Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91813 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Bad Image Error after virus removal


  • This topic is locked This topic is locked
44 replies to this topic

#16 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 28 September 2009 - 05:59 PM

Hi Compcrap,

Let's see if we can kill some of this. If you get any windows error, just close them.

Download this file & extract TDSSKiller.exe onto your Desktop

Then create this batch file to be placed next to TDSSKiller

----

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE
@ECHO OFF
START /WAIT TDSSKILLER.exe -l Logit.txt -v
START Logit.txt
del %0

In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "fix.bat"
  • Click save
It should look like this: Posted Image
Double click on fix.bat & allow it to run

Post back with the Logit.txt.

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

    Advertisements

Register to Remove


#17 Comcrap

Comcrap

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 28 September 2009 - 10:15 PM

well those irritating error messages have stopped, and all seems well...but I'm not convinced just yet. I had a number of viruses on my PC and my portable flashdrive had been infected with some kind of win32 worm. I also have a external HD, though nothing seems wrong with them How should I go about making sure everything else is clean? Seems like virus scans don't pick up carp** when I run them.

Attached Files



#18 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 28 September 2009 - 10:51 PM

Hi Comcrap,

Well neither am I. We look deeper.

Locate combofix.exe (you renamed it jgh.exe), right click it and select delete.

Download a new copy from Here or Here to your Desktop.

Rename it like you did before before you download it.

Run it wih the previous instructions.

We'll look at your USB drive after we get your computer clean. Please do not attach it to your computer for the time being.

Please post back with the combofix log.

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#19 Comcrap

Comcrap

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 30 September 2009 - 02:09 AM

here's the log. I have a laptop too. Should I run combofix on there to see if I missed any viruses?

Attached Files



#20 Comcrap

Comcrap

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 02 October 2009 - 03:32 PM

Just checking in.

#21 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 02 October 2009 - 05:59 PM

Hi Comcrap,

My apologies, I didn't recieve notification of your previous post.

I have a laptop too. Should I run combofix on there to see if I missed any viruses?

Let's finish this one first, then I would be more than happy to look at your laptop.

Please don't attach the logs unless requested to.

What do you use this program for, ophcrack?


Vuze
You have Vuze, a P2P/file sharing program installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.

References for the risk of these programs can be found in these links:
http://www.microsoft...protection.mspx

http://www.internetw...cles/art053.htm

I would recommend that you uninstall Vuze, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.



Your java is out of date. Click your start button, open Control panel.
  • Locate the Java icon (it looks like a coffee cup)
  • double click it to open it
  • click the Update tab
  • Click update now
After the java is updated, reboot your computer if not prompted to.



You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions.
  • You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computerr under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Change the Files of type to Text file (.txt)
  • Set the Save In to Desktop
  • click the Save button.
  • Please post this log in your next reply.

Please post back with
  • MBAM log
  • Kaspersky log
  • new DDS log

How is the computer?

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#22 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 05 October 2009 - 06:21 AM

Hi Comcrap, Are you still with us? Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#23 Comcrap

Comcrap

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 05 October 2009 - 03:12 PM

Yes, I've just been busy. I scanned my PC with MBAM and the Kaspersky thing, but I don't know what the DDS thing is? You included no instructions on it.

#24 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 05 October 2009 - 06:55 PM

Hi Compcrap,

Sorry, it seems we tried to use DDs but you recieved an error. You should still have OTL, we'll get a log from it instead.

  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output
  • UNcheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
When the scan completes, it will open a notepad windows, OTL.Txt . This issaved in the same location as OTL.

Please post the OTL.txt along with the other logs.

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#25 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 08 October 2009 - 11:34 PM

Hi Comcrap, Are you having problems? Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

    Advertisements

Register to Remove


#26 Comcrap

Comcrap

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 08 October 2009 - 11:36 PM

sorry been a bit busy as of late. you'll see the results tomorrow

#27 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 08 October 2009 - 11:38 PM

Hi Comcrap, :thumbup: Thanks for the update.

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#28 Comcrap

Comcrap

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 10 October 2009 - 03:46 PM

here you go

Attached Files

  • Attached File  OTL.Txt   71.49KB   348 downloads


#29 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 11 October 2009 - 01:17 AM

Hi Compcrap, Please post the MBAM and Kaspersky logs. Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#30 Comcrap

Comcrap

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 13 October 2009 - 10:41 PM

Sorry about that

Attached Files


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users