Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91803 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] locked down!


  • This topic is locked This topic is locked
3 replies to this topic

#1 straybb

straybb

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 06 October 2009 - 12:39 AM

I had the rogue antivirus AntivirusPro 2010 and went through the manual procedures to remove it. Or at least I thought so. I still cannot access system restore because something has created a group policy and refers me to my domain admin. This is a mini and personal, it isn't even a part of a domain! I cannot run spybot, malware bytes, and i can't even run hijack this! because I get an error about the hosts file being locked and it recommends that i delete the hosts file but when i try, it's access denied. I have thought about wiping the hdd on this and reinstalling but because it has no CD drive whatsoever, I am hesitant about trying to load windows via usb, if it's even possible.... I was able to get AVG on it and Norman Security, AVG found nothing and Norman found a bunch of stuff and supposedly quarantined it. Well, everytime it went into screensaver mode norman would scan and cause it to hang so i uninstalled norman. I joined my home workgroup to see if I could scan this machine remotely but mcAfee found nothing. I would prefer to fix this vs wiping it if possible, suggestions are welcomed!! I was also able to download spybot and malwarebytes but it locks down the exe files, i can't even rename them. it allows them to run and begin a scan and then shuts them down within a few seconds almost as though they never began. I created a new admin account called 'local admin' and had the same issue. I tried to signin to the Administrator account but got a message about passwords and it wouldn't let me in, althugh I can get into it in safe mode. Unfortunately, even in safe mode, whatever this bug is stays present and I still can't access the sys restore or delete/uninstall things or run some exe's. I'm actually quite surprised that I can still surf the net, to be honest with you. I was getting browser redirects but norman seems to have stopped that....for now....

Edited by straybb, 06 October 2009 - 12:57 AM.

    Advertisements

Register to Remove


#2 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 06 October 2009 - 06:47 PM

Hi straybb, welcome to the forum.

To make cleaning this machine easier
  • Please do not uninstall/install any programs unless asked to
    It is more difficult when files/programs are appearing in/disappearing from the logs.
  • Please do not run any scans other than those requested
  • Please follow all instructions in the order posted
  • All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
  • Do not attach any logs/reports, etc.. unless specifically requested to do so.
  • If you have problems with or do not understand the instructions, Please ask before continuing.
  • Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

Note: If you are a Vista user, you will need to right click on the exe and "Run as Administrator" rather than double clicking.


Please run RootRepeal
  • Download RootRepeal from one of the following locations and save it to your desktop.
    Here
    Here
    or Here

  • Open Posted Image on your desktop.

  • Click the Posted Image tab.

  • Click the Posted Image button.

  • In the Select Scan dialog, check

    Posted Image

  • Push Ok
  • Check the box for your main system drive (Usually C:), and press OK.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt.


Download OTListIt2 to your desktop.
  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Please post back with
  • RootRepeal log
  • both OTL logs

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#3 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 09 October 2009 - 06:10 PM

Hi, Do you still need help with this? Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#4 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 12 October 2009 - 07:32 PM

Due to inactivity this topic will be closed. If you need help please start a new thread.

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users