GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Nobody seems to know how to help me!

View previous topic View next topic Go down

Re: Nobody seems to know how to help me!

Post by Origin on Sun May 31, 2009 10:59 pm

Download Dr.Web CureIt to the desktop:
[You must be registered and logged in to see this link.]

  • Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, just let it cure whatever it finds...
    o Now, go to Settings >> Change Settings
    o Go to Actions tab >> under Objects section, change the settings to below
    Infected objects - Cure
    Incurable objects - Report
    Suspicious objects - Report
    o Don't change any other settings
  • Start the scan again. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Status :
Online
Offline

Posts : 2685
Joined : 2009-05-05
Gender : Male
OS : Windows Xp Sp3
Points : 31453
# Likes : 0

View user profile

Back to top Go down

Re: Nobody seems to know how to help me!

Post by xxdarkwolfrosexx on Mon Jun 01, 2009 3:07 pm

Cure was grayed out so I just clicked save report list, here's what I got.

Combo-Fix.exe/data002\32788R22FWJFW\FIND3M.bat;C:\Documents and Settings\Rayne\Desktop\Combo-Fix.exe/data002;Probably BATCH.Virus;;
data002;C:\Documents and Settings\Rayne\Desktop;Archive contains infected objects;;
Combo-Fix.exe;C:\Documents and Settings\Rayne\Desktop;Container contains infected objects;;
Process.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Tool.Prockill;;
gxvxctyxumfoafvaswuxrlnsrtufjwmrfvpix.sys.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;BackDoor.Tdss.167;;
A0260143.bat;C:\System Volume Information\_restore{E618FDC6-6616-4930-B0B0-A3813029C383}\RP418;Probably BATCH.Virus;;
A0260251.bat;C:\System Volume Information\_restore{E618FDC6-6616-4930-B0B0-A3813029C383}\RP418;Probably BATCH.Virus;;
A0261424.bat;C:\System Volume Information\_restore{E618FDC6-6616-4930-B0B0-A3813029C383}\RP434;Probably BATCH.Virus;;
A0261528.bat;C:\System Volume Information\_restore{E618FDC6-6616-4930-B0B0-A3813029C383}\RP434;Probably BATCH.Virus;;

xxdarkwolfrosexx
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-05-26
OS : XP
Points : 27504
# Likes : 0

View user profile

Back to top Go down

Hello?

Post by xxdarkwolfrosexx on Mon Jun 08, 2009 4:18 pm

Why did everyone stop helping me? I'm still having problems if not more now! Now my computer internet icon for my wireless adapter randomly shows up red (Off line) when it's still online and letting me browse around! Please don't stop helping me! This is the only place I go to for computer help!

xxdarkwolfrosexx
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-05-26
OS : XP
Points : 27504
# Likes : 0

View user profile

Back to top Go down

Re: Nobody seems to know how to help me!

Post by Belahzur on Mon Jun 08, 2009 4:36 pm

Hello.
Sorry, we didn't stop helping you, your post just got bumped back and we didn't notice. I'm sure you can see how much traffic were dealing with lately. Sad tearing

The problems don't appear to be malware related.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Nobody seems to know how to help me!

Post by xxdarkwolfrosexx on Mon Jun 08, 2009 4:45 pm

Oh sorry, It's ok Smile Sorry you guys have your hands full.
What do you think it may be? It doesn't make sense to me, or really to anybody it seems. Why is redtube still saying the Rustok thing? I only go there to see if I still have it. Before it didn't but now it always says I do.

xxdarkwolfrosexx
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-05-26
OS : XP
Points : 27504
# Likes : 0

View user profile

Back to top Go down

Re: Nobody seems to know how to help me!

Post by Belahzur on Mon Jun 08, 2009 4:48 pm

Download the GMER rootkit scan from here: [You must be registered and logged in to see this link.]

  1. Unzip it and start GMER.
  2. Click the >>> tab and then click the Scan button.
  3. Once done, click the Copy button.
  4. This will copy the results to your clipboard.
  5. Paste the results in your next reply.
Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.

The log will be quite big, so please upload it to rapidshare.com.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Nobody seems to know how to help me!

Post by xxdarkwolfrosexx on Tue Jun 09, 2009 10:05 am

Ok, it wasn't too big but I put it on rapidshare anyway. This is the link.
[You must be registered and logged in to see this link.]

xxdarkwolfrosexx
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-05-26
OS : XP
Points : 27504
# Likes : 0

View user profile

Back to top Go down

Re: Nobody seems to know how to help me!

Post by Belahzur on Tue Jun 09, 2009 1:13 pm

Hello.
That found the problem. Looks like maybe a new variant of a rootkit CF isn't catching yet.

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Drivers to delete:
gaopdxserv.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Nobody seems to know how to help me!

Post by xxdarkwolfrosexx on Tue Jun 09, 2009 2:35 pm

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\gaopdxserv.sys" not found!
Deletion of driver "gaopdxserv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

xxdarkwolfrosexx
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-05-26
OS : XP
Points : 27504
# Likes : 0

View user profile

Back to top Go down

Re: Nobody seems to know how to help me!

Post by Belahzur on Tue Jun 09, 2009 3:33 pm

Hello.
That didn't get it, hopefully this will this time.

1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Registry keys to delete:
HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Nobody seems to know how to help me!

Post by xxdarkwolfrosexx on Tue Jun 09, 2009 5:56 pm

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Registry key "HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

xxdarkwolfrosexx
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-05-26
OS : XP
Points : 27504
# Likes : 0

View user profile

Back to top Go down

Re: Nobody seems to know how to help me!

Post by Belahzur on Tue Jun 09, 2009 8:56 pm

Okay, try updating stuff now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Awesome!

Post by xxdarkwolfrosexx on Tue Jun 09, 2009 9:06 pm

Yes yes yes! I updated antivirus and everything! Hooray! Thank You!

xxdarkwolfrosexx
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-05-26
OS : XP
Points : 27504
# Likes : 0

View user profile

Back to top Go down

Re: Nobody seems to know how to help me!

Post by Belahzur on Tue Jun 09, 2009 9:07 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Nobody seems to know how to help me!

Post by xxdarkwolfrosexx on Wed Jun 10, 2009 6:22 pm

Everything seems to be going great! I can update and my computer is faster now! Thank you so much for all your help, there is no way I could have done it without you! Thank you thank you thank you!

xxdarkwolfrosexx
Novice
Novice

Status :
Online
Offline

Posts : 22
Joined : 2009-05-26
OS : XP
Points : 27504
# Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum