please forgive me if this has been delt with before but im completely stuck and need help
pceu virus [Solved]
#1
Posted 12 January 2014 - 01:21 PM
Register to Remove
#2
Posted 12 January 2014 - 02:45 PM
Hello robmiller and welcome to the WTT forum.
My name is Satchfan and I would be glad to help you with your computer problem.
Please read the following guidelines which will help to make cleaning your machine easier:
- please follow all instructions in the order posted
- please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
- all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
- if you don't understand something, please don't hesitate to ask for clarification before proceeding
- the fixes are specific to your problem and should only be used for this issue on this machine.
- please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
IMPORTANT:
Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested
Run RogueKiller
IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!
Close all running programs.
Download one of these to your desktop:
for a 32-bt system download this version.
for 64-bit use this one
- close all running programs
- for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
- when the pre-scan is finished, click on Scan
- click on Report and copy/paste the content in your next post
- NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad
If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.
Please post the contents of the RKreport.txt in your next reply.
Satchfan
NINA - Proud graduate of the WTT Classroom
Member of UNITE
The help you receive here is free but if you feel I have helped, you may consider making a Donation.#3
Posted 12 January 2014 - 04:10 PM
thank you for your reply. unfortunately im on my wifes laptop as my pc the one that's infected will not start in safe mode, has blue screen now on main start up. I desperately need to rescue my pictures from my pc. I have tried removing the hard drive from the pc and slaving it on a pc ive borrowed but my documents folder is blocked. ive tried farbar but that dosent bring up the repair option on reboot.
im not a complete pc nubee but have limited knowledge. its an old pc 3200 processor running xp
thank you for your help
#4
Posted 12 January 2014 - 05:24 PM
Do you have a Windows XP startup disk or Windows XP CD?
NINA - Proud graduate of the WTT Classroom
Member of UNITE
The help you receive here is free but if you feel I have helped, you may consider making a Donation.#5
Posted 12 January 2014 - 05:28 PM
yes I have xp cd
#6
Posted 13 January 2014 - 02:36 AM
This infection locks you out of your computer and we need to try a couple of ways to gain access .
Hopefully we'll be able to get your pictures back but I need a bit more information before deciding on how to deal with this,
When you tried using Farbar Recovery Scan Tool, please tell me how you tried it and what happened.
NINA - Proud graduate of the WTT Classroom
Member of UNITE
The help you receive here is free but if you feel I have helped, you may consider making a Donation.#7
Posted 13 January 2014 - 01:37 PM
went to bleeping computer.com download 32bit version on a pc I have borrowed from work.. copied the file onto a usb stick.
booted up infected pc, signed in at log on. waited for hard disc to stop accessing files inserted usb stick waited for green light to steady blink. turned off pc by front power button as cant get to start bar.restarted pressed f8 after first boot repair option not on available list of options eg safe mode, command prompt etc. did manage to get to note pad once by going in on debugging mode. but absolutely no idea what to type in so closed down. hope this is of help.
#8
Posted 13 January 2014 - 03:52 PM
Using the computer that works, download Farbar Recovery Scan Tool from one of the following links and save it to a flash drive.
Note: You need to run the version compatible with your system.
32-bit
64-bit
- next, download OTLPENet.exe to your Desktop
- make sure that you have a blank CD in the drive
- double click OTLPENet.exe and this will then open ImgBurn to burn the file to CD
- boot your infected computer using the boot CD you just created.
If Windows starts normally, you’ll have to change a BIOS setting boot from CD: how to do this varies between different computer models but usually it's written on the first screen displayed after power on, eg. "Press Del to Enter Setup", "F12 = Boot order" (you can follow the steps here
- your system should now display a Reatogo desktop.
- insert the flash drive with FRST on it
- open My Computer to locate the flash drive and run FRST
- when the tool start to run, click Yes to the disclaimer
- press the Scan button
- when it has finished, it will create a log, (FRST.txt), on the flash drive
- move the flash drive to a working computer and open the log file in Notepad.
Please copy and paste it to your reply.
Satchfan
NINA - Proud graduate of the WTT Classroom
Member of UNITE
The help you receive here is free but if you feel I have helped, you may consider making a Donation.#9
Posted 14 January 2014 - 12:45 PM
have done as requested infected pc booted to reatogo, ran farbar, created log file, copied, unable to paste?????
#10
Posted 14 January 2014 - 03:25 PM
For some reason there is a problem pasting in Internet Explorer.
Please use either Firefox or Chrome as your browser and try again.
NINA - Proud graduate of the WTT Classroom
Member of UNITE
The help you receive here is free but if you feel I have helped, you may consider making a Donation.Register to Remove
#11
Posted 14 January 2014 - 04:08 PM
#12
Posted 14 January 2014 - 04:28 PM
Hi
Glad you got that to paste OK. We're making progress as I can see the problem and hopefully we can deal with it.
I have a very early start in the morning so will have to reply tomorrow, (10.30 GMT here now).
Satchfan
NINA - Proud graduate of the WTT Classroom
Member of UNITE
The help you receive here is free but if you feel I have helped, you may consider making a Donation.#13
Posted 15 January 2014 - 03:04 AM
I have a few minutes before I leave so thought I'd leave you with instructions to be getting on with until later.
Using the same CD, please boot into the PE (Preinstallation Environment) and run FRST again. Type the following in the edit box after "Search:".
explorer.exe
Click the Search button and post the log in your reply, (the log Search.txt can be found in the same place as the previous log you sent).
Thanks
Satchfan
NINA - Proud graduate of the WTT Classroom
Member of UNITE
The help you receive here is free but if you feel I have helped, you may consider making a Donation.#14
Posted 15 January 2014 - 12:19 PM
#15
Posted 15 January 2014 - 04:58 PM
We need to fix an entry that FRST found.
- click Start
- type notepad.exe in the search programs and files box and clcik Enter
- a blank Notepad page should open
- copy/paste the contents of the code box below into Notepad.
Replace:C:\WINDOWS\ServicePackFiles\i386\explorer.exe C:\Windows\explorer.exe
NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system
- save it to your USB flashdrive as fixlist.txt
- boot into the PE (Preinstallation Environment)
- start FRST as you did when you ran a scan earlier, but this time when it opens press the Fix button once and wait
- when finished, it will produce a log fixlog.txt on your USB flashdrive
- exit the Recovery Environment and post the log.
Please also try to boot to Windows and tell me how it goes.
Thanks
Satchfan
NINA - Proud graduate of the WTT Classroom
Member of UNITE
The help you receive here is free but if you feel I have helped, you may consider making a Donation.0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users