Welcome to GeekPolice!
HomeTHINKPOINT removed, hopefully?? BUT, now another problem arrived...
Page 3 of 5
Page 3 of 5 • 
1, 2, 3, 4, 5 
- Dr Jay
Head Admin
-
Power of Youth! 
OS : Windows 10 Home & Pro, Android, Linux
Arch. : x64 (64-bit)
Anti-Malware : Bitdefender Total Security
Posts : 15182
Rubies : 289568
Likes : 160 
Dr Jay on 20th October 2010, 8:31 am
Please be patient. We all work very busy lives, and forums are just our hobby work. However, still taking all of our tasks seriously, we cannot compete by ourselves with all of the virus makers. We have tons to work for, so we cannot usually get to everyone more than once a day.
Do you have a XP cd?
We need to replace a file that is infected. It is the same file that keeps on spawning the blue screen of death.
Do you have a XP cd?
We need to replace a file that is infected. It is the same file that keeps on spawning the blue screen of death.
- darinlee
Novice
-
OS : XP
Posts : 31
Rubies : 3194
Likes : 0 -
darinlee on 20th October 2010, 8:34 am
sorry if i seem impatient, but i have never seen the warning message from an internet provider before... i don't want to find out if they are bluffing about cancelling my internet service, lol...
and no, i no longer have any of the xp disks...
and no, i no longer have any of the xp disks...
- Dr JayHead Admin
-
Power of Youth!
OS : Windows 10 Home & Pro, Android, Linux
Arch. : x64 (64-bit)
Anti-Malware : Bitdefender Total Security
Posts : 15182
Rubies : 289568
Likes : 160 -
Dr Jay on 20th October 2010, 8:40 am
If they did not tell you directly, then I would not worry about it. It may be a scare tactic by the malware.
It may be able to be disinfected with this removal disc:
Let me know how it goes.
It may be able to be disinfected with this removal disc:
- Kaspersky RescueDisk
If you encounter problems running the RescueDisk, you can get further assistance at the Kaspersky Support Forum.
Let me know how it goes.
- Dr JayHead Admin
-
Power of Youth!
OS : Windows 10 Home & Pro, Android, Linux
Arch. : x64 (64-bit)
Anti-Malware : Bitdefender Total Security
Posts : 15182
Rubies : 289568
Likes : 160 -
Dr Jay on 20th October 2010, 9:19 pm
Contact them back, and tell them to hold off, as you are in the process of getting professional help on removal. Tell them it takes a bit longer than just a day or two to get it disinfected.
Let me know on the progress of the Kaspersky rescue disc.
Let me know on the progress of the Kaspersky rescue disc.
- darinleeNovice
-
OS : XP
Posts : 31
Rubies : 3194
Likes : 0 -
darinlee on 20th October 2010, 9:53 pm
so this is from the first scan... what does the malfunction and postponed mean??
Objects Scan: malfunction (events: 3, objects: 2, time: Unknown)
10/20/10 3:18 AM Task started
10/20/10 4:49 AM Detected: Trojan.Win32.Clicker.hd C:/Documents and Settings/Owner/DoctorWeb/Quarantine/A0002048.exe/data0004
10/20/10 4:49 AM Untreated: Trojan.Win32.Clicker.hd C:/Documents and Settings/Owner/DoctorWeb/Quarantine/A0002048.exe/data0004 Postponed
Objects Scan: completed 1 hour ago (events: 17, objects: 368315, time: 06:43:17)
10/20/10 6:35 AM Task started
10/20/10 7:58 AM Detected: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Owner/DoctorWeb/Quarantine/A0002015.dll
10/20/10 7:58 AM Untreated: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Owner/DoctorWeb/Quarantine/A0002015.dll Postponed
10/20/10 8:23 AM Detected: Trojan.Win32.Clicker.hd C:/Qoobox/Quarantine/C/Program Files/Mozilla Firefox/searchplugins/google_search.xml.vir
10/20/10 8:23 AM Untreated: Trojan.Win32.Clicker.hd C:/Qoobox/Quarantine/C/Program Files/Mozilla Firefox/searchplugins/google_search.xml.vir Postponed
10/20/10 8:26 AM Detected: Trojan-Spy.Win32.SpyEyes.crp C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002049.exe/UPX
10/20/10 8:26 AM Untreated: Trojan-Spy.Win32.SpyEyes.crp C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002049.exe/UPX Postponed
10/20/10 8:26 AM Detected: Trojan.Win32.FakeAV.ngj C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002047.exe
10/20/10 8:26 AM Untreated: Trojan.Win32.FakeAV.ngj C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002047.exe Postponed
10/20/10 8:35 AM Detected: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Owner/DoctorWeb/Quarantine/A0002015.dll
10/20/10 1:18 PM Detected: Trojan.Win32.Clicker.hd C:/Qoobox/Quarantine/C/Program Files/Mozilla Firefox/searchplugins/google_search.xml.vir
10/20/10 1:18 PM Deleted: Trojan.Win32.Clicker.hd C:/Qoobox/Quarantine/C/Program Files/Mozilla Firefox/searchplugins/google_search.xml.vir
10/20/10 1:18 PM Detected: Trojan.Win32.FakeAV.ngj C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002047.exe
10/20/10 1:18 PM Deleted: Trojan.Win32.FakeAV.ngj C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002047.exe
10/20/10 1:18 PM Detected: Trojan-Spy.Win32.SpyEyes.crp C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002049.exe/UPX
10/20/10 1:18 PM Deleted: Trojan-Spy.Win32.SpyEyes.crp C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002049.exe
10/20/10 1:18 PM Task completed
Objects Scan: running (events: 3, objects: 158691, time: 01:21:47)
10/20/10 1:23 PM Task started
10/20/10 1:25 PM Task stopped
10/20/10 1:29 PM Task started
Objects Scan: malfunction (events: 3, objects: 2, time: Unknown)
10/20/10 3:18 AM Task started
10/20/10 4:49 AM Detected: Trojan.Win32.Clicker.hd C:/Documents and Settings/Owner/DoctorWeb/Quarantine/A0002048.exe/data0004
10/20/10 4:49 AM Untreated: Trojan.Win32.Clicker.hd C:/Documents and Settings/Owner/DoctorWeb/Quarantine/A0002048.exe/data0004 Postponed
Objects Scan: completed 1 hour ago (events: 17, objects: 368315, time: 06:43:17)
10/20/10 6:35 AM Task started
10/20/10 7:58 AM Detected: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Owner/DoctorWeb/Quarantine/A0002015.dll
10/20/10 7:58 AM Untreated: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Owner/DoctorWeb/Quarantine/A0002015.dll Postponed
10/20/10 8:23 AM Detected: Trojan.Win32.Clicker.hd C:/Qoobox/Quarantine/C/Program Files/Mozilla Firefox/searchplugins/google_search.xml.vir
10/20/10 8:23 AM Untreated: Trojan.Win32.Clicker.hd C:/Qoobox/Quarantine/C/Program Files/Mozilla Firefox/searchplugins/google_search.xml.vir Postponed
10/20/10 8:26 AM Detected: Trojan-Spy.Win32.SpyEyes.crp C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002049.exe/UPX
10/20/10 8:26 AM Untreated: Trojan-Spy.Win32.SpyEyes.crp C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002049.exe/UPX Postponed
10/20/10 8:26 AM Detected: Trojan.Win32.FakeAV.ngj C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002047.exe
10/20/10 8:26 AM Untreated: Trojan.Win32.FakeAV.ngj C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002047.exe Postponed
10/20/10 8:35 AM Detected: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Owner/DoctorWeb/Quarantine/A0002015.dll
10/20/10 1:18 PM Detected: Trojan.Win32.Clicker.hd C:/Qoobox/Quarantine/C/Program Files/Mozilla Firefox/searchplugins/google_search.xml.vir
10/20/10 1:18 PM Deleted: Trojan.Win32.Clicker.hd C:/Qoobox/Quarantine/C/Program Files/Mozilla Firefox/searchplugins/google_search.xml.vir
10/20/10 1:18 PM Detected: Trojan.Win32.FakeAV.ngj C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002047.exe
10/20/10 1:18 PM Deleted: Trojan.Win32.FakeAV.ngj C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002047.exe
10/20/10 1:18 PM Detected: Trojan-Spy.Win32.SpyEyes.crp C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002049.exe/UPX
10/20/10 1:18 PM Deleted: Trojan-Spy.Win32.SpyEyes.crp C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002049.exe
10/20/10 1:18 PM Task completed
Objects Scan: running (events: 3, objects: 158691, time: 01:21:47)
10/20/10 1:23 PM Task started
10/20/10 1:25 PM Task stopped
10/20/10 1:29 PM Task started
- Dr JayHead Admin
-
Power of Youth!
OS : Windows 10 Home & Pro, Android, Linux
Arch. : x64 (64-bit)
Anti-Malware : Bitdefender Total Security
Posts : 15182
Rubies : 289568
Likes : 160 -
Dr Jay on 20th October 2010, 9:58 pm
It means that the removal tool found the threats in a Quarantine folder (where they belong), but cannot remove them, because the quarantine is locked. But, they are safe to be in quarantine, so that is not a big deal.
We need to figure out how to disinfect fdc.sys.
Please give me a few hours, as I have to contact a couple of colleagues on obtaining the correct file replacement for your operating system.
As of right now, you can tell RoadRunner, that your computer is disinfected.
We need to figure out how to disinfect fdc.sys.
Please give me a few hours, as I have to contact a couple of colleagues on obtaining the correct file replacement for your operating system.
As of right now, you can tell RoadRunner, that your computer is disinfected.
- Dr JayHead Admin
-
Power of Youth!
OS : Windows 10 Home & Pro, Android, Linux
Arch. : x64 (64-bit)
Anti-Malware : Bitdefender Total Security
Posts : 15182
Rubies : 289568
Likes : 160 -
Dr Jay on 21st October 2010, 2:12 am
Hi.
Thanks for your patience. I have obtained a copy of the file.
Please download ComboFix
from BleepingComputer.com
Save it to your Desktop, and do NOT run it, yet.
===========
Then, download this file: http://www.mediafire.com/?q8dg8ahclu4wlom
and save it to your Desktop, and do NOT run it, either.
===========
Running ComboFix to remove infections:
NOTE:
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Thanks for your patience. I have obtained a copy of the file.
Please download ComboFix
from BleepingComputer.comSave it to your Desktop, and do NOT run it, yet.
===========
Then, download this file: http://www.mediafire.com/?q8dg8ahclu4wlom
and save it to your Desktop, and do NOT run it, either.
===========
Running ComboFix to remove infections:
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Open notepad and copy/paste the text in the quotebox below into it:
FCopy::
C:\documents and settings\owner\desktop\fdc.sys | C:\windows\system32\drivers\fdc.sys - Save this as CFScript.txt, in the same location as ComboFix.exe
- Referring to the picture above, drag CFScript into ComboFix.exe
- When finished, it shall produce a log for you at C:\ComboFix.txt
- Please post the contents of the log in your next reply.
NOTE:
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
- Click on Yes, to continue scanning for malware.
Page 3 of 5 • 1, 2, 3, 4, 5
Similar topics
Create an account or log in to leave a reply
You need to be a member in order to leave a reply.
Page 3 of 5
Permissions in this forum:
You cannot reply to topics in this forum
