Please help me get rid of Defragmentor Virus

View previous topic View next topic Go down

Please help me get rid of Defragmentor Virus

Post by adrock43 on 10th July 2011, 2:24 am

Hello,

Thanks in advance for the help. I am running Windows XP and got the " Defragmenter" virus. I have followed the Mailwarebytes in Safe mode instructions, howver my icons and start menu are still empty after restarting.

Also, I tried to download the OTL tool requested but I recieved a warning from trend micro core protection that I could not access the page.

thanks!!


adrock43
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-07-10
OS OS : Windows XP
Points Points : 19978
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Please help me get rid of Defragmentor Virus

Post by Dr Jay on 11th July 2011, 1:23 am

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Please help me get rid of Defragmentor Virus

Post by adrock43 on 13th July 2011, 5:10 am

Thanks for the help DragonMaster.

When I try and run Combo fix I get an error that says I have an anti-virus running:

"Trend Micro Core Protection Module"

When I attempt to run combo fix despite the warning it runs but does not output results.


adrock43
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-07-10
OS OS : Windows XP
Points Points : 19978
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Please help me get rid of Defragmentor Virus

Post by Dr Jay on 13th July 2011, 12:50 pm

Scan for malware

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
Alternate link: [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Copy and paste the entire report in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Please help me get rid of Defragmentor Virus

Post by adrock43 on 14th July 2011, 2:06 am

Hey -

The log is below....

Would a hijackthis log help?

Thanks!

Malwarebytes' Anti-Malware 1.51.0.1200
[You must be registered and logged in to see this link.]

Database version: 7120

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/13/2011 6:59:49 PM
mbam-log-2011-07-13 (18-59-49).txt

Scan type: Quick scan
Objects scanned: 181279
Time elapsed: 13 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

adrock43
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-07-10
OS OS : Windows XP
Points Points : 19978
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Please help me get rid of Defragmentor Virus

Post by Dr Jay on 15th July 2011, 11:43 pm

Please download aswMBR from [You must be registered and logged in to see this link.]


  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below




Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are [You must be registered and logged in to see this link.]


  • Once the scan finishes click Save log to save the log to your Desktop


  • Copy and paste the contents of aswMBR.txt back here for review


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Please help me get rid of Defragmentor Virus

Post by adrock43 on 17th July 2011, 10:34 pm

aswMBR version 0.9.7.777 Copyright(c) 2011 AVAST Software
Run date: 2011-07-17 13:46:40
-----------------------------
13:46:40.734 OS Version: Windows 5.1.2600 Service Pack 3
13:46:40.734 Number of processors: 2 586 0xE08
13:46:40.734 ComputerName: PGP-LT-285 UserName: user
13:46:41.609 Initialize success
13:52:30.328 AVAST engine defs: 11071701
13:54:32.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:54:32.265 Disk 0 Vendor: ST96023AS 8.02 Size: 57231MB BusType: 3
13:54:32.328 Disk 0 MBR read successfully
13:54:32.328 Disk 0 MBR scan
13:54:32.375 Disk 0 Windows XP default MBR code
13:54:32.375 Disk 0 scanning sectors +117210240
13:54:32.875 Disk 0 scanning C:\WINDOWS\system32\drivers
13:54:47.906 Service scanning
13:54:49.843 Disk 0 trace - called modules:
13:54:49.906 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
13:54:49.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a789ab8]
13:54:49.906 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000083[0x8a68df18]
13:54:49.906 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a6c2940]
13:54:50.609 AVAST engine scan C:\WINDOWS
13:55:03.000 AVAST engine scan C:\WINDOWS\system32
13:56:41.875 AVAST engine scan C:\WINDOWS\system32\drivers
13:56:54.328 AVAST engine scan C:\Documents and Settings\user
14:48:07.265 AVAST engine scan C:\Documents and Settings\All Users
14:54:13.921 Scan finished successfully
15:33:10.890 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\user\Desktop\MBR.dat"
15:33:10.890 The log file has been saved successfully to "C:\Documents and Settings\user\Desktop\aswMBR.txt"


Thanks

adrock43
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-07-10
OS OS : Windows XP
Points Points : 19978
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Please help me get rid of Defragmentor Virus

Post by Dr Jay on 18th July 2011, 1:10 pm

Infection still active?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Please help me get rid of Defragmentor Virus

Post by adrock43 on 18th July 2011, 2:24 pm

Yes it is.

My desktop icons are still hidden, start menu still blank, and quick links in the task bar still missing. In addition, when my computer re-boots it says that spy doctor cannot launch because of either "not enough enough disk space" or because of a network error.

TIA!

adrock43
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-07-10
OS OS : Windows XP
Points Points : 19978
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Please help me get rid of Defragmentor Virus

Post by Dr Jay on 19th July 2011, 10:45 am

Save these instructions so you can have access to them while in Safe Mode.

Please click [You must be registered and logged in to see this link.] to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the License agreement and click on next.
  • It will, by default, install it to your desktop folder. Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.
  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)
Leave the rest of the settings as they appear as default.
  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be neutralized then choose the delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Please help me get rid of Defragmentor Virus

Post by adrock43 on 20th July 2011, 1:25 pm

Status: Deleted (events: 1)
7/19/2011 8:45:56 PM Deleted Trojan program Trojan-Downloader.Java.Small.af C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\0\43296140-6fb3bb4f High

adrock43
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-07-10
OS OS : Windows XP
Points Points : 19978
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Please help me get rid of Defragmentor Virus

Post by adrock43 on 21st July 2011, 4:56 am

I restarted in regular mode and the virus symptoms are still here. Thoughts?

Thanks!

adrock43
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-07-10
OS OS : Windows XP
Points Points : 19978
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Please help me get rid of Defragmentor Virus

Post by Dr Jay on 21st July 2011, 12:54 pm

What all virus symptoms exist?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Please help me get rid of Defragmentor Virus

Post by adrock43 on 21st July 2011, 5:39 pm

Thanks so much for sticking with this!

All of the previous mentioned symptoms are still here.

My desktop icons are still hidden, start menu still blank, and quick links in the task bar still missing. In addition, when my computer re-boots it says that spy doctor cannot launch because of either "not enough disk space" or because of a network error.

Some forums recommend messing with the iexplore.exe, but I am too much of a computer noob to go at that on my own.

Otherwise my computer seems to be running ok....a little slow...but ok

adrock43
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-07-10
OS OS : Windows XP
Points Points : 19978
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Please help me get rid of Defragmentor Virus

Post by Dr Jay on 25th July 2011, 12:34 pm

Would you be up for a little Windows XP repair install?

It is a "data-safe" process to help repair Windows without hurting any of your private documents/pictures, etc.

If so, you will need a Windows XP Repair or OEM disc...are you prepared for this repair method?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Please help me get rid of Defragmentor Virus

Post by adrock43 on 25th July 2011, 3:07 pm

I am ready to do anything to get rid of this virus. Thanks

adrock43
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-07-10
OS OS : Windows XP
Points Points : 19978
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Please help me get rid of Defragmentor Virus

Post by Dr Jay on 26th July 2011, 12:45 am

This should help you reinstall Windows XP: [You must be registered and logged in to see this link.]

If you have any trouble following the guide, please let me know.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Please help me get rid of Defragmentor Virus

Post by adrock43 on 26th July 2011, 3:07 am

Hey - I purchased my computer from my old job and it did not come with any Microsoft CDs. Is sounds like i will need one to continue, yes?


adrock43
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-07-10
OS OS : Windows XP
Points Points : 19978
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Please help me get rid of Defragmentor Virus

Post by adrock43 on 26th July 2011, 2:53 pm

.......................well it went from bad to worse........blue screen of death last night......

When I boot it tells me there has been a critical error and to restart in safe mode.....when I restart in safe mode it returns to the blue screen error page. I think all may be lost and it is time buy a new version of windows. Thoughts?

adrock43
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-07-10
OS OS : Windows XP
Points Points : 19978
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Please help me get rid of Defragmentor Virus

Post by Dr Jay on 26th July 2011, 7:22 pm

Let's take a look at the bluescreen here.

Download [You must be registered and logged in to see this link.]
No installation required.
Unzip downloaded file and double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Please help me get rid of Defragmentor Virus

Post by adrock43 on 26th July 2011, 9:10 pm

I cant run anything on my computer. It will not get bast the blue screen at boot-up. It goes to the blue screen right away.

adrock43
Novice
Novice

Posts Posts : 12
Joined Joined : 2011-07-10
OS OS : Windows XP
Points Points : 19978
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Please help me get rid of Defragmentor Virus

Post by Dr Jay on 27th July 2011, 6:04 pm

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.
  • Place a blank CD-R disc in to your CD burning drive.
  • Download [You must be registered and logged in to see this link.] and double-click on it to burn to a CD using ISO Burner.
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps [You must be registered and logged in to see this link.]
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Non-Microsoft
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\_OTL\MovedFiles
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum