XP home security 2012 virus

View previous topic View next topic Go down

XP home security 2012 virus

Post by Omnioshi on Thu 19 Jan 2012, 9:29 am

I need help, my parents computer has the rouge anti-virus program "xp home security 2012 virus" and needs help to get rid of it and fix the system asap.

Omnioshi

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2009-12-06
Operating System : sony windows xp laptop

View user profile

Back to top Go down

Re: XP home security 2012 virus

Post by Pancake on Thu 19 Jan 2012, 1:31 pm

Hi.Welcome to the forum





Please download Malwarebytes' Anti-Malware from one of these places:

Majorgeeks or Besttechie


Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.Do so.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply.



===============================================



Download Combofix from Bleepingcomputer or Geekstogo and place it on your Desktop

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Combofix may be slow to start and appear to be doing nothing before it starts scanning.Just leave it,it will start.

You can get help on disabling your protection programs here : [You must be registered and logged in to see this link.]

Please include the C:\ComboFix.txt in your next reply for further review.


Caution.....
Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a qualified helper













Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: XP home security 2012 virus

Post by Omnioshi on Thu 19 Jan 2012, 2:17 pm

I downloaded both programs onto a flash drive and put them on the infected computer but a pop up window says they are infected with "trojan-BNK.win32.keylogger.gen" and won't run. Need more help

Omnioshi

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2009-12-06
Operating System : sony windows xp laptop

View user profile

Back to top Go down

Re: XP home security 2012 virus

Post by Pancake on Thu 19 Jan 2012, 3:39 pm

Run them in safe mode.That should fix it.






Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: XP home security 2012 virus

Post by Omnioshi on Thu 19 Jan 2012, 3:46 pm

Which safe mode should I run
Safe mode
Safe mode with networking
Or
Safe mode with command prompt?

Omnioshi

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2009-12-06
Operating System : sony windows xp laptop

View user profile

Back to top Go down

Re: XP home security 2012 virus

Post by Pancake on Thu 19 Jan 2012, 5:24 pm

Safe mode with networking






Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: XP home security 2012 virus

Post by Omnioshi on Fri 20 Jan 2012, 6:46 am

I was able to run combofix in safe mode and then ran Malwarebytes' Anti-Malware in regular mode heres both logs, also i can't seem to connect to the internet now.

ComboFix 12-01-18.04 - Owner 01/18/2012 23:04:05.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.383 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Trend Micro AntiVirus *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\Application Data\alot
c:\documents and settings\Owner\Local Settings\Application Data\qkm.exe
c:\documents and settings\Owner\Local Settings\Application Data\wtcryfg.exe
c:\documents and settings\Owner\My Documents\~WRL1438.tmp
c:\documents and settings\Owner\WINDOWS
c:\program files\cmman
c:\program files\cmman\hf.txt
c:\program files\cmman\sf.txt
c:\program files\Common Files\fqzu
c:\program files\Common Files\fqzu\fqzua.lck
c:\program files\Common Files\fqzu\fqzud\class-barrel
c:\program files\Common Files\fqzu\fqzuh
c:\program files\Common Files\fqzu\fqzul.lck
c:\program files\Common Files\fqzu\fqzum.lck
c:\program files\Common Files\fqzu\fqzup.lck
c:\program files\UNWISE.EXE
c:\windows\$NtUninstallKB59261$\1088464797\@
c:\windows\$NtUninstallKB59261$\1088464797\bckfg.tmp
c:\windows\$NtUninstallKB59261$\1088464797\cfg.ini
c:\windows\$NtUninstallKB59261$\1088464797\Desktop.ini
c:\windows\$NtUninstallKB59261$\1088464797\keywords
c:\windows\$NtUninstallKB59261$\1088464797\kwrd.dll
c:\windows\$NtUninstallKB59261$\1088464797\L\akygdmgo
c:\windows\$NtUninstallKB59261$\1088464797\lsflt7.ver
c:\windows\$NtUninstallKB59261$\1088464797\U\00000001.@
c:\windows\$NtUninstallKB59261$\1088464797\U\00000002.@
c:\windows\$NtUninstallKB59261$\1088464797\U\00000004.@
c:\windows\$NtUninstallKB59261$\1088464797\U\80000000.@
c:\windows\$NtUninstallKB59261$\1088464797\U\80000004.@
c:\windows\$NtUninstallKB59261$\1088464797\U\80000032.@
c:\windows\$NtUninstallKB59261$\2815913818
c:\windows\~GLC0000.TMP
c:\windows\~GLC0001.TMP
c:\windows\~YDKJ4.tmp
c:\windows\desktop
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15.inf
c:\windows\OOL80811.ocx
c:\windows\system32\~GLH0003.TMP
c:\windows\system32\11478.exe
c:\windows\system32\11538.exe
c:\windows\system32\11942.exe
c:\windows\system32\12382.exe
c:\windows\system32\14604.exe
c:\windows\system32\14771.exe
c:\windows\system32\153.exe
c:\windows\system32\15724.exe
c:\windows\system32\16827.exe
c:\windows\system32\17035.exe
c:\windows\system32\17421.exe
c:\windows\system32\18467.exe
c:\windows\system32\1869.exe
c:\windows\system32\18716.exe
c:\windows\system32\19169.exe
c:\windows\system32\19718.exe
c:\windows\system32\19895.exe
c:\windows\system32\19912.exe
c:\windows\system32\21726.exe
c:\windows\system32\23281.exe
c:\windows\system32\23811.exe
c:\windows\system32\24464.exe
c:\windows\system32\25667.exe
c:\windows\system32\26299.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\28703.exe
c:\windows\system32\292.exe
c:\windows\system32\29358.exe
c:\windows\system32\2995.exe
c:\windows\system32\31322.exe
c:\windows\system32\32391.exe
c:\windows\system32\3902.exe
c:\windows\system32\4827.exe
c:\windows\system32\491.exe
c:\windows\system32\5436.exe
c:\windows\system32\5447.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\6rcoa4j3.dat
c:\windows\system32\9894.exe
c:\windows\system32\9961.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\inf
c:\windows\system32\inf\hpqps2kb.inf
c:\windows\system32\keep in touch with HP.htm
c:\windows\system32\OLD29A.tmp
c:\windows\system32\ps2.bat
c:\windows\system32\service
c:\windows\system32\service\09092011_TIS17_SfFniAU.log
c:\windows\system32\SET2099.tmp
c:\windows\system32\SET2B8.tmp
c:\windows\system32\SET2BC.tmp
c:\windows\system32\SET2BD.tmp
c:\windows\system32\SET2C4.tmp
c:\windows\system32\SET2FF.tmp
c:\windows\system32\SET302.tmp
c:\windows\system32\setb0.tmp
c:\windows\system32\setb1.tmp
c:\windows\$NtUninstallKB59261$ . . . . Failed to delete
.
c:\windows\system32\drivers\afd.sys . . . is infected!! . . . Failed to find a valid replacement.
.
((((((((((((((((((((((((( Files Created from 2011-12-19 to 2012-01-19 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-01 20:37 . 2011-12-01 20:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2001-08-18 12:00 94784 -csh--w- c:\windows\twain.dll
2004-08-04 07:56 50688 -csh--w- c:\windows\twain_32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 22:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-06 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2001-12-13 36864]
"KBD"="c:\hp\KBD\KBD.EXE" [2001-07-07 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2001-12-19 212992]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2002-03-14 102455]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2001-08-08 143360]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2001-08-08 90112]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-07-28 4841472]
"nwiz"="nwiz.exe" [2003-07-28 323584]
"S3apphk"="S3apphk.exe" [2002-03-16 28672]
"PS2"="c:\windows\system32\ps2.exe" [2001-07-04 81920]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-10-20 995528]
"DDCActiveMenu"="c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" [2001-12-13 98304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp center UI.lnk - c:\program files\hp center\137903\Shadow\ShadowBar.exe [2002-4-20 69632]
hp center.lnk - c:\program files\hp center\137903\Program\BackWeb-137903.exe [2002-4-20 16384]
HP OfficeJet Series 500 Startup.lnk - c:\program files\Hewlett-Packard\HP OfficeJet Series 500\Bin\HPOstr05.exe [2011-2-7 1175552]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2002-3-13 40960]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^POWERR~1.EXE]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\POWERR~1.EXE
backup=c:\windows\pss\POWERR~1.EXEStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCActiveMenu]
2001-12-13 04:59 98304 ----a-w- c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DDCM]
2001-12-13 04:52 155648 ----a-w- c:\program files\WildTangent\DDC\DDCManager\DDCMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-04-27 08:22 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\hp center\\137903\\Program\\BackWeb-137903.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [10/24/2010 10:38 AM 20328]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [7/18/2009 7:08 PM 50256]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [7/18/2009 5:53 PM 36432]
S0 dptrlq;dptrlq;c:\windows\system32\drivers\ldnmlqnd.sys --> c:\windows\system32\drivers\ldnmlqnd.sys [?]
S0 uagy;uagy;c:\windows\system32\drivers\flswa.sys --> c:\windows\system32\drivers\flswa.sys [?]
S2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [7/18/2009 7:09 PM 677128]
S3 trid3d;trid3d;c:\windows\system32\drivers\trid3dm.sys [3/20/2002 9:35 PM 144860]
S3 XDva202;XDva202;\??\c:\windows\system32\XDva202.sys --> c:\windows\system32\XDva202.sys [?]
S3 XDva219;XDva219;\??\c:\windows\system32\XDva219.sys --> c:\windows\system32\XDva219.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
.
2012-01-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-31 19:15]
.
2012-01-17 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Owner.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-27 01:19]
.
2012-01-19 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 22:23]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = localhost;*.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{17A27031-71FC-11d4-815C-005004D0F1FA} - c:\program files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\clnzcqfx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Ask Toolbar: [You must be registered and logged in to see this link.] - %profile%\extensions\toolbar@ask.com
FF - Ext: Add to Amazon Wish List Button: [You must be registered and logged in to see this link.] - %profile%\extensions\amznUWL2@amazon.com
.
- - - - ORPHANS REMOVED - - - -
.
SharedTaskScheduler-ThreadingModel - (no file)
AddRemove-Works2002Setup - c:\program files\Microsoft Works and Money 2002\Setup\Launcher.exe \hp\tmp\src\
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-01-18 23:43
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2346936418-2607014498-1974565712-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(356)
c:\windows\system32\WININET.dll
c:\docume~1\Owner\LOCALS~1\Temp\IadHide3.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\S3apphk.exe
c:\progra~1\WILDTA~1\DDC\DDCMAN~1\DDCMan.exe
c:\program files\Hewlett-Packard\HP OfficeJet Series 500\bin\HPOVDX05.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-01-18 23:59:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-19 07:59
.
Pre-Run: 34,645,467,136 bytes free
Post-Run: 36,415,332,352 bytes free
.
- - End Of File - - C42D30B26CD69C28D2B690DF68843572

Malwarebytes Anti-Malware 1.60.0.1800
[You must be registered and logged in to see this link.]

Database version: v2011.12.24.05

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: FAMILY [administrator]

1/19/2012 12:31:00 AM
mbam-log-2012-01-19 (00-31-00).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 353451
Time elapsed: 2 hour(s), 50 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Omnioshi

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2009-12-06
Operating System : sony windows xp laptop

View user profile

Back to top Go down

Re: XP home security 2012 virus

Post by Pancake on Fri 20 Jan 2012, 8:46 am

You will need to replace this file as it is contaminated c:\windows\system32\drivers\afd.sys Do you have a Windows disc.






Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: XP home security 2012 virus

Post by Omnioshi on Fri 20 Jan 2012, 9:24 am

Im not sure if they still have the windows disc still but I'll try looking for it.

Omnioshi

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2009-12-06
Operating System : sony windows xp laptop

View user profile

Back to top Go down

Re: XP home security 2012 virus

Post by Omnioshi on Sat 21 Jan 2012, 9:46 am

I can't find the cd but we have the 8 disc system recovery CDs that came with the desktop. Would they work?

Omnioshi

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2009-12-06
Operating System : sony windows xp laptop

View user profile

Back to top Go down

Re: XP home security 2012 virus

Post by Pancake on Sat 21 Jan 2012, 10:24 am

I doubt if it will find that file so you will have to remove it first so that the recovery CD can replace. Failing that you could download it from someones computer and then replace it.






Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: XP home security 2012 virus

Post by Omnioshi on Sat 21 Jan 2012, 10:47 am

Where should I download it from, or do you mean copy the file from another computer and transfer it onto the infected computer?

Omnioshi

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2009-12-06
Operating System : sony windows xp laptop

View user profile

Back to top Go down

Re: XP home security 2012 virus

Post by Pancake on Sat 21 Jan 2012, 12:20 pm

Yes.Copy it from another computer.Remove the old file and replace it.






Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: XP home security 2012 virus

Post by Omnioshi on Tue 24 Jan 2012, 5:31 am

Ok I won't be able to get to a working computer till tomorrow so I may not reply till after tuesday. Is there any other file that I need to replace besides c:\windows\system32\drivers\afd.sys

Omnioshi

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2009-12-06
Operating System : sony windows xp laptop

View user profile

Back to top Go down

Re: XP home security 2012 virus

Post by Pancake on Tue 24 Jan 2012, 8:23 am

Just that one file to replace.






Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: XP home security 2012 virus

Post by Omnioshi on Wed 25 Jan 2012, 5:41 pm

I have successfully replaced the file from a working computer to the infected one and i'm now able to connect to the internet again as well.

Omnioshi

Newbie Surfer
Newbie Surfer

Posts : 42
Joined : 2009-12-06
Operating System : sony windows xp laptop

View user profile

Back to top Go down

Re: XP home security 2012 virus

Post by Pancake on Wed 25 Jan 2012, 5:58 pm

Ok.All done. All that was detected is now either in quarantine or system restore, both of which we'll be cleaning out in just a minute. Congratulations, well done.


You can now uninstall ComboFix



  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall





(Note: Make sure there's a space between the word ComboFix and the forward-slash.)



  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.



Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer. OTC is a small program that removes all the leftover tools and logs from cleanup of malware.


Please download OTC to your desktop.


Double-click OTC to run it. (Vista users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.


Here are some tips to reduce the potential for malware infection in the future; I strongly suggest that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.

Afterwork

Malware Prevention

How Did I Get Infected

More Tips on Prevention

=============================








Home Town Web Page

Pancake

Tech Staff
Tech Staff

Posts : 222
Joined : 2010-03-06
Operating System : Windows 7

View user profile

Back to top Go down

Re: XP home security 2012 virus

Post by Sponsored content Today at 9:27 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum