Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

RE GreyKnight Pre .. VirusRemover 2008 problem [Solved]

Started by dowsp , Feb 16 2009 12:57 AM

Page 7 of 12
5
6
7
8
9

This topic is locked

#91
fenzodahl512

Posted 09 March 2009 - 09:53 PM

Malware Removal
9,863 posts

Ok, first of all, go to My Computer >> Tools >> Folder Options.. >> Click on View tab >> Under Advanced Settings tick on Hide extensions for known type files box >> Click on Apply >> Ok

The second screenshot indicates that your Antivirus and Firewall are either disabled or not present in the Computer..

If you have an antivirus in that computer, please re-enable it...

If you don't have any antivirus at the computer, please choose and install ONLY ONE of these free antivirus below..

If you asked for my recommendation, I'd say, go for either Avira or Avast.. I use Avira in for my personal laptop..

As for firewall, there are loads of third-party firewall out there, and according to most security experts, Comodo being the best free firewall that you can get, however, configuring firewall can be daunting at times..

For the sake of simplicity, I'd recommend you PC Tools Firewall Plus for your computer.. I use this one too..

Please install ONE antivirus and then install the PCTools Firewall in your computer..

After that, you're should be good to go...

You can delete everything that been downloaded during this cleaning process.. Do you have anymore questions?

Edited by fenzodahl512, 09 March 2009 - 09:54 PM.

#92
dowsp

Posted 10 March 2009 - 01:37 PM

Member

Topic Starter
Member
543 posts

Hi Fenz

I followed your instructions and it may be ok if its to do with a real windows security application,

What I am not sure about however... is I do still get a few unusual things that keep happening such as webpages closing
by them selves or sometimes a webpage doesnt open etc.

Before the main virus I also used to have problems with the computer closing down and I would get one or two similar messages saying something like Sys application woulnt close and requesting I click end now.

Since the problem , its much better but It does occasionally happen.

Last night when I closed my machine I seemed to have another unusual problem and I got another application and run time error...

THEN When I just came online now... There was a page that appeared VERY breifly that looked like some antivirus
page that I did not recognise and after this I again got the application and runtime error.

I am sending a screen shot of the application and runtime error messages.

Again as for my own Antivirus, You said the AVG7.5 was no longer valid on my machine and yet it keeps updating at 8 am in the morning.

I cannot understand why it would do this if its no longer working.

Attached Thumbnails

#93
fenzodahl512

Posted 10 March 2009 - 08:38 PM

Malware Removal
9,863 posts

Install and update one antivirus from the list that I give to you earlier.. Then, disconnect from the internet.. Do a fullscan with the antivirus and remove everything that it found..

After that, reconnect the computer with internet and then do below..

Lets run F-Secure online scan for Viruses, Spyware and RootKits:

Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
Allow the Active X control to be installed on your computer, then click the Accept button
Click Full System Scan and allow the components to download and the scan to complete.
If malware is found, check Submit samples to F-Secure then select Automatic cleaning
When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan

When the cleaning option is presented, Uncheck Submit samples to F-Secure
Click Automatic cleaning
When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

Notes:
This scan will only work with Internet Explorer
You must have administrator rights to run this scan
This scan can take several hours, so please be patient

#94
dowsp

Posted 11 March 2009 - 07:23 PM

Member

Topic Starter
Member
543 posts

Hi Fenz

I have not as yet had time to do as you suggested...

and initially I was going to give it a day or two more to see what happened..

BUT Now After coming online today It certainly looks like I will definately need to do so.

Another problem has occurred and IT does seem it may be related to that Red Icon for windows security that I
shown you the other day.

UNLESS IT is a genuiene message from one of the other Antispy ware that I have been using..

I have forgot some of them already as I have used some many various programmes etc.

I am attaching a copy of the message that has shown up today on my machine.

Its from spyware remover 2009 or removespywarethreats.com/2009.

It certainly will take me some time to follow all the instructions , ie remove all AV and just upload and update one and then do a full scan...

Maybe you should not risk opening the attachment if you think you will get infected.

cheers Dowsp.

Attached Thumbnails

#95
fenzodahl512

Posted 11 March 2009 - 08:20 PM

Malware Removal
9,863 posts

Let me get this very straight.. Plain and simple.. Uninstall your AVG7.5 >> Reboot your computer >> Install one of the free antivirus that I gave you earlier.. Don't argue with me on this because I don't want to fix your computer forever..

Then update your antivirus and do below...

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

NEXT

Please download RSIT by random/random and save it to your Desktop.

Double click on RSIT.exe to run RSIT
Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.

Post these logs in your next reply.. Each log in separate post.. DO NOT attach them

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt

#96
dowsp

Posted 12 March 2009 - 09:27 AM

Member

Topic Starter
Member
543 posts

Hi Fenz

Applogies if things have not gone right and its my fault.

I totally understand hoiw you feel.

I am back on my other computer

Unfortunatley what ever has happened the computer just crashes when I go online, SO I am unable to download anything or update anything in normal mode/ on my modem.

IN SAFE MODE

I attempted to run Dr Curit quick scan and just on certain files such as windows or program files and I also tried AVZ again and it did find various viruses, BUT some seem to keep coming back...

It fixes it to allow me to get back in normal mode.

What I do not know is Have I picked up another virus or was the virus never fully deleted from all our efforts.. ( maybe we will never know)

I again may have to try getting online again in safemode at my brothers.

IF that doesnt work, ALL I can do is run all the existing AV programmes I have and HOPE..

If I am unable to get online even if I installed Norton, unless I can update it , It probably wont be any good.

I can only hope that I get lucky.

I dont know how long it will take.But I will be trying to do it ASAP.

#97
fenzodahl512

Posted 12 March 2009 - 08:02 PM

Malware Removal
9,863 posts

Ok.. Forget all of my previous instruction.. If you run too many tools, I would have hard time to track which scans you have done, and what it actually removed.. I need to see all logs before I can determine what exactly to do with the computer..

So, stop attempt to fix the computer on your own..

First step:

Uninstall your AVG7 >> reboot your computer >> install ONLY ONE of the following antivirus >> update it.. >> Don't run any scan yet..

Second step:

Delete this from your computer if any.. We will use the latest version if we need them.. These tools will update almost everyday..

1. Dr.Web
2. ComboFix
3. SDFix

Third step:

Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please reboot into Safe Mode

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
A new folder will be extracted to your %systemdrive%, typically C:\SDFix
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.

Fourth step:

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Make sure you ONLY do these steps with the computer.. Skip any step that you unable to do.. You may do all steps whether in Safe Mode or in Normal Mode (exception for SDFix, must be done in Safe Mode)

Post these logs in your next reply..

1. SDFix
2. ComboFix

#98
dowsp

Posted 13 March 2009 - 12:08 PM

Member

Topic Starter
Member
543 posts

Hi Fenz

THank you again for your further advice

I can only do as you say however IF I am able to get back onluine.

Before I read your message I did infact run FOUR of the AV programmes that I had on my machine last night.

Malware,

Spybot

Dr Web

AVZ

AVZ AND DR CUWEB Found many viruses and deleted many of them

the others found a few others.

I HAVE NOT AS YET ATTEMPTED TO DO ANYTHING ELSE OR ATTEPT TO SEE IF I CAN GET BACK ONLINE.

I was waiting until I getto my brothers first to attempt to see if Firts I can get back online even in Safemode... THEN IF so I will follow your instructions.

I MAY BE BETTER DOING THIS BEFORE I RISK RETRYING to see if the virus issue had resolved and I attempt to get online in Normal mode on my modem.

IF I dont manage to do it tonight i hope to do it over the weekend

I CAN HOWEVER delete all the programmes you suggest before doing anything further.

#99
dowsp

Posted 13 March 2009 - 05:42 PM

Member

Topic Starter
Member
543 posts

Hi Fenz

Fortunately
I managed to get to my brothers and get online..It works both in safemode and normal mode.

I did take over 12 hrs running 4 programmes yesterday full scans.

I followed some of your instructions so far but in the time I have I wont be able to do all.

So I hope that my PC works ok when I get back home on my normal modem.

I have deleted AVG and Macafee and a few other things.

I uploaded Avira AV and SD fix

I am running SD fix now..

I will have to hope that I can complete all scans etc and post logs tonight or IF my pc wont work at home I hope to do it over the weekend back at my Brothers.

I MAY have got lucky and the full scan may have deleted the problem virus. I PREY that I Have...

I shown my Brother that Windows security icon and he doesnt think that that was a threat after reading the google link that I posted.

So Its hard to say what caused it.

I aim to finish your instruction, do a AV scan also on my e drive etxternal drive and take a full back up copy.

and also delete some files as my hard drive is close to full.

#100
fenzodahl512

Posted 13 March 2009 - 06:42 PM

Malware Removal
9,863 posts

Well.. good for you.. Getting back online is the first thing we want to do..

I'll wait for SDFix and ComboFix logs..

#101
dowsp

Posted 13 March 2009 - 07:12 PM

Member

Topic Starter
Member
543 posts

Hi Fenz

Very Luckily the good news is I have been able to get back online back at home on my modem.

The Bad news is during the SDfix scan.. It would not complete as it says there was not enough space on my hard drive disk to complete it.

I will have to make my decisions on what to delete or move onto my external Hard drive... BUT that will take me a bit of time to decide.

In the mean time, I have managed to update my new AV and do a scan...

seems ok so far.

I have also now done combofix and Hijack this.

I will post these logs next or PM them to you IF that is OK.

#102
dowsp

Posted 13 March 2009 - 07:17 PM

Member

Topic Starter
Member
543 posts

Hi Fenz

I PM'd the Combo Fix log to you

Heres the Hijackthis log

I Hope its OK..

--------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:00:40, on 15/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Tesco internet phone\TescoIP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finance.group...oo.com/group/d/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKCU\..\Run: [Tesco internet phone] "C:\Program Files\Tesco internet phone\TescoIP.exe" /autostart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1E76C8A-BF62-4277-8664-3395D74E0128}: NameServer = 212.139.132.73 212.139.132.75
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: StumbleUponUpdateService - stumbleupon.com - C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe

--
End of file - 6306 bytes

#103
fenzodahl512

Posted 13 March 2009 - 07:39 PM

Malware Removal
9,863 posts

Both ComboFix and HijackThis logs looks good to me..

I believe those scans that you run earlier manage to get rid almost all of the nasties.. Good for you...

Reboot the computer and run it for a couple of days.. Then, tell me, how's the computer now?

Edited by fenzodahl512, 13 March 2009 - 07:40 PM.

#104
dowsp

Posted 13 March 2009 - 07:45 PM

Member

Topic Starter
Member
543 posts

Hi Fenz

Thank you for your comments,

Sounds promising.

I want to try and make a payment to you this next day or so ,

and I want to make another later in a few days if thats ok.

I need to check up on my paypal account first.

Many Many thanks for your help and patience, I am not sure what I would have done without it.

Cheers Have a great weekend.

Dowsp

#105
dowsp

Posted 13 March 2009 - 10:49 PM

Member

Topic Starter
Member
543 posts

Hi Fenz

Can I ask about Avira Anti virus software .

I just did what I thought was a full scan on my External E drive and it seemed to do it quite quickly.

Its a 160 gig drive, that is 33 gigs full so far.

My Laptop is only about 34 gig.. and yesterday I had done full scans with some of the other Antivirus software
programmes on my harddrive including Dr Web, Spybot, Avz and Malware.. Most of these individual checks took over 2 hours each.

Yet the Avira scan seemed to just took about an hour.

Would you say this is normal or that there may be two alternative scans like on some AV programmes that have a quick and full scan... I can only see one scan type on Avira.

I did copy a lot of my laptops hard drive over the last few months before 2009 ..but I have added quite a lot more since the beginning of this year.

I did in fact find 5 viruses on my external Drive, but I dont think any were serious. I have quarenteened them for the time being.

Provided you think the scan I did seems to have been ok , I will look to make a full copy of my C drive on it as a backup.

thank you

Dowsp