[sd4lyph]

Hello,

Recently I got a virus attacked on my computer. I am using my laptop now but my pc is infected. It is a antivirus software called Antivirus advance. I try to execute Rkill and Mbam but it wont let me execute them. Please help as I need my pc since its finals week coming up. Thank you very much.

[Advertisements]

just bumpin this thread. How do i get the scans to run as my virus is stopping anything from executing.

[sd4lyph]

just bumpin this thread. How do i get the scans to run as my virus is stopping anything from executing.

[mitch8]

Hello sd4lyph, and welcome to GeeksToGo! My name is Mitch8 and I will be helping you with your problem. Here are a few things I would like to point out:

• Please post your logs, don't attach them unless stated.
• Please read my posts carefully and if you have any questions ask.
• Stay with this topic until I tell you that your system is clean. Malware can still be on your system even if you don't notice it.

Lets try this first, if it fails go to Plan B.

Note: If using Firefox right-click on any download links and choose Save As

Please download OTH to your desktop
Please download OTL to your desktop

Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.



Then select Start OTL. OTL will now run

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Click the Internet Explorer button, post these logs in your Virus Removal topic.

Plan B

Download Rkill from here: there are several flavours to choose from, if one does not work then try the next

• rkill.com
• rkill.scr
• iExplore.exe

Once it is downloaded, double-click on rkill in order to automatically attempt to stop any processes associated with Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the malware when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the malware. So, please try running Rkill until malware is no longer running. You will then be able to proceed with the rest of my instructions.

Do not reboot your computer after running rkill as the malware programs will start again.

Then run OTL as above (without OTH).

[sd4lyph]

Okay i will try that. Regarding the option one; I was unable to get the OTH onto my pc (using my laptop atm). So i'll try plan b. I clicked on rkill.com twice and the infection message does pop up. I left the fake warning on the screen and double click on rkill.com again; however i don't notice any black box you stated in your post. Should I just leave it after I double click rkill.com the second time; since I already have the infection warning on my screen? Thanks for your help Mitch.

[mitch8]

Yes, try running rkill again. If you can't, can you try running OTL with the fake warning open?

Do you have a blank CD and a clean computer?

[sd4lyph]

No i do not as for some reason my laptop just got a virus too. HDDiagnostic virus? I just scan that with malwarebytes so hopefully i can fix that. My computer restarted and now I can't get back onto my desktop. I try going into safemode but it won't let me; nor would starting Windows normally. Windows loads and it flickers w/a blue screen w/white words. Although I can't make out the words since its a quick flicker. After that I am back at a screen that says "We apologize for the inconvenience, but windows did not start succesffully. A recent hardware or software change have caused this." Then it ask me to choose which mode to go into, after i choose one, it does the same thing w/the flickering and blue screen w/the words. I think my computer just shot the crappa

[mitch8]

Where you transferring the files with a flash drive?

We can use a bootable version of OTL but you will have to be able to download it. Try to do this on your laptop. You will need a blank CD.

Please print these instruction out so that you know what you are doing

File details OTLPENet.exe
Bytes=126,850,486
MB=120.9
MD5=8A7C5BA1C92552ADDCC5E468D0AA069A

• Download OTLPENet.exe to your desktop
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  
• Reboot your system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
  
  
• Your system should now display a Reatogo desktop.
  Note : as you are running from CD it is not exactly speedy
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system.
• Right click the file and select send to : select the USB drive.
• Confirm that it has copied to the USB drive by selecting it
• You can backup any files that you wish from this OS
• Please post the contents of the C:\OTL.txt file in your reply.

[mitch8]

Oops, I see you can't use your laptop.

Try running OTL from safemode. We can try to fix the other computer, but try to fix this one first.

[sd4lyph]

Where you transferring the files with a flash drive?

We can use a bootable version of OTL but you will have to be able to download it. Try to do this on your laptop. You will need a blank CD.

Please print these instruction out so that you know what you are doing

File details OTLPENet.exe
Bytes=126,850,486
MB=120.9
MD5=8A7C5BA1C92552ADDCC5E468D0AA069A

• Download OTLPENet.exe to your desktop
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  
• Reboot your system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
  
  
• Your system should now display a Reatogo desktop.
  Note : as you are running from CD it is not exactly speedy
• Double-click on the OTLPE icon.
• Select the Windows folder of the infected drive if it asks for a location
• When asked "Do you wish to load the remote registry", select Yes
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system.
• Right click the file and select send to : select the USB drive.
• Confirm that it has copied to the USB drive by selecting it
• You can backup any files that you wish from this OS
• Please post the contents of the C:\OTL.txt file in your reply.

This instruction is for my pc right? lol sorry i'm a little flustered right now because I got a virus on my laptop as well. I dont know how but can i get a virus by transferring files with a flash drive? I'm still on my laptop and can use it. So i'll follow your instructions that i quoted for my pc right? if not i'll wait until you verify. Thanks Mitch.

[sd4lyph]

Sorry I just reread what you wrote. K Im doing this on my laptop .

[sd4lyph]

Can a blank DVD cd be okay? or are you talking about the CD ones that you use to burn music. Sorry I just want to do everything you asked so that I dont mess things up further hehe.

[sd4lyph]

i'm going to jump on safemode on my laptop. I'll be doing all this from my laptop. I have a black screen on this laptop as well >.<.

[sd4lyph]

Mitch would it be okay if we fix the laptop first? I'm not quite sure on what to do. Or should I start a new topic regarding the laptop?

[mitch8]

Start a new topic for the laptop. I can help you there and then we can come back to this. Can you run anything on either computer?

I think you can make OTLPE on a DVD, although I am not positive; that is if you can even download it.

You may have infected your computer with a flash drive. Don't use it until I help you clean it.

[sd4lyph]

Okay thanks Mitch. You want me to put a link for you. Never mind i'll just call it laptop virus. See you there and thank you. This is my gf's laptop..shes going to be pissed lol.