10 replies to this topic

[Sunyata]

like this

Attached Files

•  attatch.txt   11bytes   4 downloads

[Sunyata]

Testing G rating in a code box

ProcessKill \SVICHOOST.exe|1
ProcessKill \######.exe|1
ProcessKill \Liar.exe|1

[Sunyata]

[Sunyata]

Please download aswMBR to your desktop.

• Double click the aswMBR icon to run it.
  

  Vista and Windows 7 users right click the icon and choose "Run as administrator".

• Click the Scan button to start scan.
• When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

[Sunyata]

Print out these instructions as we may need to close every window that is open later in the fix.

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Do not reboot your computer after running rkill as the malware programs will start again.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Note: Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

• rkill.exe
• rkill.com
• rkill.scr
• WiNlOgOn.exe
• uSeRiNiT.exe

Do not reboot your computer after running rkill as the malware programs will start again.

[i][b]Print out these instructions as we may need to close every window that is open later in the fix.[/b][/i]

[indent]It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.
[color="#FF0000"][b]
Do not reboot your computer after running rkill as the malware programs will start again.[/b][/color]

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
[b]Note:[/b] Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

[list=1]
[*][url="http://download.bleepingcomputer.com/grinler/rkill.exe"][color="#0000FF"][b]rkill.exe[/b][/color][/url]
[*][url="http://download.bleepingcomputer.com/grinler/rkill.com"][color="#0000FF"][b]rkill.com[/b][/color][/url]
[*][url="http://download.bleepingcomputer.com/grinler/rkill.scr"][color="#0000FF"][b]rkill.scr[/b][/color][/url]
[*][url="http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe"][color="#0000FF"][b]WiNlOgOn.exe[/b][/color][/url]
[*][url="http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe"][color="#0000FF"][b]uSeRiNiT.exe[/b][/color][/url]
[/list]
[color="#FF0000"][b]Do not reboot your computer after running rkill as the malware programs will start again.[/b][/color]

[/indent]

[Sunyata]

Windows is out of date

You are currently running Windows XP Home Service Pack 2. The latest service pack is service pack 3. Download service pack 3 HERE and install it.

[color="#0000FF"][b]Windows is out of date[/b][/color]
[indent]You are currently running Windows XP Home Service Pack 2. The latest service pack is service pack 3. Download service pack 3 [url="http://www.microsoft.com/downloads/en/details.aspx?FamilyID=5b33b5a8-5e76-401f-be08-1e1555d4f3d4&displaylang=en#SystemRequirements"][color="#0000FF"][b]HERE [/b][/color][/url]and install it.[/indent]

[Sunyata]

Next, please download exeHelper to your desktop. Get it HERE.

• Double-click on exeHelper.com to run the fix.
• A black window should pop up, press any key to close once the fix is completed.
• Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

[b]Next, please download exeHelper to your desktop. Get it [/b][url="http://www.raktor.net/exeHelper/exeHelper.com"][color="#0000FF"][b]HERE[/b][/color][/url].
[list]
[*][b]Double-click[/b] on [color="#0000FF"]exeHelper.com[/color] to run the fix.
[*]A black window should pop up, [b]press any key [/b]to close once the fix is completed.
[*][b]Post [/b]the contents of [color="#0000FF"]exehelperlog.txt [/color](Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
[/list]

[Sunyata]

First,

you must verify that you can access the Windows7 Recovery Environment.To do so, restart your computer and begin tapping the F8 key to enable the Advanced Start menu.
If the option 'Repair your computer' is available, select it.

If not available, you will need to insert your Windows7 installation dvd and restart, then press any key when prompted to boot from the cd.
At the Install Windows screen, select Repair your computer. (image below)

Next,

Please download maxlook, saving the file to your desktop.
Double click maxlook.exe to run it. Note - you must run it only once!
As instructed when the tool runs, restart the computer and logon to the Recovery Environment.
Once you get to the System Recovery Options screen, first take note of the drive letter assigned to the operating system, then select Command Prompt.

Next,

Type the following bolded command at the x:\sources> prompt (or x:\windows\system32>) then hit Enter.

cd /d x:\windows <--- the red x represents your operating system drive letter, as shown in the image below




At the D:\Windows> prompt type the following command then hit Enter

look.bat

You will see many files copied then return to the x:\windows> prompt.
Type Exit then restart your computer and logon in normal mode.

Next,

Once back in Windows, click Start > Run, and copy/paste the following then press Enter.

maxlook -sig

Note - you must run it only once!
Follow the prompts, and attach the C:\looklog.txt in your next reply.

[b]First, [/b][indent]you must [b]verify[/b] that you can access the [color="#0000FF"][b]Windows7 Recovery Environment[/b][/color].To do so, [b]restart [/b]your computer and begin [b]tapping the F8 key [/b]to enable the [b]Advanced Start menu[/b].
If the option [b]'Repair your computer' [/b]is available, [b]select it.[/b]

If not available, you will need to [b]insert your Windows7 installation dvd and restart[/b], then [b]press [/b]any key when prompted to boot from the cd.
At the Install Windows screen, select [b]Repair [/b]your computer. (image below)

[img]http://noahdfear.net/WTT/4.gif[/img]
[/indent]
[b]Next, [/b]
[indent]Please [b]download [/b][url="http://noahdfear.net/downloads/maxlook.exe"][color="#0000FF"][b]maxlook[/b][/color][/url], saving the file to your desktop.
[b]Double click[/b] [color="#0000FF"]maxlook.exe[/color] to run it. [color="#FF0000"][size="4"][b]Note - you must run it only once![/b][/size][/color]
As instructed when the tool runs, restart the computer and logon to the Recovery Environment.
Once you get to the System Recovery Options screen, first take note of the drive letter assigned to the operating system, then select Command Prompt.

[img]http://noahdfear.net/WTT/2.gif[/img]
[/indent]
[b]Next,[/b]
[indent][b]Type [/b]the following bolded command at the x:\sources> prompt (or x:\windows\system32>) then[b] hit Enter[/b].

[b]cd /d [color="#FF0000"]x[/color]:\windows[/b] <--- the red [color="#FF0000"][b]x[/b][/color] represents your operating system drive letter, as shown in the image below

[img]http://noahdfear.net/WTT/look7.gif[/img]


At the D:\Windows> prompt [b]type [/b]the following command then [b]hit Enter[/b]

[b]look.bat[/b]

You will see many files copied then return to the [color="#FF0000"][b]x[/b][/color]:\windows> prompt.
[b]Type Exit [/b]then [b]restart [/b]your computer and [b]logon in normal mode.[/b][/indent]
[b]Next,[/b]
[indent]Once back in Windows, [b]click Start > Run[/b], and [b]copy/paste[/b] the following then [b]press Enter[/b]. 

[b]maxlook -sig[/b]

[color="#FF0000"][size="4"][b]Note - you must run it only once![/b][/size][/color]
[b]Follow [/b]the prompts, and [b]attach [/b]the [b]C:\looklog.txt [/b]in your next reply. [/indent]

[Sunyata]

That scan looks good

Before we are done, we want to follow up with three tools to make sure the job is complete.

• The first tool will clean out the temporary files on your system.
• The second will scan for and remove malware that it finds may still be on your machine.
• The third is an online virus scan that you can run from your browser.

Cleanout Temp Files:

Please download OldTimer's Temp File Cleaner. Get it here.

• This program will close all applications before it begins.
• So, please save all work before running it.
• While it is running, the desktop will disappear. This is normal.
• After it cleans, you may have to allow it to restart your computer.

• To run it, double click on the TFC.exe file you downloaded.
• Save all your work in any open windows.
• Click the "Start" button in the lower left corner of the TFC application window.
• Allow the program to complete

Scan For Malware:

Download and save to your desktop Malwarebytes Anti-Malware

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Do An Online Scan For Viruses:

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

• Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
• Check
• Click the Start button.
• Accept any security warnings from your browser.
• Check
• Make sure that the option "Remove found threats" is Unchecked
• Push the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
• Push , and save the file to your desktop using a unique name, such as MyEsetScan. Include the contents of this report in your next reply.
• Push the Back button.
• Push Finish

In your next reply please post the logs created by Malwarebytes and the ESET Online Scan.

How is your system is running now?

That scan looks good :)

[b]Before we are done, we want to follow up with three tools to make sure the job is complete.[/b]
[list]

[*]The first tool will [b]clean out the temporary files [/b]on your system.
[*]The second will [b]scan for and remove malware[/b] that it finds may still be on your machine.
[*]The third is an [b]online virus scan[/b] that you can run from your browser.
[/list]

[b]Cleanout Temp Files:[/b]

Please download [b]OldTimer's Temp File Cleaner[/b].  Get it [url="http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/"][color="#0000FF"]here[/color][/url].
[list]

[*]This program [b]will close all applications[/b] before it begins.
[*]So, please [color="#FF0000"][i]save all work[/i][/color] before running it.
[*]While it is running, [b]the desktop will disappear[/b].  This is normal.
[*]After it cleans, you may have to [b]allow it to restart your computer[/b].
[/list][list=1]
[*][b]To run it[/b], double click on the [b]TFC.exe [/b]file you downloaded.
[*][b]Save all your work [/b]in any open windows.
[*]Click the [b]"Start"[/b] button in the lower left corner of the TFC application window.
[*]Allow the program to complete
[/list]

[b]Scan For Malware:[/b]
[indent]Download and save to your desktop [url="http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html"][color="#2E8B57"][b]Malwarebytes Anti-Malware[/b][/color][/url]

Double Click mbam-setup.exe to install the application.[list]
[*]Make sure a checkmark is placed next to [b]Update Malwarebytes' Anti-Malware[/b] and [b]Launch Malwarebytes' Anti-Malware[/b], then click Finish.
[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select "[b]Perform Quick Scan[/b]", then click [b]Scan[/b].
[*]The scan may take some time to finish,so please be patient.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Make sure that [b]everything is checked[/b], and click [b]Remove Selected[/b].
[*]When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
[*]The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
[*]Copy&Paste the entire report in your next reply.
[/list]
Extra Note:
[color="#2E8B57"][b]If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.[/b][/color][/indent]


[b]Do An Online Scan For Viruses:[/b]

[indent][color="#9932CC"][b]Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.[/b][/color][/indent]
[list=1]
[*][b]Hold down[/b] Control and [b]click[/b] on the following link to [b]open[/b] [color="#0000FF"]ESET OnlineScan[/color] in a new window.   [url="http://www.eset.com/onlinescan/"][color="#0000FF"][b]ESET OnlineScan[/b][/color][/url]
[*][b]Click[/b] the [img]http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png[/img] button.
[*]For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
[list=1]
[*]Click on [img]http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png[/img] to download the ESET Smart Installer. Save it to your desktop.
[*]Double click on the [img]http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png[/img] icon on your desktop.
[/list]
[*][b]Check[/b] [img]http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png[/img]
[*][b]Click [/b]the [b]Start [/b]button.
[*][b]Accept [/b]any security warnings from your browser.
[*][b]Check [/b][img]http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png[/img]
[*][b]Make sure[/b] that the option [b]"Remove found threats"[/b] is [b]Unchecked[/b]
[*]Push the Start button.
[*][color="#0000FF"]ESET[/color] will then [b]download[/b] updates for itself, [b]install [/b]itself, and [b]begin scanning[/b] your computer. Please [b]be patient[/b] as this can take some time.
[*]When the scan completes, [b]push [/b][img]http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png[/img]
[*][b]Push [/b] [img]http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png[/img], and [b]save [/b]the file to your desktop using a unique name, such as [color="#0000FF"]MyEsetScan[/color]. [b]Include [/b]the contents of this report in your next reply.
[*][b]Push [/b]the Back button.
[*][b]Push Finish[/b]
[/list]
In your next reply please [b]post [/b]the logs created by [color="#0000FF"]Malwarebytes[/color] and the [color="#0000FF"]ESET Online Scan[/color].

[color="#0000FF"][i][b]How is your system is running now?[/b][/i][/color]

[Sunyata]

test upload again

Attached Files

•  MBR.dat.txt   512bytes   0 downloads

[Sunyata]

Please download Unhide.exe to your desktop:

• Double-click on the Unhide.exe icon on your desktop and allow the program to run.
• This program will remove the hidden attributes from all the files on your system.
• Note: If you had purposely hidden any files, then you will need to hide them again after this tool has run.

Please download [url="http://download.bleepingcomputer.com/grinler/unhide.exe"][color="#0000FF"][b]Unhide.exe[/b][/color] [/url]to your desktop:
[list]

[*]Double-click on the Unhide.exe icon on your desktop and allow the program to run.
[*]This program will remove the hidden attributes from all the files on your system.
[*]Note: If you had purposely hidden any files, then you will need to hide them again after this tool has run.
[/list]