8 Step Removal Program and Win32/Heur Problem

By Jaydee11
Feb 19, 2009
Topic Status:
Not open for further replies.
  1. Jaydee11

    Jaydee11 Newcomer, in training Topic Starter Posts: 43

    I just talked to my friend and he says that he has several copys. Will an OEM copy work? Always does it need to go through a verification process in order for it to work? He ask me to verify.

    oh yeah, it seems like mbam is working now.... found 3 more viruses.
  2. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Great on the MBAM!

    Yes the OEM will work not required but is it SP2 as yours is! We will handle the registration issues but do get the Product Key. But we may not need it but just in case.

    Mike
  3. Jaydee11

    Jaydee11 Newcomer, in training Topic Starter Posts: 43

    Yes!!! He has SP3 with everything we need. I will have to put it up later this evening though and we can possibly work on what you need from it Sunday if you work or Monday. For now I will run MBAM,SAS and HJT for you.
  4. mflynn

    mflynn Newcomer, in training Posts: 2,793

    In post #60 you were doing an MBAM scan and it had found 3 more issues.

    I need the log for that and then you were supposed to retry SDFix.

    If we do a repair install or repair with sfc then we will need the computer as clean as possible.

    If we were to totally format and reinstall this would not matter. But I don't plan that yet!

    Mike
  5. Jaydee11

    Jaydee11 Newcomer, in training Topic Starter Posts: 43

    Hi Mike

    I have been out all day and just got back in a ready to work on this. What I have done so far is ran ran SAS in both quick and full scan. The quick scan I ran last nght and it came up with threats. I ran a full scan again and it had only one. I am having a problem with MBAM because it keeps stopping on me. I tried to run it twice last night..I did a MBAM first, stopped it, ran SAS quick scan second, then I ran MBAM scan again and it stopped on me, and then SAS full scan last. Here are the logs. I can now run sdfix if you want me to. Let me know what you what me to do next.
  6. mflynn

    mflynn Newcomer, in training Posts: 2,793

    OK run Combofix again post the log.

    Reboot to Safe Mode

    Then try MBAM in safe Mode.

    Mike
  7. Jaydee11

    Jaydee11 Newcomer, in training Topic Starter Posts: 43

    Can I run Combofix in safe mode since I am in Sade mode now?
  8. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

  9. Jaydee11

    Jaydee11 Newcomer, in training Topic Starter Posts: 43

    Mke is that ok??? Sorry Kim...I not sure if you are working with Mike on this...
  10. mflynn

    mflynn Newcomer, in training Posts: 2,793

    OH Yes! Kim is #1 in my book!

    .

    ..
    ..

    But I just want tell you which Book!:grinthumb

    Mike
  11. Jaydee11

    Jaydee11 Newcomer, in training Topic Starter Posts: 43

    Ok.. will not inquire:)

    So...I tried to run combofix in both safe and normal mode and it told me that I am missing a regedit in the c drive and cant run although I had already dropped the regedit file in the c drive. Dont understand.
  12. mflynn

    mflynn Newcomer, in training Posts: 2,793

    No I think you just put a text file there from what you said.

    OK now put the XP Install CD in the CD.

    Then

    Start-Run
    type
    sfc /purgecache

    When it completes

    repeat but type
    sfc /scannow

    Mike
  13. Jaydee11

    Jaydee11 Newcomer, in training Topic Starter Posts: 43

    Mike,

    Please let me know what is next in this process. I loaded the XP Install CD and did the scripts. I will run mbam again and post logs if it doesnt lock up on me. Also do you want a HJT log too?

    Thanks for you help today as well as Kim:)

    jaydee11
     
  14. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Yes post another HJT log

    I usually recommend run CCleaner, then restart, then create the log, then attach it
  15. Jaydee11

    Jaydee11 Newcomer, in training Topic Starter Posts: 43

    Kim

    I receive an error run HJT.

    Modmain_checkother4item()
    Error #6 - overview.

    I attached the logfile
  16. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Look I don't want to read through all these posts.
    But please uninstall AVG8 (if you want to be clean ;) )
    Then run the removal tool

    Install Avira free AntiVirus, and run a full scan
    And watch how the Viruses are removed :)
  17. Jaydee11

    Jaydee11 Newcomer, in training Topic Starter Posts: 43

    Kim

    I uninstall AVG8 like you said and it is gone. I am trying to load Avira onto my computer in which it did. I was trying to extract the files and it gave me this error:confused:

    The CRC Sum of

    C:|DOCUMENT\...\Locals 1\Temp\RAR SFX0\basic\setup.exe
    has changed! This could be due to a virus!
    Do you want to shutdown setup?
  18. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Run CCleaner and start install of Avira again
  19. Jaydee11

    Jaydee11 Newcomer, in training Topic Starter Posts: 43

    Ran it and still have the same issue.
  20. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    You may need to confirm Windows updates are completed
    Then run CCleaner again (this will clean out that temp folder again)
    Then install Avira in Safe Mode
  21. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Hi JayDee

    Had too much going on yesterday. Unexpected visitors etc.

    Did you complete the sfc runs?

    If sfc completed then post another ComboFix log because if you still have an infected Explorer and Userinit.exe then this is likely the reason for the issues above.

    The log will show if these items were fixed by the sfc.

    Mike
  22. Jaydee11

    Jaydee11 Newcomer, in training Topic Starter Posts: 43

    I ran them yesterday as instructed. I didnt know what to do next. It didnt ask me a next step or anything. The Welcome to XP screen was up.

    I did anther SAS scan last night and it is still finding some bugs. Log attached
  23. mflynn

    mflynn Newcomer, in training Posts: 2,793

    Get me a combofix, if the sfc fixed explorer and userinit then that opened the blind spot and MBAM and SAS can now see things that were hidden before

    The ComboFix log will show if sfc fixed the files. And if ComboFix still reports Regedit as missing then it may not have fixed anything.

    After the ComboFix do the MBAM once only and post another log.

    Then an SAS log.

    Realize that each time something bad is cleaned it opens up the possibility of them finding others that were not vi sable before. So we want keep going until we have clean logs.

    Mike
  24. Jaydee11

    Jaydee11 Newcomer, in training Topic Starter Posts: 43

    I wish I could give you a Combofix but it still says that the regedit is missing. You think that I should do sfc again just to make sure it captured all the missing files?
  25. mflynn

    mflynn Newcomer, in training Posts: 2,793

    No do this first..

    Do post #24 again

    Mike
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.