Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

All downloads reportedly contain a vrius [Solved]


  • This topic is locked This topic is locked

#61
edsmith323

edsmith323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
CBS Log

http://www.sendspace.com/file/lnexx9

Thanks for all your help Tom, it's been a learning curve for both of us I reckon.

Thanks Again
  • 0

Advertisements


#62
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi Ed,

You're most welcome for the help, it has been a pleasure to work with you :)

You can say that again! As this is one of only a handful of cases of this infection currently on the internet, we've had quite an audience along the way!

I've had a look at your CBS log and SFC has reported four files as corrupt which we will need to replace. I don't think this is malware though, you'll be glad to know!

The files are being unusually difficult to trace (they have a Vista SP2 version number but can't be found anywhere in the SP2 update), so I'm going to have to set up a Vista virtual machine to extract these from. I'll be back in the morning with a fix :)

Tom
  • 0

#63
edsmith323

edsmith323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Ok Tom I look forward to it.

As an aside, I have started another post with reference to my dads PC which he tells me he's all of a sudden having problems with search conduit. The post has had no replies if wanted to take a look maybe??
  • 0

#64
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi Ed,

Again, there's no rush but I have managed to source the files and we can now perform the replacement, when you're ready.

SFCFix Script

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

  • Download SFCFix.exe (by niemiro) and save this to your Desktop.
  • Download the file below, SFCFix.zip, and save this to your Desktop. Ensure that this file is named SFCFix.zip - do not rename it.
  • Save any open documents and close all open windows.
  • On your Desktop, you should see two files: SFCFix.exe and SFCFix.zip.
  • Drag the file SFCFix.zip onto the file SFCFix.exe and release it.
  • SFCFix will now process the script.
  • Upon completion, a files should be created on your Desktop: SFCFix.txt.
  • Copy (Ctrl + C) and Paste (Ctrl + V) the contents of this file into your next post for me to analyse please.

https://dl.dropboxus...h323/SFCFix.zip

Tom
  • 0

#65
edsmith323

edsmith323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
SFCFix version 1.5.4.0 by niemiro.
Start time: 2013-05-27 13:04:54.850
Using .zip script file at C:\Users\Ed\Desktop\SFCFix.zip




PowerCopy::
Successfully took permissions for file or folder C:\Windows\WinSxS\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8\config.sys
Successfully took permissions for file or folder C:
Successfully took permissions for file or folder C:\Windows\WinSxS\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8

Successfully copied file \\?\C:\Users\Ed\AppData\Local\niemiro\Archive\config.sys to \\?\C:\Windows\WinSxS\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8\config.sys.
Successfully copied file \\?\C:\Users\Ed\AppData\Local\niemiro\Archive\config.sys to \\?\C:\config.sys.
Successfully copied file \\?\C:\Users\Ed\AppData\Local\niemiro\Archive\autoexec.bat to \\?\C:\Windows\WinSxS\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8\autoexec.bat.
Successfully copied file \\?\C:\Users\Ed\AppData\Local\niemiro\Archive\autoexec.bat to \\?\C:\autoexec.bat.

Successfully restored ownership for C:\Windows\WinSxS\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8\config.sys
Successfully restored permissions on C:\Windows\WinSxS\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8\config.sys
Successfully restored ownership for C:
Successfully restored permissions on C:
Successfully restored ownership for C:\Windows\WinSxS\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8
Successfully restored permissions on C:\Windows\WinSxS\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.0.6002.18005_none_fff8f2266fafa2e8
PowerCopy:: directive completed successfully.




Successfully processed all directives.
SFCFix version 1.5.4.0 by niemiro has completed.
Currently storing 3 datablocks.
Finish time: 2013-05-27 13:05:07.970
----------------------EOF-----------------------
  • 0

#66
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi Ed,

That's excellent! SFCFix successfully repaired the file corruption so unless you have any further problems, you're good to go! :thumbsup:

Tom
  • 0

#67
edsmith323

edsmith323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Tom

Nothing else to report I dont think, other than slow boot up but thats probably a kin to Vista more than anything.

What advice would you give in regard to Anti Virus software, is AVG all it cracked up to be??

Also Anti Malware software??

Edited by edsmith323, 27 May 2013 - 07:16 AM.

  • 0

#68
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi Ed,

Vista isn't great for performance, but it's okay for every day use :)

As for anti-virus software, they all have their own pros and cons and opinions on which is the best vary so much. In my opinion, the best protection is sat right in front of your screen, you :) Stay away from file sharing websites and software, don't open any email attachments from people you don't know and lastly, pay attention to the WOT ratings for websites. If a Google result has a red circle next to it, do not click on it. If you disagree with the rating, at least read the community ratings on the WOT website before continuing. Here is a great article on staying safe online:

http://www.malwarere...=557960#p557960

I would also recommend you use Firefox or Chrome to browse the internet as they are a lot more secure than IE, but by the look of your OTL log, you already do this. NoScript and AdBlockPlus are great Firefox extensions; AdBlockPlus is also available in Chrome. There's an annual competition to test the security of the browsers and a few mobiles, Pwn2Own, which IE has never survived:

http://en.wikipedia.org/wiki/Pwn2Own

Chrome has done the best, Firefox takes a close second place.

Whilst I've always believed that the best method of protection is stopping the files getting to your computer in the first place, sometimes things slip through the net as they did with your computer here with what seems to be a Java exploit and in situations like that, it's important to have an AV that will detect it. Microsoft Security Essentials has always been my favourite anti virus as it has good detections, is very lightweight on system resources and due to the fact that it is developed by Microsoft, it works very well with Windows - unlike a few other AVs who are known to be great at causing BSODs. AVG is average in my eyes and I would recommend that you switch to MSE, but the choice is yours:

http://www.microsoft...curity/mse.aspx

Keep Malwarebytes' Anti-Malware installed and run a full scan on a weekly basis - the free version will suffice. It has excellent detection rates and has a very good team behind it :)

http://www.malwarebytes.org/

Tom
  • 0

#69
edsmith323

edsmith323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Thanks Tom

I'll have at look at MSE.

Thanks for all your help.

Ed
  • 0

#70
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP