GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Another Win Blue Virus. Help Please

View previous topic View next topic Go down

Re: Another Win Blue Virus. Help Please

Post by Belahzur on Wed Jun 03, 2009 11:15 am

Thanks Origin. Smile

PatTheBaker - We need to clean the iPod then, but read my instructions carefully, because when we plug it in, we need to have this next tool already open and running because it will disable the infection on the iPod.

Please download [You must be registered and logged in to see this link.] to your Desktop and run it by double clicking the program's icon.

  1. Wait a couple of seconds for initial scan to finish.
  2. Connect all of your USB storage devices to the PC, one at a time, and keep each one connected at least for 10 seconds.
  3. If there are more USB storage devices to scan, please take a note about the order in which these were connected.
  4. After all the devices are scanned, right click in the Monitor tab, and choose "Save log". That will open the log in Notepad. Please copy and paste the log into this thread.
Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC, e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras, memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Another Win Blue Virus. Help Please

Post by PatTheBaker on Wed Jun 03, 2009 8:09 pm

USBNoRisk 2.4 (1 June 2009) by bobby

Started at 6/3/2009 2:15:30 PM

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {f7178da6-7c6b-11dd-86d3-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for f7178da6-7c6b-11dd-86d3-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

autorun.inf found in Qoobox
----------------------------------------
Content of C:\QooBox\Quarantine\C\autorun.inf.vir
----------------------------------------
[autorun]
;tkwhbrmeqmsucxgfrxhazfdpiwhnpnadsnfwmbzcacussdngwierruzqkiycldpeqbxqkgainjnx
shellexecute="RECYCLER\S-1-3-54-100009281-100029388-100001899-7734.com c:\"
;bophwpwedljgdhjwjgrcmjhgdxyojtrxqeyuxfxfd
shell\Open\command="RECYCLER\S-1-3-54-100009281-100029388-100001899-7734.com c:\"
;rymhmdvswyxnwdguamozcdapdpripjxzcdhwstotykmazroxlmknzqgihnhwwtqxipwgdrekbprvmryiujzmpx
shell=Open
----------------------------------------
========================================
Initial scan finished!
========================================


New device connected at 6/3/2009 2:17:51 PM

Scanning for connected USB mass storage...
----------------------------------------
F: {b3a518fa-9033-11dd-8715-00c09fda8693}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
autorun.inf found on F:
----------------------------------------
File F:\autorun.inf renamed successfully

Content of F:\autorun.inf.blocked
----------------------------------------
[autorun]
;iykaktyojqhzpgbowchprnrbccezpulrhqqhlsdtbigvbvgdfypqyncnagwbpnsqfxpalugxrlpvimvfyeuatohobrdbseobuckfhtzfa
shellexecute="RECYCLER\S-1-3-54-100009281-100029388-100001899-7734.com f:\"
;znwqmsbpycckmwh
shell\Open\command="RECYCLER\S-1-3-54-100009281-100029388-100001899-7734.com f:\"
;avsqollqwxvyvxzsjtwelnsmtixyiuebyrmhjplqtssndkhejzuplspnkazjswqbgtaigtsxphszjmkzraygbuzjmyoaobyaaqzyxi
shell=Open
----------------------------------------

Files referenced from F:\autorun.inf.blocked
----------------------------------------
None
----------------------------------------

Sanitized mountpoint for b3a518fa-9033-11dd-8715-00c09fda8693
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================


Last edited by PatTheBaker on Wed Jun 03, 2009 8:20 pm; edited 2 times in total (Reason for editing : Here's the Log)

PatTheBaker
Intermediate
Intermediate

Status :
Online
Offline

Posts : 67
Joined : 2009-05-29
Gender : Male
OS : XP Home Edition
Points : 27515
# Likes : 0

View user profile

Back to top Go down

Re: Another Win Blue Virus. Help Please

Post by Belahzur on Wed Jun 03, 2009 8:39 pm

Hello.
That's disabled the infection, now we need to remove it fully. Whatever drive F:\ is, make sure you keep it plugged in and do not unplug it until I say so, otherwise this won't work.

Please open USBNoRisk again, we need to use a custom script to delete the malicious autorun.inf files.

  1. When USBNoRisk opens, go into the Script tab, and insert the bolded script below.

    {f7178da6-7c6b-11dd-86d3-806d6172696f}
    protect:
    {b3a518fa-9033-11dd-8715-00c09fda8693}
    delete: F:\autorun.inf.blocked
    protect:



  2. Then press the Run Script button.
  3. Copy and paste the report back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Another Win Blue Virus. Help Please

Post by PatTheBaker on Wed Jun 03, 2009 8:58 pm

It gets a Not Responding when I run the script so I can't get a log.

PatTheBaker
Intermediate
Intermediate

Status :
Online
Offline

Posts : 67
Joined : 2009-05-29
Gender : Male
OS : XP Home Edition
Points : 27515
# Likes : 0

View user profile

Back to top Go down

Re: Another Win Blue Virus. Help Please

Post by Belahzur on Wed Jun 03, 2009 9:04 pm

Might be some other software conflicting. Lets try disabling Trend Micro.

See [You must be registered and logged in to see this link.] for how to disable your AV. (Trend Micro)


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Another Win Blue Virus. Help Please

Post by PatTheBaker on Wed Jun 03, 2009 9:24 pm

No response still.

PatTheBaker
Intermediate
Intermediate

Status :
Online
Offline

Posts : 67
Joined : 2009-05-29
Gender : Male
OS : XP Home Edition
Points : 27515
# Likes : 0

View user profile

Back to top Go down

Re: Another Win Blue Virus. Help Please

Post by Belahzur on Wed Jun 03, 2009 9:31 pm

Fine, we'll delete it manually.

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    F:\autorun.inf.blocked


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Another Win Blue Virus. Help Please

Post by PatTheBaker on Wed Jun 03, 2009 9:34 pm

USB No Risk moved the autorun file onto the desktop.

PatTheBaker
Intermediate
Intermediate

Status :
Online
Offline

Posts : 67
Joined : 2009-05-29
Gender : Male
OS : XP Home Edition
Points : 27515
# Likes : 0

View user profile

Back to top Go down

Re: Another Win Blue Virus. Help Please

Post by Belahzur on Wed Jun 03, 2009 9:40 pm

Weird.
Okay, delete it manually.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Another Win Blue Virus. Help Please

Post by PatTheBaker on Wed Jun 03, 2009 9:42 pm

OK, I deleted.

PatTheBaker
Intermediate
Intermediate

Status :
Online
Offline

Posts : 67
Joined : 2009-05-29
Gender : Male
OS : XP Home Edition
Points : 27515
# Likes : 0

View user profile

Back to top Go down

Re: Another Win Blue Virus. Help Please

Post by Belahzur on Wed Jun 03, 2009 9:44 pm

This should be fine now. The iPod is clean now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Another Win Blue Virus. Help Please

Post by PatTheBaker on Wed Jun 03, 2009 9:54 pm

Thank you very much for helping again. Anything else left for the computer?

PatTheBaker
Intermediate
Intermediate

Status :
Online
Offline

Posts : 67
Joined : 2009-05-29
Gender : Male
OS : XP Home Edition
Points : 27515
# Likes : 0

View user profile

Back to top Go down

Re: Another Win Blue Virus. Help Please

Post by Belahzur on Wed Jun 03, 2009 9:54 pm

Nope, not that I can see.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Another Win Blue Virus. Help Please

Post by PatTheBaker on Wed Jun 03, 2009 10:04 pm

OK, thanks.

PatTheBaker
Intermediate
Intermediate

Status :
Online
Offline

Posts : 67
Joined : 2009-05-29
Gender : Male
OS : XP Home Edition
Points : 27515
# Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum