infected with malmare doctor help

View previous topic View next topic Go down

infected with malware doctor help

Post by DemonicRelic on Thu May 28, 2009 10:29 pm

hi i think i've been infected with something bad i can no longer open taskmanger, and regeditor,also when i open any internet broswer nothing opens the page is blank and acts like im not conected to the net anymore,also everytime i start the pc malware doctor comes on and runs and i cant find a way to uninstall it or stop it, i've run highjackthis and here is the log please help me if you can
also please im sorry im very new here and if this isnt posted in the corect place forgive me


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:23:28 PM, on 28/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
C:\Documents and Settings\LocalService\Application Data\691447002.exe
C:\WINDOWS\System32\avast!Antivirus.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Network Associates\Common

Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Documents and Settings\Administrator\Desktop\Hijack(GP)This.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

[You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

[You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

= [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

[You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

[You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = *.local;
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: (no name) - {c6c7b2a1-00f3-42bd-f434-00aaba2c8953} - (no

file)
O2 - BHO: Microsoft copyright - {f30b5e7e-cfbb-44fb-a947-226e5a7a4290}

- lklf32.dll (file missing)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} -

C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [MSConfig]

C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [autochk] rundll32.exe

C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKLM\..\Run: [Malware Doctor] C:\Documents and

Settings\LocalService\Application Data\691447002.exe
O4 - HKCU\..\Run: [] C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
O4 - HKCU\..\Run: [nzdflkioezncfiunfindiuchiuenfcdc]

C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
O4 - HKCU\..\Run: [autochk] rundll32.exe

C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16
O4 - HKCU\..\Run: [Malware Doctor] C:\Documents and

Settings\LocalService\Application Data\691447002.exe
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting]

"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default

user')
O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\pmyukk3z0m.exe (User

'Default user')
O4 - HKUS\.DEFAULT\..\Run: [uidenhiufgsduiazghs]

C:\WINDOWS\TEMP\pmyukk3z0m.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Diagnostic Manager]

C:\WINDOWS\TEMP\2744224948.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [SYS32DLL] SYS32DLL (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [A00FE213F.exe]

C:\WINDOWS\TEMP\_A00FE213F.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [autochk] rundll32.exe

C:\WINDOWS\system32\config\SYSTEM~1\protect.dll,_IWMPEvents@16 (User

'Default user')
O4 - .DEFAULT Startup: ChkDisk.dll (User 'Default user')
O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System,

DisableRegedit=1
O8 - Extra context menu item: &Lookup Word - C:\Program

Files\QDictionary\dict.html
O8 - Extra context menu item: T&hesaurus - C:\Program

Files\QDictionary\thes.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -

E:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O16 - DPF: vzTCPConfig -

[You must be registered and logged in to see this link.]
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) -

[You must be registered and logged in to see this link.]
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements

Lab) - [You must be registered and logged in to see this link.]
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl

Object) -
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} -
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark

SystemInfo) - [You must be registered and logged in to see this link.]
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software

AutoUpdate Support Package) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: ,
O23 - Service: ASKUpgrade - Unknown owner - C:\Program

Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast!Antivirus - Unknown owner -

C:\WINDOWS\System32\avast!Antivirus.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown

owner - C:\WINDOWS\
O23 - Service: Creative Service for CDROM Access - Creative Technology

Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common

Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun

Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner -

C:\WINDOWS\runservice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network

Associates, Inc. - C:\Program Files\Network Associates\Common

Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network

Associates, Inc. - C:\Program Files\Network

Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) -

Network Associates, Inc. - C:\Program Files\Network

Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools -

C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools -

C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program

Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner -

C:\WINDOWS\

--
End of file - 8072 bytes

DemonicRelic
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2009-05-28
OS OS : XP
Points Points : 27484
# Likes # Likes : 0

View user profile

Back to top Go down

Re: infected with malmare doctor help

Post by Doctor Inferno on Fri May 29, 2009 1:20 am

Hello, your log is quite unreadable for helpers.

Notepad will be used to view logs, and copy/paste the results. By default Word Wrap is disabled. However, since Word Wrap interferes with the formatting of the logs, please be sure it's disabled. When notepad is open, click Format on menu bar, and ensure Word Wrap is NOT checked.



Please re-post a HijackThis log. Smile


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12017
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104594
# Likes # Likes : 0

View user profile

Back to top Go down

Re: infected with malmare doctor help

Post by DemonicRelic on Fri May 29, 2009 1:49 am

er sorry about that im very new at this i hope this is right now


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:23:28 PM, on 28/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
C:\Documents and Settings\LocalService\Application Data\691447002.exe
C:\WINDOWS\System32\avast!Antivirus.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Documents and Settings\Administrator\Desktop\Hijack(GP)This.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: (no name) - {c6c7b2a1-00f3-42bd-f434-00aaba2c8953} - (no file)
O2 - BHO: Microsoft copyright - {f30b5e7e-cfbb-44fb-a947-226e5a7a4290} - lklf32.dll (file missing)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKLM\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\691447002.exe
O4 - HKCU\..\Run: [] C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
O4 - HKCU\..\Run: [nzdflkioezncfiunfindiuchiuenfcdc] C:\DOCUME~1\T\LOCALS~1\Temp\r979qpgxvc.exe
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16
O4 - HKCU\..\Run: [Malware Doctor] C:\Documents and Settings\LocalService\Application Data\691447002.exe
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\pmyukk3z0m.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\pmyukk3z0m.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\2744224948.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [SYS32DLL] SYS32DLL (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [A00FE213F.exe] C:\WINDOWS\TEMP\_A00FE213F.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\config\SYSTEM~1\protect.dll,_IWMPEvents@16 (User 'Default user')
O4 - .DEFAULT Startup: ChkDisk.dll (User 'Default user')
O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Lookup Word - C:\Program Files\QDictionary\dict.html
O8 - Extra context menu item: T&hesaurus - C:\Program Files\QDictionary\thes.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: vzTCPConfig - [You must be registered and logged in to see this link.]
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - [You must be registered and logged in to see this link.]
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - [You must be registered and logged in to see this link.]
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) -
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} -
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - [You must be registered and logged in to see this link.]
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: ,
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast!Antivirus - Unknown owner - C:\WINDOWS\System32\avast!Antivirus.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 8072 bytes

DemonicRelic
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2009-05-28
OS OS : XP
Points Points : 27484
# Likes # Likes : 0

View user profile

Back to top Go down

Re: infected with malmare doctor help

Post by Belahzur on Fri May 29, 2009 3:31 pm

Hello.

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

Actually, this doesn't suprise me at all...
I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!
This is somewhat suicidal in today's digital world.
That's why I want you to install one first!!

* Please install Avira Antivirus: [You must be registered and logged in to see this link.]
This is a free Antivirus.

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply.
Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum