Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Antivirus programs, Malwarebytes, SpyBot, AVG, RKill, etc. will not st


  • This topic is locked This topic is locked

#16
carolinachris

carolinachris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Brian,

 

I downloaded all three to my desktop and none would start.

 

Each would prompt a window that read, "Do you want to allow the following program to make changes to your computer", I clicked "Yes", the window closed and nothing further happened.


  • 0

Advertisements


#17
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Thank you. Let's check for Rootkits. We'll likely need to do a few different scans but let's start with the following one.

 

Step#1 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it. Please zip up this file and attach to your next reply.

 

 


  • 0

#18
carolinachris

carolinachris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Brian,

 

I downloaded the utility, right clicked it, selected "Run As Admin", got the window that read, "Do you want to allow the following program from an unknown publisher to make changes to your computer", I clicked "Yes", the window closed and nothing further happened.


  • 0

#19
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

OK, let's see if it's just security type programs. Please download and run the following program. Let me know if it opens.

 

http://live.sysinter...om/autoruns.exe


  • 0

#20
carolinachris

carolinachris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Brian,

 

I downloaded the program, it started and is running...


  • 0

#21
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Did you happen to right-click on it and select Run as administrator? I want to see if it runs when that is done.


  • 0

#22
carolinachris

carolinachris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Brian,

 

Yes, it runs both ways: double click to open and run as admin...


  • 0

#23
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Can you create a new user account and then sign in with that user account and try running the Rootkit Scan again? Just trying to narrow down the issue.

 

 

Step#1 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it. Please zip up this file and attach to your next reply.


  • 0

#24
carolinachris

carolinachris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Brian,

 

I created a new user account, downloaded the utility, right clicked it, selected "Run As Admin", got the window that read, "Do you want to allow the following program from an unknown publisher to make changes to your computer", I clicked "Yes", the window closed and nothing further happened.


  • 0

#25
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

OK, thanks for trying this. We no longer need the extra user account so you can remove that whenever you are able. Please try the following.

 

1. Download Malwarebytes Anti-Rootkit to your desktop from here.
2. Right-Click on the file that was downloaded and choose Run as administrator. Answer Yes if prompted to Allow.
3. Click OK at the installer screen that comes up.
4. The software will be extracted and will open.
5. Click Next at the first screen.
6. The Update Database screen will appear. Click the Update button.
7. Once updated, click the Next button.
8. On the Scan System screen, click the Scan button.
9. Once, the Scan is finished, even if rootkits were detected, don't click the Cleanup button. Just exit the program.
10. On your desktop, there will be a folder named mbar. Open this folder and you will find a log that begins with mbar-log-. Please open this file and copy the contents in to your next post.


  • 0

Advertisements


#26
carolinachris

carolinachris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Brian,

 

I deleted the extra user account.

 

I downloaded the utility, right clicked it, selected "Run As Admin", got the window that read, "Do you want to allow the following program to make changes to your computer", I clicked "Yes", the window closed and nothing further happened.


Edited by carolinachris, 31 August 2015 - 01:18 PM.

  • 0

#27
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Interesting. Let's try this tool.

 

Combofix
1. Download ComboFix from one of the following locations and save it to your Desktop Link 1 or Link 2
 **Note: It is important that it is saved directly to your desktop**
 
2. Close any open browsers.
* IMPORTANT - Disable your AntiVirus and any AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
If you have difficulty properly disabling your protective programs, refer to this link here.

3. Double click combofix.exe and follow the prompts.
 
4. Accept the disclaimer and allow to update if it asks
 
5. When finished, it shall produce a log for you.
 
6. Please include the C:\Combofix.txt in your next reply.
 
Notes:
 
*Do not mouseclick combofix's window while its running. That may cause it to stall.
*Do not "re-run" Combofix If you have a problem, reply back for further instructions.
* If you recieve an error "Illegal operation attempted on a registry key that has been marked for deletion". Please restart the computer. That will cure it.
 
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running Combofix on your own.

This tool is not a toy and not for everyday use. Combofix Should Not be used unless requested by a forum helper


  • 0

#28
carolinachris

carolinachris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Brian,

 

I downloaded ComboFix and it is running.

 

I will advise when it's finished...


  • 0

#29
carolinachris

carolinachris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 80 posts

Brian,

 

The program finished and the ComboFix.txt is attached...

Attached Files


  • 0

#30
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Thank you. While I review the log please follow the instructions to run VIPRE Rescue. You will need to download the program, boot into Safe Mode and then run it. Let me know if anything is detected.

 

http://www.vipreantivirus.com/live/


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP