8 Step Removal Program and Win32/Heur Problem

Ok.. will not inquire

So...I tried to run combofix in both safe and normal mode and it told me that I am missing a regedit in the c drive and cant run although I had already dropped the regedit file in the c drive. Dont understand.

No I think you just put a text file there from what you said.

OK now put the XP Install CD in the CD.

Then

Start-Run
type
sfc /purgecache

When it completes

repeat but type
sfc /scannow

Mike

Mike,

Please let me know what is next in this process. I loaded the XP Install CD and did the scripts. I will run mbam again and post logs if it doesnt lock up on me. Also do you want a HJT log too?

Thanks for you help today as well as Kim

jaydee11

Yes post another HJT log

I usually recommend run CCleaner, then restart, then create the log, then attach it

Kim

I receive an error run HJT.

Modmain_checkother4item()
Error #6 - overview.

I attached the logfile

Look I don't want to read through all these posts.
But please uninstall AVG8 (if you want to be clean )
Then run the removal tool

Install Avira free AntiVirus, and run a full scan
And watch how the Viruses are removed

Kim

I uninstall AVG8 like you said and it is gone. I am trying to load Avira onto my computer in which it did. I was trying to extract the files and it gave me this error

The CRC Sum of

C:|DOCUMENT\...\Locals 1\Temp\RAR SFX0\basic\setup.exe
has changed! This could be due to a virus!
Do you want to shutdown setup?

Run CCleaner and start install of Avira again

Ran it and still have the same issue.

You may need to confirm Windows updates are completed
Then run CCleaner again (this will clean out that temp folder again)
Then install Avira in Safe Mode

Hi JayDee

Had too much going on yesterday. Unexpected visitors etc.

Did you complete the sfc runs?

If sfc completed then post another ComboFix log because if you still have an infected Explorer and Userinit.exe then this is likely the reason for the issues above.

The log will show if these items were fixed by the sfc.

Mike

I ran them yesterday as instructed. I didnt know what to do next. It didnt ask me a next step or anything. The Welcome to XP screen was up.

I did anther SAS scan last night and it is still finding some bugs. Log attached

Get me a combofix, if the sfc fixed explorer and userinit then that opened the blind spot and MBAM and SAS can now see things that were hidden before

The ComboFix log will show if sfc fixed the files. And if ComboFix still reports Regedit as missing then it may not have fixed anything.

After the ComboFix do the MBAM once only and post another log.

Then an SAS log.

Realize that each time something bad is cleaned it opens up the possibility of them finding others that were not vi sable before. So we want keep going until we have clean logs.

Mike

I wish I could give you a Combofix but it still says that the regedit is missing. You think that I should do sfc again just to make sure it captured all the missing files?

No do this first..

Do post #24 again

Mike

Hey, I appreciate you for toughing this out for me. You can tell that I don't give up easily and this thread is probably the longest on record for all the see Can be a little frustrated though.

Anyway, I did posted 23 and still there is no regedit to be found although I transferred the file from my other computer to my c: dir.

It shows Regedit.exe right on the desktop.

Just copy it and paste it into the c:\windows folder.

Once there do the ComboFix again.

Mike

Mike

That is what I did yesterday as well as today. It is not recognizing that file. It is the file that has the blue boxes as the icon. You think it is best just to reformat the whole thing. I also noticed that a lot of DLL files failing to execute when I shut down the computer. Is it becuase of when I deleted a lot of the virius that it may of deleted the files as well?

Possibly or the remainder of some malware we removed.

Your choice on the formatting.

Mike

Do you have any other suggestions since I am stuck not being able to run Combofix, MBAM stalling, and able to load Avira.
I would have a problem running XP sp3 as long as it doesn't mess my computer up further. what would be my steps if I choose to do so? don't get me wrong, if you want to continue attacking this, then I can hang on.