3 replies to this topic

[straybb]

I had the rogue antivirus AntivirusPro 2010 and went through the manual procedures to remove it. Or at least I thought so. I still cannot access system restore because something has created a group policy and refers me to my domain admin. This is a mini and personal, it isn't even a part of a domain! I cannot run spybot, malware bytes, and i can't even run hijack this! because I get an error about the hosts file being locked and it recommends that i delete the hosts file but when i try, it's access denied. I have thought about wiping the hdd on this and reinstalling but because it has no CD drive whatsoever, I am hesitant about trying to load windows via usb, if it's even possible.... I was able to get AVG on it and Norman Security, AVG found nothing and Norman found a bunch of stuff and supposedly quarantined it. Well, everytime it went into screensaver mode norman would scan and cause it to hang so i uninstalled norman. I joined my home workgroup to see if I could scan this machine remotely but mcAfee found nothing. I would prefer to fix this vs wiping it if possible, suggestions are welcomed!! I was also able to download spybot and malwarebytes but it locks down the exe files, i can't even rename them. it allows them to run and begin a scan and then shuts them down within a few seconds almost as though they never began. I created a new admin account called 'local admin' and had the same issue. I tried to signin to the Administrator account but got a message about passwords and it wouldn't let me in, althugh I can get into it in safe mode. Unfortunately, even in safe mode, whatever this bug is stays present and I still can't access the sys restore or delete/uninstall things or run some exe's. I'm actually quite surprised that I can still surf the net, to be honest with you. I was getting browser redirects but norman seems to have stopped that....for now....

Edited by straybb, 06 October 2009 - 12:57 AM.

[oldman960]

Hi straybb, welcome to the forum.

To make cleaning this machine easier

• Please do not uninstall/install any programs unless asked to
  It is more difficult when files/programs are appearing in/disappearing from the logs.
• Please do not run any scans other than those requested
• Please follow all instructions in the order posted
• All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
• Do not attach any logs/reports, etc.. unless specifically requested to do so.
• If you have problems with or do not understand the instructions, Please ask before continuing.
• Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

Note: If you are a Vista user, you will need to right click on the exe and "Run as Administrator" rather than double clicking.


Please run RootRepeal

• Download RootRepeal from one of the following locations and save it to your desktop.
  Here
  Here
  or Here
  
  
• Open on your desktop.
  
  
• Click the tab.
  
  
• Click the button.
  
  
• In the Select Scan dialog, check
  
  
  
  
• Push Ok
  
• Check the box for your main system drive (Usually C:), and press OK.
  
• Allow RootRepeal to run a scan of your system. This may take some time.
  
• Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt.

Download OTListIt2 to your desktop.

• Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Please post back with

• RootRepeal log
• both OTL logs

Thanks

[oldman960]

Hi, Do you still need help with this? Thanks

[oldman960]

Due to inactivity this topic will be closed. If you need help please start a new thread.