Sydney: System Security Removal

View previous topic View next topic Go down

Re: Sydney: System Security Removal

Post by sydney_503 on Tue Jun 16, 2009 4:49 am

hi Origin,

I am able to download all the software but the virus won't let me install them. Can you give me some direction?

Thanks

Sydney

sydney_503
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2009-06-16
OS : XP

View user profile

Back to top Go down

Re: Sydney: System Security Removal

Post by Origin on Tue Jun 16, 2009 4:58 am

Try the following:


Please download Ice Sword from [You must be registered and logged in to see this link.]

  1. Download the zip to your desktop and extract it.
  2. Open the Ice Sword folder and then launch IceSword.exe.
  3. Then look in the left hand bottom of the program and press "Registry"
  4. When the registry list opens, drag the line between the two windows so you can see which registry hive you need.
  5. Next, open the HKEY_LOCAL_MACHINE, and navigate to the following key:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

  6. Now look in the right side pane for two run values that are just random numbers.
  7. Once you have found the value(s), right click it and press "Delete"
  8. Okay the prompt and close IceSword.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: Sydney: System Security Removal

Post by sydney_503 on Tue Jun 16, 2009 5:03 am

wow. it won't even let me open the file to unzipped.

sydney_503
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2009-06-16
OS : XP

View user profile

Back to top Go down

Re: Sydney: System Security Removal

Post by Origin on Tue Jun 16, 2009 5:06 am

Here is the file itself not zipped, see if you can do the above:

[You must be registered and logged in to see this link.]


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: Sydney: System Security Removal

Post by sydney_503 on Tue Jun 16, 2009 5:11 am

I was able to open it, run it, but step three didn't happen. the virus said iceword.exe is infected etc.... do I have more option?

sydney_503
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2009-06-16
OS : XP

View user profile

Back to top Go down

Re: Sydney: System Security Removal

Post by Origin on Tue Jun 16, 2009 5:13 am


1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV. (Mcafee)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3

View user profile

Back to top Go down

Re: Sydney: System Security Removal

Post by sydney_503 on Tue Jun 16, 2009 5:35 am

I was able to un icesword.exe but when I run Combo-fix i don't see anything happening.

so step 1) run icesword
step 2) run combo-fix?

sydney_503
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2009-06-16
OS : XP

View user profile

Back to top Go down

Re: Sydney: System Security Removal

Post by Belahzur on Tue Jun 16, 2009 8:50 am

Can you do the following in Safe Mode with Networking, (as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press your Enter key.

Note: With some computers if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", tap the "F8 key" continuously until you get the startup menu.) Once in the start up menu, select "Safe Mode with Networking", then try IceSword again.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Sydney: System Security Removal

Post by sydney_503 on Tue Jun 16, 2009 11:27 pm

Hi Belahzur,

I was able to run Icesword, but when i run combo-fix nothing happens.

sydney_503
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2009-06-16
OS : XP

View user profile

Back to top Go down

Re: Sydney: System Security Removal

Post by sydney_503 on Wed Jun 17, 2009 2:49 am

i ran icesword and i deleted these two files

C:\Documents and Settings\All Users\Application Data\19519684\19519684.exe
C:\Documents and Settings\All Users\Application Data\99529676\99529676.exe

and then run combo-fix but nothing happens

sydney_503
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2009-06-16
OS : XP

View user profile

Back to top Go down

Re: Sydney: System Security Removal

Post by Belahzur on Wed Jun 17, 2009 12:41 pm

Did you delete the run values too?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum