TechSpot

8 Step Removal Program and Win32/Heur Problem

By Jaydee11
Feb 19, 2009
Topic Status:
Not open for further replies.
  1. Hi

    I am new at this a little but I caught a virus from trying to upload a bit torrent fie a few days ago. The virus that I am having some struggles with is the Win32/HEUR virus. I have followed the Eight Steps recomnended by Julio and Blind Dragon with the exception of Malwarebytes due to the fact that I would have to pay for it online and with virus on the computer, I did not feel safe to do so. So I used Webroot Spybot for Step 4. I only removed a few items. I also have AVG as my anti virus. I keeps giving me the Win32/Heur threat to this point.

    All of the other steps, I have followed in safe mode. My computer seems to run slow at this point as well. I also have ZONE Alarm as my firewall which alerts me of internet intrusions.

    I am looking for the next step and removing the remaining virus and fully cleaning up m system. Please review my log files. I have to break them up becuase they were too large to upload. I really do appreciate the help and support in this.

    Thanks

    Jaydee11

    Attached Files:

  2. mflynn

    mflynn TS Rookie Posts: 2,793

    Run SAS again post logs for each run it will likely find more, Run it until it comes up clean or finds thins it can not clean post each log!

    Negative on the MalwareBytes (just download the free one) download and run it now from the 8 Steps!

    Mike
  3. Jaydee11

    Jaydee11 TS Rookie Topic Starter Posts: 43

    ok. I am running both SAS and Anti Malware and will post the logs when it is done. thanks for the help. they take a while for them to run.
  4. mflynn

    mflynn TS Rookie Posts: 2,793

    Should not run the simultaneously, they may conflict with each other and you will gain no speed or time, will take twice as long.

    But if you have and they have been running long then let them run and hope they finish OK without locking up.

    Mike
  5. Jaydee11

    Jaydee11 TS Rookie Topic Starter Posts: 43

    I'm sorry. I meant one at a time which I am doing. I finished SAS with no virus and I am running A Malware now. I will have all logs latest to earliest including hijackthis posted in the morning. Thanks
  6. mflynn

    mflynn TS Rookie Posts: 2,793

    Good!

    Mike
  7. Jaydee11

    Jaydee11 TS Rookie Topic Starter Posts: 43

    mike

    I just rebooted my computer in normal mode after I ran all of the programs and I cannot see none of my icons on the desktop. What should I do?
  8. mflynn

    mflynn TS Rookie Posts: 2,793

    Jeeze!

    Hit Ctrl Alt Del for task manager then click run
    then
    type
    Explorer

    Click ok or hit enter key.

    Were you returning from the SDFix reboot from Safe Mode?

    Mike
  9. Jaydee11

    Jaydee11 TS Rookie Topic Starter Posts: 43

    ok. it opened up. I ran abam,SD and hijack this in safe mode. SD found nothing while ABAM found four threads. I am going to send all files in a minute.
  10. mflynn

    mflynn TS Rookie Posts: 2,793

    Good!

    Mike
  11. Jaydee11

    Jaydee11 TS Rookie Topic Starter Posts: 43

    Here are the MBAM and Anti Files. I will send Hijackthis on the next response. My computer seems to run very slow at this point. I noticed that AVG keeps sending me a threat removal of the WIN32/HEUR Virus. I currenlty have AVG, and ANTI SPYWARE, SPYSWEEPER running as programs. Should I delete one of them to see if the computer runs faster? Thanks
     
  12. mflynn

    mflynn TS Rookie Posts: 2,793

    Owee!

    Leave all running for now just contend with the slowness until we are clean. You ahve so much we need all the protection we can get.

    You weren't only infected you were eat up infested.

    Another run indicated!
    OK there were found/removed items in both MBAM and SAS so we need to run again as the last runs likely exposed things that were not even seen the first time.

    So another run Quick Scan will likely find more. So UPDATE run both again. Post the logs.

    Mike
  13. Jaydee11

    Jaydee11 TS Rookie Topic Starter Posts: 43

    Ok I will run both again. did you notice that the last SAS quick scan came up clean and the last Malware run came up with four infections. quite a drop from the first runs. Also when shutting down my computer to go into safe mode to rerun, I had noticed a bunch of dll's failing to shut down. I wonder what this is about.
  14. mflynn

    mflynn TS Rookie Posts: 2,793

    Yes I noticed the cleaned items dropped.! The shutdown dll issues it will likely self correct when clean or we will address them when clean.

    Ok no need to run SAS again! My mistake.

    Mike
  15. Jaydee11

    Jaydee11 TS Rookie Topic Starter Posts: 43

    ok. I have stopped SAS and I am now running MBAM again. Will let you know the results.

    Mike

    Here is the latest mdam file. Let me know what is next. AVG is still giving me the WIN32/heur threat emoved reminder. Dont know if that is a False Positive or not. Look forward to you response.r
  16. mflynn

    mflynn TS Rookie Posts: 2,793

    Do the below! This is not hard 1 step at a time.

    COMBOFIX-Script
    Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
    Code:
    KillAll::
    
    FCopy::
    C:\WINDOWS\ServicePackFiles\i386\userinit.exe | C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\ServicePackFiles\i386\explorer.exe | C:\WINDOWS\explorer.exe
    Then drag this script and drop on top of ComboFix.

    ComboFix will now run a scan on your system.

    It may reboot your system when it finishes. This is normal.

    When finished, it will create a log. Attach the log back.

    Mike
  17. Jaydee11

    Jaydee11 TS Rookie Topic Starter Posts: 43

    is COMBOFix a program? Where do I find it?
  18. mflynn

    mflynn TS Rookie Posts: 2,793

    Geeze Jadee overlook me.

    Too many similar threads. And the Friday rush!

    Forget that for now but we may need to come back to it!

    Do this. Part of it is ComboFix

    Download SDFix to Desktop.

    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    On Desktop run SDdFix It will run (install) then close.

    Then reboot into Safe Mode

    As the computer starts up, tap the F8 key several times.

    On the Boot menu Choose Safe Mode.

    Click thu all the prompts to get to desktop.

    At Desktop
    My Computer C: drive. Double-click to open.

    Look for a folder called SD Fix. Double-click to enter SD Fix.

    Double-click to RunThis.bat. Type Y to begin.

    SD Fix does its job.

    When prompted hit the enter key to restart the computer

    Your computer will reboot.

    On normal restart the Fixtool will run again and complete the removal process then say Finished,
    Hit the Enter key to end the script and load your desktop icons.

    Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
    Attach the Report.txt file to your next post.
    =========================================
    Download ComboFix

    NOTE: If you have had ComboFix more than a few days old delete and re-download.

    Get it here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Or here: http://subs.geekstogo.com/ComboFix.exe

    Double click combofix.exe follow the prompts.

    Install Recovery Console if connected to the Internet!

    When finished, it will open a log.
    Attach the log and a new HJT log in your next reply.

    Note: Do not click combofix's window while its running. That may cause it to stall.

    Mike
  19. Jaydee11

    Jaydee11 TS Rookie Topic Starter Posts: 43

    I would love to continue this next step but now my internet browser is not working. been trying to get online for the past hour. my other online apps are working. don't know what to do next.

    Mike

    If it is ok with you, I am going to run another full scan on Anti Malware again. My computer is still acting a little weird and sluggish and now I cannot browser the internet for some reason. I still think that their is a virus still sworming around by box. The CPU has been running 100% even with no programs running. I need the browser so that I can do the SDFix and Combofix that you have recommended. Let me know if I need to do something else. Thanks
  20. mflynn

    mflynn TS Rookie Posts: 2,793

    Write down the text in the box!
    Code:
    netsh winsock reset catalog
    Boot to safe mode with networking. Try the a Browser to get on the Internet.

    If it don't work open a command prompt and type the comand hit the enter key twice then close the command prompt.

    If browser now works complete SDFix from here and it will reboot back to normal then run combofix.

    Mike
  21. Jaydee11

    Jaydee11 TS Rookie Topic Starter Posts: 43

    How long does the SD fix run in Safe Mode? I think I have it running..my screen is black right now and I cannot see anything in safe mode. Just want to make sure it is running before I go to the next step.
  22. mflynn

    mflynn TS Rookie Posts: 2,793

    Max 10 miniutes.

    Try Ctrl Alt Del try to end task.

    If you have to power off skip sdfix and do the combofix.

    Mike

    I need to call it a night. My mind is foggy don't want to make a mistake.

    I will be on in morning!

    Good night,
    Mike
  23. Jaydee11

    Jaydee11 TS Rookie Topic Starter Posts: 43

    Ok. Thanks for your help today.
    When I installed combofix and tried to run it both in safe and normal mode. It gave me this

    Terminal Error Message:
    C:\Windows\regedit.exe is missing

    Copy one from another machine


    We can work on this tomorrow.

    Thanks

    Good Morning Mike,

    When I installed combofix and tried to run it both in safe and normal mode. It gave me this

    Terminal Error Message:
    C:\Windows\regedit.exe is missing

    Copy one from another machine.

    Thanks for your continued support.
  24. mflynn

    mflynn TS Rookie Posts: 2,793

    Lets try to find a backup. Must have been infected and removed.

    Left Drag mouse and Copy for Pasting all text in the box below.
    Make sure the slider bar goes to bottom from the @ to the end of the second exit.

    Then paste to the black screen of an open command prompt.
    Code:
    @echo off
    cd\
    dir /s regedit.exe >"%USERPROFILE%"\Desktop\regedit.txt
    exit
    exit
    Now post the regedit.txt from the new icon on the desktop back to the thread.

    Mike
  25. Jaydee11

    Jaydee11 TS Rookie Topic Starter Posts: 43

    How fo you get the the command prompt from here? Do I have to reboot to command mode?
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.