyone I assist but I have to be practicable as in not a lot else can be done in this particular situation.

I will however provide you with some online safety advice in due course...

I tried what u recommended for firefox but alas it did not work. The languages on the top of the page and function keys still in Chinese (and I tried re installing different English version) and still downloads Chinese. I researched on internet and there doesn’t seems to be a solution.

What we tried was the methodology my research found and tried it out on my machine as in changing the language settings and appeared to actually work, apart from that I honestly have no idea what the problem may be. So my best advise would be to ask in this part of the forum:-

Web Browsers and Email

1. I’ve been meaning to ask, my adobe reader (since we deleted java script ) right at the beginning is not allowing me to access those documents (do I need to re install?

We will update shortly...

2. 2. My system32 folder seem to have a huge number of files in it is this normal.

As I mentioned in a prior reply when we actually uninstall ComboFix all will be as was etc.

New Adobe Reader Installation:

  • Go here and click on AdbeRdr1013_en_US.exe to download the latest version of Adobe Reader.
  • Save this file to your desktop and run it to install the latest version of Adobe Reader.
  • After the new Reader is installed, Open Adobe Reader X.
  • OK the license.
  • Click on Edit and select Preferences.
  • On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
  • Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
  • Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
  • Click the OK button.
New Java Installation:

  • Click here to visit Java's website.
  • Scroll down to Java SE 7u5. Click on JRE Download.
  • Check (tick) Java SE Runtime Environment 7u5 License Agreement box.
  • Click on jre-7u5-windows-i586.exe link next to Windows x86 Offline to download it and save this to your desktop.
  • Double-click on on jre-7u5-windows-i586.exe to install Java.
Uninstall ComboFix:

  • Click on Start >> Run...
  • Now type in ComboFix /Uninstall into the and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image
Clean up with OTL:

  • Double-click on OTL to start the program.
  • Close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.
The above process should clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Next:

Let myself know when completed the above and I in turn will provide the aforementioned advice about online safety etc.
  • 0

#38
evolutionpill

evolutionpill

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Hi Dakeyras

All has been done without a hitch.

Regarding firwfox, the info you gave is very similar to what I read, but thats not a proble because ill download it again once im back home next week.

Regarding not being able to fix this machine 100%, there is no doubt how serious and professional you have been in trying, and might I add practical. However all is not lost as you have provided me with insight and a good ol nudge in the right direction and again I thank and commend you.

Look forward to your advice about online safety
  • 0

#39
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

All has been done without a hitch.

Good.

Regarding firwfox, the info you gave is very similar to what I read, but thats not a proble because ill download it again once im back home next week.

Fair play and or you could merely try updating it. As a update for the browser has been recently released:-

The latest version is 14.0.1

To update, launch the browser >> Help >> About Firefox >> Check for Updates, then download and install. Restart the browser when prompted.

Regarding not being able to fix this machine 100%, there is no doubt how serious and professional you have been in trying, and might I add practical. However all is not lost as you have provided me with insight and a good ol nudge in the right direction and again I thank and commend you.

You're most welcome and thank you for the compliment also!

Look forward to your advice about online safety


As follows...

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan once at least once per week.

Other installed security software:

Your presently installed security application, AVG automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also at least once per week.

Erunt:

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Keep your system updated:

Note: This will only really apply if you manage to install SP3 etc.

Microsoft releases patches for Windows and other products regularly:

Check for updates via Start >> All Programs >> Windows Update

Also ensure Automatic Updates is active:-

How to configure and use Automatic Updates in Windows

Be careful when opening attachments and downloading files:

Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.

Consider installing WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

Check your third party software is upto date:

Via visiting the Secunia Online Software Inspector periodically.

Next:

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center

Any questions? Feel free to ask, if not stay safe!
  • 0

#40
evolutionpill

evolutionpill

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Just two last questions.

1. with Malwarebyte's Anti-Malware, I keep getting run time error 6 overflow when I update?

2. Regarding AVG, is this an ok free anti virus to use or would you recommend another.

Again thank you for your time, patience and brilliant advice
  • 0

Advertisements


#41
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Hi. :)

1. with Malwarebyte's Anti-Malware, I keep getting run time error 6 overflow when I update?

That usually denotes some form of Visual Basic error, unfortunately you can update this particular package as it would require SP3 to be installed.

Though possible it is a problem with MBAM itself...

So download and run mbam-clean.exe >> follow the prompts and reboot your machine if advised.

Then download and install a new copy from here etc.

If still a problem, might be due to the fact I suspect the actual Operating System on your machine is damaged. So you could consider trying to repair it using your XP SP2 Installation CD-ROM.

How to do so can be read in the below tutorial:-

How-to repair Windows XP

You may also need to access your Dell ResourceCD afterwards to update drivers etc. Overall though it may not work and or be problematic and you will have to go ahead and perform the planned reformat and reinstallation of the Windows Operating System instead/sooner.

2. Regarding AVG, is this an ok free anti virus to use or would you recommend another.

I am of the mind any Anti-Virus installed is better than none. However I do personally recommend:-

Microsoft Security Essentials

Your choice to change your presently installed software or not. If you do opt too, ensure you actually uninstall AVG first. As far from ideal having more than one Anti-Virus application installed and active in system memory. Basically because this will cause all kinds of system conflicts and actually lesson overall online protection to name a few.

Again thank you for your time, patience and brilliant advice

My pleasure to do so.
  • 0

#42
evolutionpill

evolutionpill

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Thank you, and best of luck to you in the future. Good Bye
  • 0

#43
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,665 posts
Likewise/you're welcome!

--------------

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP