Infected by iliti virus & possible others...

View previous topic View next topic Go down

Re: Infected by iliti virus & possible others...

Post by thwhite70 on 28th August 2012, 1:14 am

[You must be registered and logged in to see this link.] wrote:Still having problems in Normal Mode with your browsers?

Yes - still having problems - but here is why & I guess I didn't realize it before...
In normal mode I have "no internet access"
Ran "windows network diagnostics" as it was an option when hovering over the "internet connectivity" icon in the status bar.
"diagnostics" returned the following statement:
"Windows cannot communicate with device or resource (primary DNS server)"

I'm not sure how to troubleshoot this any further in normal mode to come to any conclusions or solutions.

I'm able to boot the computer into "safe mode with networking" and I have internet access, if I boot into normal mode, internet access is totally disabled or at least not functioning.

Please let me know if you have some ideas or solutions. Thanks in advance.

thwhite70
Novice
Novice

Posts Posts : 31
Joined Joined : 2012-08-23
OS OS : Windows 7
Points Points : 16099
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by Superdave on 29th August 2012, 12:59 am

Can you run those two previous scans in Normal Mode?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by thwhite70 on 29th August 2012, 2:16 am

Superdave: the following 2 posts are the results of running MiniToolbar and FSS in Normal Mode...

thwhite70
Novice
Novice

Posts Posts : 31
Joined Joined : 2012-08-23
OS OS : Windows 7
Points Points : 16099
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by thwhite70 on 29th August 2012, 2:17 am

MiniToolBox by Farbar Version: 23-07-2012
Ran by FabFrommFamily (administrator) on 28-08-2012 at 21:09:31
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

DW1520 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Connected)
Broadcom NetLink (TM) Gigabit Ethernet = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Library
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 38-59-F9-BB-DB-37
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
Physical Address. . . . . . . . . : 78-2B-CB-B7-51-DF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : DW1520 Wireless-N WLAN Half-Mini Card
Physical Address. . . . . . . . . : 38-59-F9-BB-DB-37
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::25e5:8f60:f471:c188%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.120(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, August 28, 2012 9:08:02 PM
Lease Expires . . . . . . . . . . : Wednesday, August 29, 2012 9:08:05 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 188242425
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-0B-16-94-78-2B-CB-B7-51-DF
DNS Servers . . . . . . . . . . . : 208.180.42.68
208.180.42.100
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{ECE4C237-C1BF-47D8-B66E-E19BDFC76428}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 208.180.42.68

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host google.com. Please check the name and try again.
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 208.180.42.68

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host yahoo.com. Please check the name and try again.
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 208.180.42.68

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...38 59 f9 bb db 37 ......Microsoft Virtual WiFi Miniport Adapter
12...78 2b cb b7 51 df ......Broadcom NetLink (TM) Gigabit Ethernet
11...38 59 f9 bb db 37 ......DW1520 Wireless-N WLAN Half-Mini Card
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.120 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.120 276
192.168.1.120 255.255.255.255 On-link 192.168.1.120 276
192.168.1.255 255.255.255.255 On-link 192.168.1.120 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.120 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.120 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::25e5:8f60:f471:c188/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/28/2012 09:09:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2012 08:10:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2012 08:04:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 05:29:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 05:09:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 04:57:20 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (08/26/2012 04:57:20 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
Instantiating VSS server

Error: (08/26/2012 04:57:20 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]


Operation:
Instantiating VSS server

Error: (08/26/2012 04:53:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 04:50:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/28/2012 09:10:35 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (08/28/2012 09:10:35 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (08/28/2012 08:08:31 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/27/2012 08:12:29 PM) (Source: DCOM) (User: )
Description: 1084McNaiAnn{DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

Error: (08/27/2012 08:10:28 PM) (Source: Service Control Manager) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (08/27/2012 08:08:57 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/27/2012 08:08:57 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/27/2012 08:08:57 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/27/2012 08:08:55 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/27/2012 08:08:55 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (08/28/2012 09:09:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2012 08:10:09 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/27/2012 08:04:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 05:29:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 05:09:37 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 04:57:20 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c

Error: (08/26/2012 04:57:20 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode


Operation:
Instantiating VSS server

Error: (08/26/2012 04:57:20 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode


Operation:
Instantiating VSS server

Error: (08/26/2012 04:53:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/26/2012 04:50:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


========================= Memory info: ===================================

Percentage of memory in use: 13%
Total physical RAM: 16366.45 MB
Available physical RAM: 14218.99 MB
Total Pagefile: 32731.08 MB
Available Pagefile: 30328.15 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.67 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:1840.26 GB) (Free:1671.27 GB) NTFS
8 Drive j: () (Fixed) (Total:93.33 GB) (Free:24.57 GB) FAT32

========================= Users: ========================================

User accounts for \\LIBRARY

Administrator FabFrommFamily Guest


**** End of log ****

thwhite70
Novice
Novice

Posts Posts : 31
Joined Joined : 2012-08-23
OS OS : Windows 7
Points Points : 16099
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by thwhite70 on 29th August 2012, 2:17 am

Farbar Service Scanner Version: 06-08-2012
Ran by FabFrommFamily (administrator) on 28-08-2012 at 21:11:38
Running from "C:\Virus Removal 001"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Yahoo IP is offline
Attempt to access Yahoo.com returned error: Other errors


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

thwhite70
Novice
Novice

Posts Posts : 31
Joined Joined : 2012-08-23
OS OS : Windows 7
Points Points : 16099
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by thwhite70 on 29th August 2012, 2:18 am

At this time, internet access is still non-functional in Normal Mode. I have not changed any settings to try to repair myself so as not to screw anything up.

thwhite70
Novice
Novice

Posts Posts : 31
Joined Joined : 2012-08-23
OS OS : Windows 7
Points Points : 16099
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by Superdave on 29th August 2012, 11:16 pm

Ok. Let's try a couple of things. All this in Normal Mode, please.

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Restart computer.
****************************************
If that doesn't work...
Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Restart computer.
********************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
[You must be registered and logged in to see this link.]
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by thwhite70 on 30th August 2012, 2:20 am

I was able to perform all of the ipconfig commands in normal mode, and each time after rebooting, still did not have internet access in normal mode.

Not sure if this helped, but the only way to perform the ESET scanner was to be in safe mode with networking.

Here are the results.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=be8a50e175914a45aea6bd7fd457e190
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-30 01:29:37
# local_time=2012-08-29 08:29:37 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16777214 100 75 0 10564783 0 0
# compatibility_mode=5893 16776574 100 94 55044876 97829537 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=288635
# found=11
# cleaned=11
# scan_time=4090
C:\Program Files (x86)\Laplink\PCmover\ThirdParty\registrybooster.exe a variant of Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Smart PC Cleaner\SmartPCCleaner.exe a variant of Win32/SpeedingUpMyPC application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\FabFrommFamily\AppData\Local\Downloaded Installations\{1975FDD5-4BDD-4257-8D27-D8A4DA128159}\PCmover Professional.msi a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\FabFrommFamily\AppData\Local\RivalGaming\Uninstaller.exe a variant of Win32/Adware.Gamevance.CJ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\FabFrommFamily\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com\components\xpcomponent.dll probably a variant of Win32/Adware.Gamevance.CI application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\FabFrommFamily\AppData\Roaming\Mozilla\Firefox\Profiles\2oss947h.default\extensions\links@rivalgaming.com\components\xpcomponent.dll probably a variant of Win32/Adware.Gamevance.CI application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\FabFrommFamily\AppData\Roaming\Mozilla\Firefox\Profiles\2oss947h.default\extensions\plugin@yontoo.com\content\overlay.js Win32/Adware.Yontoo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\Installer\3d3c8754.msi a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C
J:\old computer files\My Documents\speeditupfree-ultimate.exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

thwhite70
Novice
Novice

Posts Posts : 31
Joined Joined : 2012-08-23
OS OS : Windows 7
Points Points : 16099
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by thwhite70 on 30th August 2012, 2:21 am

staying in safe mode so I can read next instructions...

thwhite70
Novice
Novice

Posts Posts : 31
Joined Joined : 2012-08-23
OS OS : Windows 7
Points Points : 16099
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected by iliti virus & possible others...

Post by Superdave on 30th August 2012, 11:41 pm

Not sure if this helped, but the only way to perform the ESET scanner was to be in safe mode with networking.
That's what I was thinking. I just thought I would give it a shot.
[You must be registered and logged in to see this link.]some information that may help with that connection problem. Please give it a try and let me know.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83191
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum