[TINMAN69]

Hi, Thanks in advance .
DELL Win XP Prof 2002 SP3 Pentium 4 2.66 1g RAM
Mcafee reported Trojan . Tried quarantine . Reboot safe mode, removal . No luck. Researching and have DL'd the following files so far :

FRST , Combofix , NBISbeta DLer. Roguekiller , GMER ,Fixzeroaccess , WP setup, CCsetup28, mbr , aswmbr, ETC

Need to buy a CD=R to burn to so it will not infect a flash card .
Any help on where to start will be appreciated .

Ken

[Advertisements]

Hi first we will have a look and then try to remove it

Download OTL to your Desktop
Secondary link

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
  
  
• Select All Users
• Under the Custom Scan box paste this in
  
  netsvcs
  BASESERVICES
  %SYSTEMDRIVE%\*.exe
  /md5start
  services.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  winsock.*
  /md5stop
  CREATERESTOREPOINT
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan




On completion of the scan click save log, save it to your desktop and post in your next reply

[Essexboy]

Hi first we will have a look and then try to remove it

Download OTL to your Desktop
Secondary link

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
  
  
• Select All Users
• Under the Custom Scan box paste this in
  
  netsvcs
  BASESERVICES
  %SYSTEMDRIVE%\*.exe
  /md5start
  services.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  winsock.*
  /md5stop
  CREATERESTOREPOINT
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan




On completion of the scan click save log, save it to your desktop and post in your next reply

[TINMAN69]

tHANKS FOR oops fast reply Essex Boy !!. Should have mentioned before that the Desktop I am trying to fix has No internet access . IDK if that is a problem or not.
Tinman


Also, The Kodak CD-r 52x i bought for this gets ejected , and get an error prompt that states it is not compatible with my computer . Max speed option is 24x on my Laptop.
Is it safe to use a DVD-r 4x write speed with Live file to read and write or should I use MasterFile which, I believe , closes the disc preventing infected Comp from altering it ?
Also if I use my Sandisk flash card that I use for my camera a Safe Option to go back and forth ? To post the Logs you require ?
Or should (if the DVD-r is also safe to go back and forth to my Uninfected laptop ?)


Thanks , Ken
PS just tried a DVD-r , but apparently this system is so old it only Takes CD-48x and 3 1/2" Floppy, LOL
May have a USB port, so would a USB stick be a safe option to transfer between UnInfected Laptop and Infected Computer ??


Thanks , Ken

Edited by TINMAN69, 13 March 2013 - 12:26 PM.

[Essexboy]

You may put it on the sansdisc as you are only copying text files from the affected computer and nothing else. As of now zero access does not copy itself to removable drives

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.