THINKPOINT removed, hopefully?? BUT, now another problem arrived...

View previous topic View next topic Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by Dr Jay on 20th October 2010, 8:31 am

Please be patient. We all work very busy lives, and forums are just our hobby work. However, still taking all of our tasks seriously, we cannot compete by ourselves with all of the virus makers. We have tons to work for, so we cannot usually get to everyone more than once a day.

Do you have a XP cd?

We need to replace a file that is infected. It is the same file that keeps on spawning the blue screen of death.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on 20th October 2010, 8:34 am

sorry if i seem impatient, but i have never seen the warning message from an internet provider before... i don't want to find out if they are bluffing about cancelling my internet service, lol...

and no, i no longer have any of the xp disks...

darinlee
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-10-19
OS OS : XP
Points Points : 22873
# Likes # Likes : 0

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by Dr Jay on 20th October 2010, 8:40 am

If they did not tell you directly, then I would not worry about it. It may be a scare tactic by the malware.

It may be able to be disinfected with this removal disc:

  • [You must be registered and logged in to see this link.]
    If you encounter problems running the RescueDisk, you can get further assistance at the [You must be registered and logged in to see this link.].
If you are not sure how to burn an image, please read [You must be registered and logged in to see this link.]. If you need a FREE utility to burn the ISO image, download and use [You must be registered and logged in to see this link.].

Let me know how it goes.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on 20th October 2010, 8:42 am

they did tell me directly, it was a message from roadrunner themselves... *crap* thank you though for all your assistance and patience...

darinlee
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-10-19
OS OS : XP
Points Points : 22873
# Likes # Likes : 0

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by Dr Jay on 20th October 2010, 9:19 pm

Contact them back, and tell them to hold off, as you are in the process of getting professional help on removal. Tell them it takes a bit longer than just a day or two to get it disinfected.

Let me know on the progress of the Kaspersky rescue disc.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on 20th October 2010, 9:23 pm

running it again as we speak... said some of the viruses are "postponed" ?? option B is to take a bullet to the laptop...

darinlee
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-10-19
OS OS : XP
Points Points : 22873
# Likes # Likes : 0

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on 20th October 2010, 9:53 pm

so this is from the first scan... what does the malfunction and postponed mean??

Objects Scan: malfunction (events: 3, objects: 2, time: Unknown)

10/20/10 3:18 AM Task started

10/20/10 4:49 AM Detected: Trojan.Win32.Clicker.hd C:/Documents and Settings/Owner/DoctorWeb/Quarantine/A0002048.exe/data0004

10/20/10 4:49 AM Untreated: Trojan.Win32.Clicker.hd C:/Documents and Settings/Owner/DoctorWeb/Quarantine/A0002048.exe/data0004 Postponed


Objects Scan: completed 1 hour ago (events: 17, objects: 368315, time: 06:43:17)

10/20/10 6:35 AM Task started

10/20/10 7:58 AM Detected: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Owner/DoctorWeb/Quarantine/A0002015.dll

10/20/10 7:58 AM Untreated: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Owner/DoctorWeb/Quarantine/A0002015.dll Postponed

10/20/10 8:23 AM Detected: Trojan.Win32.Clicker.hd C:/Qoobox/Quarantine/C/Program Files/Mozilla Firefox/searchplugins/google_search.xml.vir

10/20/10 8:23 AM Untreated: Trojan.Win32.Clicker.hd C:/Qoobox/Quarantine/C/Program Files/Mozilla Firefox/searchplugins/google_search.xml.vir Postponed

10/20/10 8:26 AM Detected: Trojan-Spy.Win32.SpyEyes.crp C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002049.exe/UPX

10/20/10 8:26 AM Untreated: Trojan-Spy.Win32.SpyEyes.crp C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002049.exe/UPX Postponed

10/20/10 8:26 AM Detected: Trojan.Win32.FakeAV.ngj C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002047.exe

10/20/10 8:26 AM Untreated: Trojan.Win32.FakeAV.ngj C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002047.exe Postponed

10/20/10 8:35 AM Detected: HEUR:Trojan.Win32.Generic C:/Documents and Settings/Owner/DoctorWeb/Quarantine/A0002015.dll

10/20/10 1:18 PM Detected: Trojan.Win32.Clicker.hd C:/Qoobox/Quarantine/C/Program Files/Mozilla Firefox/searchplugins/google_search.xml.vir

10/20/10 1:18 PM Deleted: Trojan.Win32.Clicker.hd C:/Qoobox/Quarantine/C/Program Files/Mozilla Firefox/searchplugins/google_search.xml.vir

10/20/10 1:18 PM Detected: Trojan.Win32.FakeAV.ngj C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002047.exe

10/20/10 1:18 PM Deleted: Trojan.Win32.FakeAV.ngj C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002047.exe

10/20/10 1:18 PM Detected: Trojan-Spy.Win32.SpyEyes.crp C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002049.exe/UPX

10/20/10 1:18 PM Deleted: Trojan-Spy.Win32.SpyEyes.crp C:/System Volume Information/_restore{6E532223-F595-472D-9374-5FBA01B53D99}/RP0/A0002049.exe

10/20/10 1:18 PM Task completed


Objects Scan: running (events: 3, objects: 158691, time: 01:21:47)

10/20/10 1:23 PM Task started

10/20/10 1:25 PM Task stopped

10/20/10 1:29 PM Task started


darinlee
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-10-19
OS OS : XP
Points Points : 22873
# Likes # Likes : 0

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by Dr Jay on 20th October 2010, 9:58 pm

It means that the removal tool found the threats in a Quarantine folder (where they belong), but cannot remove them, because the quarantine is locked. But, they are safe to be in quarantine, so that is not a big deal.

We need to figure out how to disinfect fdc.sys.

Please give me a few hours, as I have to contact a couple of colleagues on obtaining the correct file replacement for your operating system.

As of right now, you can tell RoadRunner, that your computer is disinfected.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on 20th October 2010, 10:05 pm

thank you for the better news !!! lol... look forward to your reply...

darinlee
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-10-19
OS OS : XP
Points Points : 22873
# Likes # Likes : 0

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by Dr Jay on 21st October 2010, 2:12 am

Hi.

Thanks for your patience. I have obtained a copy of the file.

Please download ComboFix from [You must be registered and logged in to see this link.]

Save it to your Desktop, and do NOT run it, yet.


===========

Then, download this file: [You must be registered and logged in to see this link.]
and save it to your Desktop, and do NOT run it, either.

===========

Running ComboFix to remove infections:

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    FCopy::
    C:\documents and settings\owner\desktop\fdc.sys | C:\windows\system32\drivers\fdc.sys
  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.



NOTE:
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on 21st October 2010, 2:36 am

Well, I'm not sure what to do at this point... roadrunner shut me down, and the department they need me to speak with is already closed for the day... =( I got slapped with the "unacceptable activity" notice...

darinlee
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-10-19
OS OS : XP
Points Points : 22873
# Likes # Likes : 0

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on 21st October 2010, 2:42 am

I'm responding from my blackberry incidently, so if it takes me awhile to respond or you don't hear anything for awhile, you know why... I hate viruses, I hate hackers (the bad ones, lol) and I hate channel 131... Suspect and I guess I can blame myself as well, lol...

darinlee
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-10-19
OS OS : XP
Points Points : 22873
# Likes # Likes : 0

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on 21st October 2010, 3:07 am

i can't download the FDC thing... getting an error message and it says it can't download from the source file or disk...

darinlee
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-10-19
OS OS : XP
Points Points : 22873
# Likes # Likes : 0

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by Dr Jay on 22nd October 2010, 3:13 am

Are you sure you clicked Save and not Open when the file began download?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on 22nd October 2010, 3:14 am

yes...

darinlee
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-10-19
OS OS : XP
Points Points : 22873
# Likes # Likes : 0

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on 22nd October 2010, 6:48 am

I'm back up and running on the Internet, now I just need the blue screen of death to go away...

darinlee
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-10-19
OS OS : XP
Points Points : 22873
# Likes # Likes : 0

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by Dr Jay on 22nd October 2010, 9:04 am

Let's try this once more...

(If you have ComboFix already downloaded...good, no need to download again.)

Please download ComboFix from [You must be registered and logged in to see this link.]

Save it to your Desktop, and do NOT run it, yet.


===========

Then, download this file: [You must be registered and logged in to see this link.]
and save it to your Desktop, and do NOT run it, either.

===========

Running ComboFix to remove infections:

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    FCopy::
    C:\documents and settings\owner\desktop\fdc.sys | C:\windows\system32\drivers\fdc.sys
  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.



NOTE:
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on 24th October 2010, 7:28 am

sorry for the delay, i had to go out of town for a couple of days... but i'm back now and the link didn't work... won't let me download, gives me the same error message... :sad:

darinlee
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-10-19
OS OS : XP
Points Points : 22873
# Likes # Likes : 0

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on 24th October 2010, 9:01 am

here is what it says...

"cannot copy FDC[1]: cannot read from source file or disk..."

darinlee
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-10-19
OS OS : XP
Points Points : 22873
# Likes # Likes : 0

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by Dr Jay on 24th October 2010, 6:25 pm

Please reboot to Safe Mode with Networking (tap the F8 key just before Windows starts to load and select the Safe Mode with Networking option from the menu).


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on 24th October 2010, 7:17 pm

I've been doing all this from safe mode unfortunately, otherwise I can't get onto the computer, or rather log into windows... I get that blue screen shortly after logging in...

darinlee
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-10-19
OS OS : XP
Points Points : 22873
# Likes # Likes : 0

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by Dr Jay on 25th October 2010, 8:09 pm

1. Please download [You must be registered and logged in to see this link.] by Swandog46 to your Desktop.

  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):
Files to move:
C:\documents and settings\owner\desktop\fdc.sys | C:\windows\system32\drivers\fdc.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: THINKPOINT removed, hopefully?? BUT, now another problem arrived...

Post by darinlee on 26th October 2010, 12:27 am

on reboot, hits the blue screen of death... and i tried running the program and rebooting back into safemode, and it does nothing...

i'm seriously contemplating taking a .40 bullet to the laptop right about now, lol...

darinlee
Novice
Novice

Posts Posts : 31
Joined Joined : 2010-10-19
OS OS : XP
Points Points : 22873
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum