TechSpot

8 step viruses/spyware/malware - step 4 doesn't work

By Hopeless88
Feb 10, 2009
  1. i downloaded step #4 in the 8 step virus/spyware/malware thingy which is the malwarebytes anti-malware and it says run error 372 . failed to load control 'vbalsgrid' from vbalsgrid6.ocx. your version may be outdated....did this only happen to me?

    and i tried to download step #5 but it days the system administrator has set policies to prevent this installation... ugh! my computer is soo messed up i need URGENT heLp!
     
  2. mflynn

    mflynn TS Rookie Posts: 2,655

    Boot to Safe Mode networking and do all below.

    Left Drag mouse and Copy for Pasting all text in the box below. Make sure the slider bar goes to bottom from the @ to the end of the second exit.

    Then paste to the black screen of an open command prompt. All may not apply so ignore errors.
    Code:
    @echo off
    cd\
    :: Fix associations
    ftype exefile="%1" %*
    ftype batfile="%1" %*
    ftype cmdfile="%1" %*
    ftype comfile="%1" %*
    ftype scrfile="%1" /S
    ftype regfile="regedit.exe" "%1"
    ftype piffile="%1" %*
    ftype inffile=%SystemRoot%\System32\NOTEPAD.EXE "%1"
    ftype vbsfile=%SystemRoot%\System32\WScript.exe "%1" %*
    ftype jsfile=%SystemRoot%\System32\WScript.exe "%1" %*
    
    assoc .exe=exefile
    assoc .bat=batfile
    assoc .cmd=cmdfile
    assoc .com=comfile
    assoc .scr=scrfile
    assoc .reg=regfile
    assoc .pif=piffile
    assoc .lnk=lnkfile
    assoc .inf=inffile
    assoc .vbs=VBSFile
    assoc .js=JSFile
    
    sc stop TDSSserv.sys
    sc delete TDSSserv.sys
    :: Above sc commands first stops then deletes service if it exists
    ::
    reg unload "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata"
    reg unload "HKEY_LOCAL_MACHINE\SOFTWARE\tdss"
    ::
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata" /f
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\tdss" /f
    ::The above reg commands first unloads the reg keys then deletes these keys.
    ::
    Attrib -h -s -r tdss*.* /s
    del  tdss*.* /f /q /s
    :: The above two lines first clears protective attributes then 
    :: deletes all files on Drive beginning with the name tdss
    
    :: Remove AntiVirus2009
    attrib -h -s -r "%UserProfile%\Desktop\Antivirus 2009.lnk"
    attrib -h -s -r "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk"
    attrib -h -s -r "%UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\S96PZM7V\winsrc[1].dll"
    attrib -h -s -r "%UserProfile%\Start Menu\Antivirus 2009\*.*"
    
    del "%UserProfile%\Desktop\Antivirus 2009.lnk" /f /q
    del "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk" /f /q
    del "%UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\S96PZM7V\winsrc[1].dll" /f /q
    del "%UserProfile%\Start Menu\Antivirus 2009\*.*" /f /q
    
    rd /s /q "%UserProfile%\Start Menu\Antivirus 2009"
    
    attrib -h -s -r "c:\Program Files\Antivirus 2009\*.*"
    rd /s/q "c:\Program Files\Antivirus 2009"
    
    attrib -h -s -r c:\WINDOWS\system32\ieupdates.exe
    attrib -h -s -r c:\WINDOWS\system32\scui.cpl
    attrib -h -s -r c:\WINDOWS\system32\winsrc.dll
    
    del c:\WINDOWS\system32\ieupdates.exe /f /q
    del c:\WINDOWS\system32\scui.cpl /f /q
    del c:\WINDOWS\system32\winsrc.dll /f /q
    
    attrib -h -s -r c:\program files\xwdxqu.txt
    attrib -h -s -r c:\windows\x
    attrib -h -s -r c:\windows\SxsCaPendDel
    
    del c:\program files\xwdxqu.txt  /f /q
    del c:\windows\x  /f /q
    del c:\windows\SxsCaPendDel  /f /q
    
    reg delete HKLM\SOFTWARE\swearware /f
    reg delete HKCU\Software\Wget /f
    reg delete HKLM\Software\Classes\CLSID\{CD363BEC-7150-B887-530D-F3E2E0424EA} /f
    
    :: rootkit gaopdxserv
    attrib -h -s -r "c:\windows\system32\drivers\gaopdxqfotrruc.sys"
    attrib -h -s -r "c:\windows\system32\gaopdxqpqjwmyc.dll"
    attrib -h -s -r "\c:\windows\system32\drivers\gaopdxuigiphwm.sys"
    
    sc stop gaopdxserv.sys.sys
    sc delete gaopdxserv.sys.sys
    
    del  /f /q "c:\windows\system32\drivers\gaopdxqfotrruc.sys"
    del  /f /q  "c:\windows\system32\gaopdxqpqjwmyc.dll"
    del  /f /q  "\c:\windows\system32\drivers\gaopdxuigiphwm.sys"
    
    reg delete "HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaopdxserv.sys" /f
    reg delete "HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaopdxserv.sys" /f
    reg delete "HKEY_LOCAL_MACHINE\Software\Classes\gaopdxvx" /f
    
    reg delete "HKEY_CURRENT_USER\Software\75319611769193918898704537500611" /f
    reg delete "HKEY_CLASSES_ROOT\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}" /f
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037C7B8A-151A-49E6-BAED-CC05FCB50328}" /f
    reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" "75319611769193918898704537500611" /f
    reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" "ieupdate" /f
    echo Finshed ripping out Antivirus 2008-9
    :: Fix associations
    ftype exefile="%1" %*
    ftype batfile="%1" %*
    ftype cmdfile="%1" %*
    ftype comfile="%1" %*
    ftype scrfile="%1" /S
    ftype regfile="regedit.exe" "%1"
    ftype piffile="%1" %*
    ftype inffile=%SystemRoot%\System32\NOTEPAD.EXE "%1"
    ftype vbsfile=%SystemRoot%\System32\WScript.exe "%1" %*
    ftype jsfile=%SystemRoot%\System32\WScript.exe "%1" %*
    
    assoc .exe=exefile
    assoc .bat=batfile
    assoc .cmd=cmdfile
    assoc .com=comfile
    assoc .scr=scrfile
    assoc .reg=regfile
    assoc .pif=piffile
    assoc .lnk=lnkfile
    assoc .inf=inffile
    assoc .vbs=VBSFile
    assoc .js=JSFile
    exit
    exit
    This should run and exit!

    It is a coverall and you may see a few errors related to it addressing something you do not need. This is normal ignore.

    Now still in safe Mode networking continue the 8 Steps.

    Mike
     
  3. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  4. Hopeless88

    Hopeless88 TS Rookie Topic Starter

    my computer doesnt let me copy and paste, and i have no toolbar :confused:
     
  5. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    You should be able to click on the link then ;)
     
  6. mflynn

    mflynn TS Rookie Posts: 2,655

    Did you boot to Safe mode?

    How did you get the first 3 steps done?

    We need more details!

    Mike
     
  7. Hopeless88

    Hopeless88 TS Rookie Topic Starter

    I Clicked the link same thing happened..doesnt work. i been in safe mode because in original mode i cant access the internet. the first 3 steps downloaded fine and had no problems...

    Basically whats wrong with my comp is that i cant copy and paste. i cant access the internet in the normal mode. i did a virus scan it found over 200 trojans, it says rpc server is unavailable . and when i try 2 look at my firewall it says ics is not able to open...
     
  8. mflynn

    mflynn TS Rookie Posts: 2,655

  9. Hopeless88

    Hopeless88 TS Rookie Topic Starter

    yea i unzipped it, its running what does this do?
     
  10. mflynn

    mflynn TS Rookie Posts: 2,655

    Click Enable on everything! And click exit at bottom!

    Reboot back to Safe Mode and begin again with the copy paste operation if it works now. Try MalwareBytes and SuperAntiSpyware also.

    Mike
     
  11. Hopeless88

    Hopeless88 TS Rookie Topic Starter

    ugh nothing...& for the ratscheddar when i would press enable it would say failed to set data for,,
     
  12. mflynn

    mflynn TS Rookie Posts: 2,655

    On this board Executable (.EXE ) can not be attached so download the Fixit.zip attachment then Rt Click it get Properties and in the name box change the name from Fixit.zip to Fixit.exe.

    Do not rename by editing the label under the Icon it will not work.

    Then execute it and enter the Fix folder and execute the fixit.cmd
    Read this and do it!
    http://www.techspot.com/vb/post684649-3.html

    Mike
     
  13. Hopeless88

    Hopeless88 TS Rookie Topic Starter

    hey mike.. i followed the steps and when i was in the cmd and it was doin the scan and error window popped up and said "system error &h800706ba(-2147023174) the rpc server is unavailable. =(

    a notepad popped up...what does this mean?

    Not exist: C:\qlcojek.exe
    Not exist: C:\WINDOWS\webhdll.dll
    Not exist: C:\WINDOWS\whagent.inf
    Not exist: C:\WINDOWS\whInstaller.exe
    Not exist: C:\WINDOWS\whInstaller.ini
    Not exist: C:\WINDOWS\SVCHOST.exe
    Not exist: C:\WINDOWS\mssys.com
    Not exist: C:\WINDOWS\nem216.dll
    Not exist: C:\WINDOWS\cvchost.exe
    Not exist: C:\WINDOWS\ntldr.exe
    Not exist: C:\WINDOWS\rocky.exe
    Not exist: C:\WINDOWS\wininet32.exe
    Not exist: C:\WINDOWS\runwin32.exe
    Not exist: C:\WINDOWS\msxmidi.exe
    Not exist: C:\WINDOWS\mstaskss.exe
    Not exist: C:\WINDOWS\mstasks1.exe
    Not exist: C:\WINDOWS\msstasks.exe
    Not exist: C:\WINDOWS\seksdialer.exe
    Not exist: C:\WINDOWS\urub.exe
    Not exist: C:\WINDOWS\SYSTEM\wmscrop.exe
    Not exist: C:\WINDOWS\mssys.com
    Not exist: C:\WINDOWS\nem216.dll
    Not exist: C:\WINDOWS\cvchost.exe
    Not exist: C:\WINDOWS\ntldr.exe
    Not exist: C:\WINDOWS\rocky.exe
    Not exist: C:\WINDOWS\wininet32.exe
    Not exist: C:\WINDOWS\runwin32.exe
    Not exist: C:\WINDOWS\msxmidi.exe
    Not exist: C:\WINDOWS\mstaskss.exe
    Not exist: C:\WINDOWS\mstasks1.exe
    Not exist: C:\WINDOWS\msstasks.exe
    Not exist: C:\WINDOWS\seksdialer.exe
    Not exist: C:\WINDOWS\urub.exe
    Not exist: C:\WINDOWS\SYSTEM\wmscrop.exe
    Not exist: C:\WINDOWS\bak
    Not exist: C:\WINDOWS\logonui.exe
    Not exist: C:\WINDOWS\pop06ap2.exe
    Not exist: C:\WINDOWS\system32\Com\SVCHOSTKEY.DLL
    Not exist: C:\WINDOWS\system32\Com\SVCHOSTKEY.DLL
    Not exist: C:\WINDOWS\system32\dmaas.exe
    Not exist: C:\WINDOWS\system32\com\svchost.exe
    Not exist: C:\WINDOWS\system32\nggstr.dll
    Not exist: C:\WINDOWS\system32\wcpsvsu.exe
    Not exist: C:\WINDOWS\system32\cpclccmd.dll
    Not exist: C:\WINDOWS\system32\aaauxydradkw.dll
    Not exist: C:\WINDOWS\system32\aaauxydradkw.dll
    Not exist: C:\WINDOWS\system32\lnhbwqfqsjdn.dll
    Not exist: C:\WINDOWS\system32\xwerymuwyaak.dll
    Not exist: C:\WINDOWS\system32\wdywdhcgvqsf.dll
    Not exist: C:\WINDOWS\system32\dlh9jkd1q8.exe
    Not exist: C:\WINDOWS\system32\4a0fd307.exe
    Not exist: C:\WINDOWS\system32\rqrolmk.dll
    Not exist: C:\WINDOWS\system32\etbbjxtr.dll
    Not exist: C:\WINDOWS\system32\vtutr.dll
    Not exist: C:\WINDOWS\system32\wmvconf.exe
    Not exist: C:\WINDOWS\system32\atmconf.exe
    Not exist: C:\WINDOWS\system32\e1.dll
    Not exist: C:\WINDOWS\system32\rpcc.dll
    Not exist: C:\WINDOWS\system32\dmywn.exe
    Not exist: C:\WINDOWS\system32\dvoxcqpu.dll
    Not exist: C:\WINDOWS\system32\zreixu.exe
    Not exist: C:\WINDOWS\system32\anhjit.exe
    Not exist: C:\WINDOWS\system32\wpa20.exe
    Not exist: C:\WINDOWS\system32\winjews16.exe
    Not exist: C:\WINDOWS\system32\cottyafl.dll
    Not exist: C:\WINDOWS\system32\vturp.dll
    Not exist: C:\WINDOWS\system32\aswasuqk.dll
    Not exist: C:\WINDOWS\system32\winjews16.exe
    Not exist: C:\WINDOWS\system32\cottyafl.dll
    Not exist: C:\WINDOWS\system32\msxslab.dll
    Not exist: C:\WINDOWS\system32\bridge.dll
    Not exist: C:\WINDOWS\system32\jac.dll
    Not exist: C:\WINDOWS\system32\d2kpax.dll
    Not exist: C:\WINDOWS\system32\a.exe
    Not exist: C:\WINDOWS\system32\winproc32.exe
    Not exist: C:\WINDOWS\system32\d2kpax.exe
    Not exist: C:\WINDOWS\system32\mcc.exe
    Not exist: C:\WINDOWS\system32\lvj6091se.dll
    Not exist: C:\WINDOWS\system32\msxslab.dll
    Not exist: C:\WINDOWS\system32\bridge.dll
    Not exist: C:\WINDOWS\system32\jac.dll
    Not exist: C:\WINDOWS\system32\d2kpax.dll
    Not exist: C:\WINDOWS\system32\a.exe
    Not exist: C:\WINDOWS\system32\winproc32.exe
    Not exist: C:\WINDOWS\system32\d2kpax.exe
    Not exist: C:\WINDOWS\system32\mcc.exe
    Not exist: C:\WINDOWS\system32\lvj6091se.dll
    Not exist: C:\WINDOWS\system32\vxga4me1.exe
    Not exist: C:\WINDOWS\system32\svch21.dll
    Not exist: C:\WINDOWS\system32\ldcore.dll
    Not exist: C:\WINDOWS\system32\sdfghjgewaertyutrew.exe
    Not exist: C:\WINDOWS\system32\nweipeg.dll
    Not exist: C:\WINDOWS\system32\out.dll
    Not exist: C:\WINDOWS\system32\qvx5gamet2.exe
    Not exist: C:\WINDOWS\system32\comdlg77.dll
    Not exist: C:\WINDOWS\system32\hrcopul.dll
    Not exist: C:\WINDOWS\system32\vxga4me1.exe
    Not exist: C:\WINDOWS\system32\tccpip.exe
    Not exist: C:\WINDOWS\system32\dlh9jkd1q7.exe
    Not exist: C:\WINDOWS\system32\dlh9jkd1q6.exe
    Not exist: C:\WINDOWS\system32\vpumthw.exe
    Not exist: C:\WINDOWS\system32\dlh9jkd1q8.exe
    Not exist: C:\WINDOWS\system32\ljjkhii.dll
    Not exist: C:\WINDOWS\system32\opnkkli.dll
    Not exist: C:\WINDOWS\system32\mshta.dll
    Not exist: C:\WINDOWS\system32\msiexec16.ex
    Not exist: C:\WINDOWS\system32\m4rmle911h.dll
    Not exist: C:\WINDOWS\system32\zopenssl.dll
    Not exist: C:\WINDOWS\system32\rpcc.exe
    Not exist: C:\WINDOWS\system32\ATTJIT.EXE
    Not exist: C:\WINDOWS\system32\drivers\agrerial.sys
    Not exist: C:\WINDOWS\system32\drivers\pxscrmbl.sys
    Not exist: C:\WINDOWS\system32\pushow86.dll
    Not exist: C:\WINDOWS\system32\KDXNZ.EXE
    Not exist: C:\WINDOWS\system32\lpqrio.dll
    Not exist: C:\WINDOWS\system32\vmmdiag32.exe
    Not exist: C:\WINDOWS\system32\nvritf.dll
    Not exist: C:\WINDOWS\system32\krnsvr32.dll
    Not exist: C:\WINDOWS\system32\win18110.dll
    Not exist: C:\WINDOWS\system32\wmimgr32.dll
    Not exist: C:\WINDOWS\system32\win33810.dll
    Not exist: C:\WINDOWS\system32\win48372.dll
    Not exist: C:\WINDOWS\system32\win59645.dll
    Not exist: C:\WINDOWS\system32\win31461.dll
    Not exist: C:\WINDOWS\system32\win10698.dll
    Not exist: C:\WINDOWS\system32\win27776.dll
    Not exist: C:\WINDOWS\system32\win1654.dll
    Not exist: C:\WINDOWS\system32\win43005.dll
    Not exist: C:\WINDOWS\system32\win62458.dll
    Not exist: C:\WINDOWS\system32\win42086.dll
    Not exist: C:\WINDOWS\system32\win22370.dll
    Not exist: C:\WINDOWS\system32\win40260.dll
    Not exist: C:\WINDOWS\system32\win19106.dll
    Not exist: C:\WINDOWS\system32\win58114.dll
    Not exist: C:\WINDOWS\system32\win15359.dll
    Not exist: C:\WINDOWS\system32\win56663.dll
    Not exist: C:\WINDOWS\system32\win35494.dll
    Not exist: C:\WINDOWS\system32\win54931.dll
    Not exist: C:\WINDOWS\system32\win31247.dll
    Not exist: C:\WINDOWS\system32\win10140.dll
    Not exist: C:\WINDOWS\system32\win36546.dll
    Not exist: C:\WINDOWS\system32\win17564.dll
    Not exist: C:\WINDOWS\system32\win58525.dll
    Not exist: C:\WINDOWS\system32\win10957.dll
    Not exist: C:\WINDOWS\system32\win53699.dll
    Not exist: C:\WINDOWS\system32\win52749.dll
    Not exist: C:\WINDOWS\system32\win309.dll
    Not exist: C:\WINDOWS\system32\win43035.dll
    Not exist: C:\WINDOWS\system32\win22491.dll
    Not exist: C:\WINDOWS\system32\win46240.dll
    Not exist: C:\WINDOWS\system32\win18548.dll
    Not exist: C:\WINDOWS\system32\win18704.dll
    Not exist: C:\WINDOWS\system32\wmimgr32.dll
    Not exist: C:\WINDOWS\system32\win23704.dll
    Not exist: C:\WINDOWS\system32\lzx32.sys
    Not exist: C:\WINDOWS\system32\actsrv.exe
    Not exist: C:\WINDOWS\system32\iwinapp.exe
    Not exist: C:\WINDOWS\system32\rpcc.dll
    Not exist: C:\WINDOWS\system32\hivencnf.dll
    Not exist: C:\WINDOWS\system32\rcyggcma.dll
    Not exist: C:\WINDOWS\system32\abbrhlik.dll
    Not exist: C:\WINDOWS\system32\jlbowagw.dll
    Not exist: C:\WINDOWS\system32\fqhsdhia.dll
    Not exist: C:\WINDOWS\system32\tsvibntc.dll
    Not exist: C:\WINDOWS\system32\xshbcvgh.dll
    Not exist: C:\WINDOWS\system32\qtjqekwq.dll
    Not exist: C:\WINDOWS\system32\ouibkela.dll
    Not exist: C:\WINDOWS\system32\efqwanxx.dll
    Not exist: C:\WINDOWS\system32\lexlxqwb.dll
    Not exist: C:\WINDOWS\system32\cvgfkrjw.dll
    Not exist: C:\WINDOWS\system32\metibvuo.dll
    Not exist: C:\WINDOWS\system32\dyutkecv.dll
    Not exist: C:\WINDOWS\system32\crlwxswe.dll
    Not exist: C:\WINDOWS\system32\fffvclsf.dll
    Not exist: C:\WINDOWS\system32\ehjhukdi.dll
    Not exist: C:\WINDOWS\system32\xvtyfkqi.dll
    Not exist: C:\WINDOWS\system32\kilwbnoo.dll
    Not exist: C:\WINDOWS\system32\qhdaesnp.dll
    Not exist: C:\WINDOWS\system32\uqauprex.dll
    Not exist: C:\WINDOWS\system32\kngqlljl.dll
    Not exist: C:\WINDOWS\system32\ubhehyff.dll
    Not exist: C:\WINDOWS\system32\ytqwpkqs.dll
    Not exist: C:\WINDOWS\system32\ydaoexyc.dll
    Not exist: C:\WINDOWS\system32\hsgktimn.dll
    Not exist: C:\WINDOWS\system32\mwlinckx.dll
    Not exist: C:\WINDOWS\system32\riojylde.dll
    Not exist: C:\WINDOWS\system32\rqnofyew.exe
    Not exist: C:\WINDOWS\system32\amrqqnbj.dll
    Not exist: C:\WINDOWS\system32\efufiigc.dll
    Not exist: C:\WINDOWS\system32\grtxctvg.dll
    Not exist: C:\WINDOWS\system32\drvsud.dll
    Not exist: C:\WINDOWS\system32\wincjw32.dll
    Not exist: C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll
    Not exist: C:\Documents and Settings\test\Application Data\turing_files.ini
    Not exist: C:\Documents and Settings\test\Application Data\turing.ini
    Not exist: C:\Documents and Settings\GLB\Local Settings\Application Data4a0fd307.exe
    Not exist: C:\Program Files\q330994.exe
    Not exist: C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
    Not exist: C:\Program Files\Common Files\{6831F5EA-0960-1033-0430-020624030001}\Update.exe
    Not exist: C:\WINDOWS\email-av.exe
    Not exist: C:\dfndrff_125.exe
    Not exist: C:\nwnmff_e35.exe
    Not exist: C:\Program Files\q330994.exe
    Not exist: C:\WINDOWS\system32\win_8.exe
    Not exist: C:\WINDOWS\system32\n?pdb.exe
    Not exist: C:\WINDOWS\TEMP\winumlgkkª.exe
    Not exist: C:\4ceaf2717e9926c4f79108a2d5
    Not exist: C:\Program Files\Webhancer
    Not exist: C:\Documents and Settings\Office5\Application Data\SearchToolbarCorps
    Not exist: C:\Program Files\Uipepio
    Not exist: C:\Program Files\AWS
    Not exist: C:\Program Files\SearchRelevancy
    Not exist: C:\Program Files\PartyGaming
     
  14. mflynn

    mflynn TS Rookie Posts: 2,655

    That is a log file try to attach these.

    Now go back and see if you can do post #2..

    The the 8 Steps.

    Mike
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...