You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
8 steps completed, here's my logs
- Thread starter nb1106
- Start date
- Status
- Not open for further replies.
You are going to jump thu this computer screen at me when I ask you this, but when Full DrWeb is finished go back where you got DrWeb and D/L and run NOD32 cleaner in Safe mode!
Now that we seem to be clean I want another very good and powerful program like NOD to confirm it even again!
Mike
Now that we seem to be clean I want another very good and powerful program like NOD to confirm it even again!
Mike
That is Great! I have always had great respect for DrWeb but this sends that thu the roof!
If nod and drweb express both come up clean then....
The following is to get your system back to normal and fix any missing Windows Components and dll's etc. And preparation for SP3 which will for sure finish up things.
This has to be done in normal mode so after the SP3 download unplug network then turn off both Windows Firewall if on, and Zone Alarm, also turn off Avira. This is so they do not interfere with the install of SP3. I will tel you below when to do this.
----------------------------------------------------------------------------------------------------------------------------------
Boot to Safe Mode
Cleanup temps and Registry and System Restore (you should already have these programs from earlier)
.
Run CCleaner http://www.ccleaner.com/download/builds (get SLIM at bottom no Yahoo toolbar)
Run twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.
Run ATF-Cleaner http://majorgeeks.com/ATF_Cleaner_d4949.html Temp and Registry, repeatedly until no more found.
KCleaner ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
Fantastic cleaner.
---------------------------------------------------------------------------------------------------------------------------------
The issues were found is in System Restore so do the below
Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "Cleanup at TechSpot".
Then Start-Programs-Accessories-System Tools-Disk Cleanup
Click OK to accept C:
Select all Boxes
Then click More Options
Here click System Restore and OK to "Are you sure" and the OK to Run.
As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.
It clears what is known as Shadow copies which are used by specialized back up programs.
This is if you have the Volume Shadow Copy running which is the default.
Only after the above redownload SAS install update and run attach log.
All of above in Safe Mode networking.
----------------------------------------------------------------------------------------------------------------------------------
Boot back to Normal Mode
Download Dial-A-Fix (DAF)
http://wiki.djlizard.net/Dial-a-fix#...C_and_articles
http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip
Have XP CD available in case DAF needs a file.
Check all boxes on the screen (clear any restrictions if it shows any)
Then click GO!
When the entire page is finished click the HammerHead at bottom to go to the second DAF page.
Here 1 at a time do the below
Flush DNS
Flush icons
Process idle Tasks
Reinstall Automatic Updates Service
Reinstall BITS
Reinstall Defrag
Reinstall Help and Support service
Reinstall Windows Firewall
Repair Permissions
Watch for any File not found or other errors and make note as this may lead to something needing to fixed!
Then,,
Download the full offline SP3 install from here.
http://www.microsoft.com/DownLoads/...a8-5e76-401f-be08-1e1555d4f3d4&displaylang=en
Then turn off items as indicated above and install SP3!
When finished plug cable back up and reboot, when back up run in the order below..
Paranoid check!
Update MBAM run Quick Scan
Update SAS run Quick scan
Run ComboFix
Then from Safe Mode run SDFix
Post all logs.
Mike
If nod and drweb express both come up clean then....
The following is to get your system back to normal and fix any missing Windows Components and dll's etc. And preparation for SP3 which will for sure finish up things.
This has to be done in normal mode so after the SP3 download unplug network then turn off both Windows Firewall if on, and Zone Alarm, also turn off Avira. This is so they do not interfere with the install of SP3. I will tel you below when to do this.
----------------------------------------------------------------------------------------------------------------------------------
Boot to Safe Mode
Cleanup temps and Registry and System Restore (you should already have these programs from earlier)
.
Run CCleaner http://www.ccleaner.com/download/builds (get SLIM at bottom no Yahoo toolbar)
Run twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.
Run ATF-Cleaner http://majorgeeks.com/ATF_Cleaner_d4949.html Temp and Registry, repeatedly until no more found.
KCleaner ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
Fantastic cleaner.
---------------------------------------------------------------------------------------------------------------------------------
The issues were found is in System Restore so do the below
Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "Cleanup at TechSpot".
Then Start-Programs-Accessories-System Tools-Disk Cleanup
Click OK to accept C:
Select all Boxes
Then click More Options
Here click System Restore and OK to "Are you sure" and the OK to Run.
As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.
It clears what is known as Shadow copies which are used by specialized back up programs.
This is if you have the Volume Shadow Copy running which is the default.
Only after the above redownload SAS install update and run attach log.
All of above in Safe Mode networking.
----------------------------------------------------------------------------------------------------------------------------------
Boot back to Normal Mode
Download Dial-A-Fix (DAF)
http://wiki.djlizard.net/Dial-a-fix#...C_and_articles
http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip
Have XP CD available in case DAF needs a file.
Check all boxes on the screen (clear any restrictions if it shows any)
Then click GO!
When the entire page is finished click the HammerHead at bottom to go to the second DAF page.
Here 1 at a time do the below
Flush DNS
Flush icons
Process idle Tasks
Reinstall Automatic Updates Service
Reinstall BITS
Reinstall Defrag
Reinstall Help and Support service
Reinstall Windows Firewall
Repair Permissions
Watch for any File not found or other errors and make note as this may lead to something needing to fixed!
Then,,
Download the full offline SP3 install from here.
http://www.microsoft.com/DownLoads/...a8-5e76-401f-be08-1e1555d4f3d4&displaylang=en
Then turn off items as indicated above and install SP3!
When finished plug cable back up and reboot, when back up run in the order below..
Paranoid check!
Update MBAM run Quick Scan
Update SAS run Quick scan
Run ComboFix
Then from Safe Mode run SDFix
Post all logs.
Mike
Well I was just indicating that NOD had found a trace of the virut.56 in a rar file. It said it could not be quarantined then I manually deleted the rar file off that and the flash drive. Then until this point it found one more trace and successfully was cleaned. It also did not finish because NOD doesn't manually clean/delete/quarantine/ignore files until you verify which to do by a pop up. So it is only at oracle right this second. Still a lot to go hopefully clean. Then I'm not going to be here at all today until at least 8 tonight so I'm going to run another Dr.Web to be completely sure that its gone. I don't wanna do all that and then find out I have to do it all over again. Will let you know how it goes!
Alright so I ended up running two more Dr.Web's complete. And in the middle of running a 3rd NOD32 scan. I'm pretty sure were good to go. So far on this scan NOD has only picked up a few viruses, which are the ones quarantined in rar files by Dr.Web. NOD has picked up a few Virut traces but from what I can see all of them are in rar files which I would image we do need to remove, besides the quarantined ones unless those should be removed as well? But if you think I'm ready for the next step let me know. Both Dr.Web scans were clean, if you'd like the NOD32 logs let em know.
I would clean all Quarantines and delete any zips/rar files that still contain issues if possible.
If there are important files and you think it is important I would extract them on another drive or partition and scan again immediatly with DrWeb.
Yeah just in case I see something you don't postthe no32 logs.
Mike
If there are important files and you think it is important I would extract them on another drive or partition and scan again immediatly with DrWeb.
Yeah just in case I see something you don't postthe no32 logs.
Mike
What should I do about rar files in system volume info. I had given myself access to it for a previous clean a while back. But let me know what you suggest. A lot of the rar files in there are the only remaining sources of the viruses. This NOD32 scan is pretty clean for the most part. Dr.Web has picked up some others. All in sdfix's quarantine.
We are not completely finished but close enough to do the closing. part of this clears System Restore (System Volume Information).
But first Update and run Quick scans in MBAM and SAS SDFix and ComboFix. With what all you had just being Paranoid..
Thread Closing-------------------------------------------------------------------
Some of these tools update so often they require downloading again later if needed. But keep and run MBAM and SAS to maintain.
Remove ComboFix
Start-Run
type
combofix /u
Hit enter or click OK.
Please download OTCleanIt http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe
Save to desktop.
This will remove all the tools we used to clean your computer.
Double-click OTCleanIt.exe. Click CleanUp. Yes to the "Begin cleanup Process?"
Approve all if prompted by Firewall. Approve Widows Defender or other guards or security programs while OTCleanIt attempting access to the Internet to allow all.
If prompted to Reboot click, Yes.
OTCleanit will delete itself when finished, If not delete it by yourself.
-------------------------------------------------------------------------------------
Run CCleaner http://www.ccleaner.com/download/builds (get SLIM at bottom no Yahoo toolbar)
Run twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.
Run ATF-Cleaner http://majorgeeks.com/ATF_Cleaner_d4949.html Temp and Registry, repeatedly until no more found.
KCleaner ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
Fantastic cleaner. (When installing uncheck Relevant Knowledge do not install)
-------------------------------------------------------------------------------------
The issues can and are likely found is in System Restore so do the below
Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "After cleanup at TechSpot".
Then Start-Programs-Accessories-System Tools-Disk Cleanup
Click OK to accept C:
Select all Boxes
Then click More Options
Here click System Restore and OK to "Are you sure" and the OK to Run.
As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.
It clears what is known as Shadow copies which are used by specialized back up programs.
This is if you have the Volume Shadow Copy running which is the default.
-------------------------------------------------------------------------------------
Every two weeks or so, run MBAM and SAS until clean.
They take a while, so leave scanning while you are sleeping working or watching TV. If not done under the gun they can be scheduled not to interfere with computer time.
If they find something they can not clean, then get back to us.
Additionally run CCleaner. ATF-Cleaner and KCleaner.
----------------------------------------------------------------------------------------
I have been using ThreatFire for more than a year, it just went from ver 3 to ver 4.
It was designed to be used with and to co-exist with other Virus scanners.
Additionally it uses a totally different process to protect. While conventional Virus scanners work from definitions ThreatFire works on recognizing Virus/Malware activity.
It's like looking at it with 2 sets of eyes and from a different angle.
It works like some Firewalls do to learn what is good/bad.
After install it will ask you about everything that could be a security issue. For example the first time you run IE or FireFox it will prompt you. You would answer to approve and remember the setting. From then on no more prompts about IE or FireFox unless the exe changes like in an update.
As it queries you about the prompt to help you determine to approve or not you can google it with one click.
http://www.threatfire.com/Download/
-------------------------------------------------------------------------------------
Look at http://www.javacoolsoftware.com/spywareblaster.html
Run SpyBot ocassionally and use the Immunize function.
http://www.safer-networking.org/en/download/
I highly reccomend Hostman: Hostman http://majorgeeks.com/HostsMan_d4592.html
Download install run and allow it to disable DNS Client and select all Host files and then Update and install all host files.
A Disk Scan (chkdsk) and Defrag are in order.
Mike
But first Update and run Quick scans in MBAM and SAS SDFix and ComboFix. With what all you had just being Paranoid..
Thread Closing-------------------------------------------------------------------
Some of these tools update so often they require downloading again later if needed. But keep and run MBAM and SAS to maintain.
Remove ComboFix
Start-Run
type
combofix /u
Hit enter or click OK.
Please download OTCleanIt http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe
Save to desktop.
This will remove all the tools we used to clean your computer.
Double-click OTCleanIt.exe. Click CleanUp. Yes to the "Begin cleanup Process?"
Approve all if prompted by Firewall. Approve Widows Defender or other guards or security programs while OTCleanIt attempting access to the Internet to allow all.
If prompted to Reboot click, Yes.
OTCleanit will delete itself when finished, If not delete it by yourself.
-------------------------------------------------------------------------------------
Run CCleaner http://www.ccleaner.com/download/builds (get SLIM at bottom no Yahoo toolbar)
Run twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.
Run ATF-Cleaner http://majorgeeks.com/ATF_Cleaner_d4949.html Temp and Registry, repeatedly until no more found.
KCleaner ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
Fantastic cleaner. (When installing uncheck Relevant Knowledge do not install)
-------------------------------------------------------------------------------------
The issues can and are likely found is in System Restore so do the below
Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "After cleanup at TechSpot".
Then Start-Programs-Accessories-System Tools-Disk Cleanup
Click OK to accept C:
Select all Boxes
Then click More Options
Here click System Restore and OK to "Are you sure" and the OK to Run.
As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.
It clears what is known as Shadow copies which are used by specialized back up programs.
This is if you have the Volume Shadow Copy running which is the default.
-------------------------------------------------------------------------------------
Every two weeks or so, run MBAM and SAS until clean.
They take a while, so leave scanning while you are sleeping working or watching TV. If not done under the gun they can be scheduled not to interfere with computer time.
If they find something they can not clean, then get back to us.
Additionally run CCleaner. ATF-Cleaner and KCleaner.
----------------------------------------------------------------------------------------
I have been using ThreatFire for more than a year, it just went from ver 3 to ver 4.
It was designed to be used with and to co-exist with other Virus scanners.
Additionally it uses a totally different process to protect. While conventional Virus scanners work from definitions ThreatFire works on recognizing Virus/Malware activity.
It's like looking at it with 2 sets of eyes and from a different angle.
It works like some Firewalls do to learn what is good/bad.
After install it will ask you about everything that could be a security issue. For example the first time you run IE or FireFox it will prompt you. You would answer to approve and remember the setting. From then on no more prompts about IE or FireFox unless the exe changes like in an update.
As it queries you about the prompt to help you determine to approve or not you can google it with one click.
http://www.threatfire.com/Download/
-------------------------------------------------------------------------------------
Look at http://www.javacoolsoftware.com/spywareblaster.html
Run SpyBot ocassionally and use the Immunize function.
http://www.safer-networking.org/en/download/
I highly reccomend Hostman: Hostman http://majorgeeks.com/HostsMan_d4592.html
Download install run and allow it to disable DNS Client and select all Host files and then Update and install all host files.
A Disk Scan (chkdsk) and Defrag are in order.
Mike
I'm not really sure how to get the NOD32 log. It was enabled to save as nod32.log. I searched for it and couldn't find it. Installer works (Not sure about from add&remove) but it did uninstall the old SAS when I was prompted that there was an older version installed. SAS and SDFix sent me to the blue screen. So here are the two other logs, Combo and MBAM.
Nod32 log does not work lately?
Uninstall then redownload and reinstall SAS.
Delete the SDFix folder that contains runthis.bat and the install on your desktop, then redownload and install and run.
A new ComboFix was issued on 2/28 so if you uninstalled as part of the closing above redownload it and run again as it had finding I did not expect!
We need to bring this together inorder to have you ready for classes.
Mike
Uninstall then redownload and reinstall SAS.
Delete the SDFix folder that contains runthis.bat and the install on your desktop, then redownload and install and run.
A new ComboFix was issued on 2/28 so if you uninstalled as part of the closing above redownload it and run again as it had finding I did not expect!
We need to bring this together inorder to have you ready for classes.
Mike
I still have the old combo called 12cbf34 on my desktop from before. But I didn't use it I downloaded a new one because the uninstall wouldn't work it says no such program called combofix. And I did delete that folder of sdfix and reinstall and did remove SAS and reinstall and same outcomes.
The combofix I downloaded today uninstalled after use. Along with the same for SDFix but SDFix went to blue screen, yet still uninstalled. The old combofix won't uninstall and when it runs it doesn't go through the steps like combofix normally does on a scan. It just opens says most machines take about 10 minutes badily infected machines can take longer. Says its scanning. Then eventually produces a log and reboots. I uninstalled then deleted all traces of SAS, downloaded again and still sent me to the blue screen.
EDIT: Also noticed that this file of the MBAM log; C:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
Was one of several I myself deleted 1 through 50.tmp's from the sys32 folder at the start of all this when I realized that those were the processes starting up when I would go on the internet. Prior to when I reposted about the infections coming back.
EDIT: Also noticed that this file of the MBAM log; C:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
Was one of several I myself deleted 1 through 50.tmp's from the sys32 folder at the start of all this when I realized that those were the processes starting up when I would go on the internet. Prior to when I reposted about the infections coming back.
I took that line out of the mbam log I posted up a few posts. The one with the combofix. I removed SAS through add and remove I'm going to try reinstall and run again.
EDIT: SAS once again sent me to the blue screen. Whats next? I'm gonna run another combofix again I just redownloaded it, although 12cbf34 is still there because it will not remove, will deleting it off the desktop be good enough or no?
EDIT: SAS once again sent me to the blue screen. Whats next? I'm gonna run another combofix again I just redownloaded it, although 12cbf34 is still there because it will not remove, will deleting it off the desktop be good enough or no?
- Status
- Not open for further replies.
Similar threads
- Replies
- 1
- Views
- 414
- Replies
- 24
- Views
- 672
Latest posts
-
Nokia phone-maker HMD launches its first self-branded mobile devices
- midian182 replied
-
Apple expected to unveil new iPads at upcoming May 7 event
- toooooot replied
-
-
TechSpot is dedicated to computer enthusiasts and power users.
Ask a question and give support.
Join the community here, it only takes a minute.