Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Fake win32 netsky/alureon rootkit/GMER problem [Solved]

Started by jc27712 , Jan 08 2010 06:55 AM

  • This topic is locked This topic is locked

#31
jc27712
Posted 17 January 2010 - 06:25 PM

jc27712

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Hi, couple questions:

*I attempted to uninstall Combofix but when I hit "ok" I got a message saying that Windows could not find Combofix. I copy-and-pasted the text to make sure I had the appropriate space between x and /. It does appear that the Combofix.exe icon is now missing from my desktop. I have no idea how or when this happened, the only time I recall deleting Combofix was when the first version expired and I was downloading the newer version. I still have the Combofix folder under my C: drive. Do I still proceed with OTL/clean up?

*Also, I still don't have a desktop, Windows security, and a bunch of other stuff under normal mode. What should I do to get my laptop back in functioning shape? System Restore? or will that just put all the infections back on my laptop? Or, am I jumping the gun by asking this before doing the OTL clean up?

Many thanks.
  • 0

Advertisements

#32
Rorschach112
Posted 18 January 2010 - 06:55 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
proceed with the OTL clean up, then do this

Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

1. Create a new Restore Point
  • Click on the Start button to open your Start Menu.
  • Click on the Control Panel menu option.
  • Click on the System and Maintenance menu option.
  • Click on the System menu option.
  • Click on System Protection in the left-hand task list.
  • Create the manual restore point you should click on the Create button. When you press this button a prompt will appear asking you to provide a title for this manual restore point.
  • Type in a title for the manual restore point and press the Create button.
  • Close the System window after you have been advised that the procedure has been successfully completed.
.
2. Clear your existing system restore points except for the new clean restore point you just created:
  • Go to Start > Run and type in cleanmgr
  • Select the More options tab
  • Next to System Restore click Clean up
  • This will remove all restore points except the new one you just created.


for your desktop problem

click start > run > type explorer.exe > Click OK, that fix it ?
  • 0

#33
jc27712
Posted 18 January 2010 - 10:07 AM

jc27712

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Unfortunately, I haven't gotten very far:

*Did OTL clean up
*Part of my System Protection seems to be missing. I can get as far as clicking System Protection on the left side, upon which I get a window with tabs at the top for Computer Name, Hardware, Advanced and Remote. According to some images I googled on line, I should have 5 tabs including one for System Protection but I only have the other 4. I looked through System Restore, but didn't see a way to create a manual restore point through there. This is safe mode, can't access system protection through normal mode.
*Since I wasn't able to create a manual restore point, I haven't yet deleted the other restore points
*No change to computer after running explorer.exe -I don't think I have the run option in that location in Vista so I did windows + R to pull up the run command. In Safe Mode, this causes my Documents window to pop up(empty) and nothing else happens. In normal mode, a Windows explorer window with a bunch of files shows up and nothing else happens.
  • 0

#34
Rorschach112
Posted 18 January 2010 - 12:45 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
one final scan

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
explorer.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
  • 0

#35
jc27712
Posted 18 January 2010 - 01:17 PM

jc27712

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I'm not able to get SystemLook to run. As soon as I press the Look button, a Windows box pops up saying "System Querying Tool has stopped working A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available"
  • 0

#36
Rorschach112
Posted 18 January 2010 - 01:18 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
try it in safe mode
  • 0

#37
jc27712
Posted 18 January 2010 - 01:24 PM

jc27712

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Sorry, should have clarified, the above was what happened in safe mode. I can't get any applications on the desktop in normal mode.
  • 0

#38
Rorschach112
Posted 18 January 2010 - 01:28 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your machine seems really messed up. I think a format may be the best solution

Wouldn't hurt to go to the Windows Vista forum, explain the problem, tell them I sent you over, and see if they can help
  • 0

#39
jc27712
Posted 18 January 2010 - 02:38 PM

jc27712

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Darn... although I can't say I'm surprised, with the number of programs that have failed to run. Okay, I will head on over to the Vista forum. I did want to thank you for all the help you've provided! I learned a lot from browsing this forum, so hopefully in the future I'll at least be able to prevent something similiar from happening.
  • 0

#40
Rorschach112
Posted 18 January 2010 - 04:25 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP