Trouble following antivir removal instructions

View previous topic View next topic Go down

Trouble following antivir removal instructions

Post by shortpoolguy on 9th August 2010, 3:37 pm

Hello,

My laptop has the antivir malware. I've been trying to follow the instructions, but now my computer is randomly turning off. I tried the 'repair computer' boot option, but it turned off there too. I did manage to get into safe mode one time and ran hijackthis, and had downloaded malwarebytes, and was running the scan when it turned off.

Any suggestions?

shortpoolguy
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-08-09
OS OS : Vista
Points Points : 23208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trouble following antivir removal instructions

Post by Sneakyone on 9th August 2010, 9:48 pm

Hi, Welcome to GeekPolice.net!

Please run these in Safe Mode with Networking and post the logs here:

Please download and run RKill.

[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.]

  • Save it to your Desktop.
  • Double click the RKill desktop icon.
  • It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
  • Please post its log in your next reply.
  • After it has run successfully, delete RKill.

Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.

==============

Please download [You must be registered and logged in to see this link.] to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time


Note: in the event that OTL fails to run, please use alternate download links to try again:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trouble following antivir removal instructions

Post by shortpoolguy on 9th August 2010, 10:48 pm

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Alan on 08/09/2010 at 18:47:37.


Processes terminated by Rkill or while it was running:


C:\Users\Alan\Downloads\rkill.com


Rkill completed on 08/09/2010 at 18:47:39.

shortpoolguy
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-08-09
OS OS : Vista
Points Points : 23208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trouble following antivir removal instructions

Post by shortpoolguy on 9th August 2010, 11:02 pm

My laptop shut off during OTL :sad:

I did notice the fan was churning pretty hard when it shut down. That would be an odd coincidence since I've never had it shut down due to temp before.

(Thanks for responding and trying to help me. It is appreciated!)

shortpoolguy
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-08-09
OS OS : Vista
Points Points : 23208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trouble following antivir removal instructions

Post by Sneakyone on 10th August 2010, 5:51 am

Hi.

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trouble following antivir removal instructions

Post by shortpoolguy on 10th August 2010, 11:07 pm

I tried running commy a couple of times, and each time it said I needed administrator permissions, even when I ran it from an administrator command prompt. It continued on saying it was scanning for infected files, and I saw it print something like "The system cannot run the specified program" 5 times and then my system shut off again.

shortpoolguy
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-08-09
OS OS : Vista
Points Points : 23208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trouble following antivir removal instructions

Post by Sneakyone on 11th August 2010, 2:37 am

Hi.

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Step 1: you need to get the appropriate burning software for this task.

Download [You must be registered and logged in to see this link.]
  • This will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic.
  • See the [You must be registered and logged in to see this link.] page for more info.
Step 2: download the OTLPE REATOGO Windows Recovery Environment.
  • Download [You must be registered and logged in to see this link.] and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps [You must be registered and logged in to see this link.]
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Non-Microsoft
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\_OTL\MovedFiles
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trouble following antivir removal instructions

Post by shortpoolguy on 14th August 2010, 10:35 pm

Hi, sorry I haven't had a change to get back to this until now.

I'm getting a 404 for the link to OTLPE.iso

shortpoolguy
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-08-09
OS OS : Vista
Points Points : 23208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trouble following antivir removal instructions

Post by Sneakyone on 15th August 2010, 6:13 am

Hi.

Try this updated one:

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.
  • Place a blank CD-R disc in to your CD burning drive.
  • Download [You must be registered and logged in to see this link.] and double-click on it to burn to a CD using ISO Burner.
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps [You must be registered and logged in to see this link.]
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Non-Microsoft
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\_OTL\MovedFiles
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trouble following antivir removal instructions

Post by shortpoolguy on 16th August 2010, 10:52 pm

Okay, I got the disc burned and tried to boot from the CD. I saw the REATOGO-X-PE starting up, and then it got to the Windows Startup splash, and then I got a bluescreen. This happened twice.

I'm not sure if this is helpful, but the addresses shown were:

*** STOP: 0x0000007B (0xF78DA528, 0xC0000034, 0x00000000, 0x00000000)

I appreciate the help, but at this point I'm willing to consider wiping everything and getting a copy of Windows 7 to install. If I go that route, can you recommend the best procedure to wipe everything?

Thanks!

shortpoolguy
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-08-09
OS OS : Vista
Points Points : 23208
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trouble following antivir removal instructions

Post by Sneakyone on 18th August 2010, 9:48 pm

Hi.

Sorry for the delay,

Please wait patiently as I ask my colleagues about this.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56104
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum