WinBlueSoft will not allow malware removal program to run

View previous topic View next topic Go down

WinBlueSoft will not allow malware removal program to run

Post by bradkfla7 on Fri May 29, 2009 4:03 am

I have read the postings and suggested fixes on this web site. However, the computer that is infected with WinBlueSoft will not allow me to run the malware removal program suggested (Malwarebytes' Anti-Malware), or access the Internet. I can look at some of my folders, but not the c: drive. Is there a way to remove this program (or run the anti-malware program) from a command prompt? I appreciate any help you can give me. Thanks.

bradkfla7
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-05-29
OS OS : XP
Points Points : 27475
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft will not allow malware removal program to run

Post by Doctor Inferno on Fri May 29, 2009 4:14 am

Hello,

Please read this first: [You must be registered and logged in to see this link.]


If you can't post a HijackThis log;

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

Note: This tool was posted specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Leave the script box empty.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12017
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104594
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft will not allow malware removal program to run

Post by bradkfla7 on Fri May 29, 2009 4:51 am

Unfortunately I cannot download Hijack on the computer that is infected, since the malware program will not let me access the Internet. If I copy the program to a flash drive and then onto the infected computer, the malware program will not let me run Hijack.

bradkfla7
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-05-29
OS OS : XP
Points Points : 27475
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft will not allow malware removal program to run

Post by Doctor Inferno on Fri May 29, 2009 4:57 am

Follow the instructions above to run The Avenger.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12017
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104594
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft will not allow malware removal program to run

Post by bradkfla7 on Fri May 29, 2009 11:00 am

Here is the log file of Avenger:

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "gxvxcserv.sys" found!
ImagePath: \systemroot\system32\drivers\gxvxcyxxvkayxmlsupxbddvmkmrnsbpjdlirq.sys
Driver disabled successfully.

Rootkit scan completed.


Completed script processing.

*******************

Finished! Terminate.

bradkfla7
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-05-29
OS OS : XP
Points Points : 27475
# Likes # Likes : 0

View user profile

Back to top Go down

Re: WinBlueSoft will not allow malware removal program to run

Post by Belahzur on Fri May 29, 2009 5:37 pm

Hello.

1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Drivers to delete:
gxvxcserv.sys

Files to delete:
C:\WINDOWS\system32\drivers\gxvxcyxxvkayxmlsupxbddvmkmrnsbpjdlirq.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum