Can't complete the 8 steps

By Calinks
Mar 4, 2009
  1. Hello fellas. Don't know what happened over the past couple of days but my PC is a mess. I got serious pop up issues and problems and nothing seems to work. I decided to seek you guys out and I started the 8 steps earlier today.

    After about an hour into the Malwarebytes' Anti-Malware and SuperAntiSpyware programs my screen goes all blue and I get a message saying that Windows is shutting down and dumping memory or something. The screen is locked on this and there is nothing can do but restart my PC. I can't even finish the 8 steps right now it seems. What should I do?

    Ok I got an update. I decided to try running all of my programs offline. I wasn't sure if that message was bogus or not because it only popped up when I was running anti-virus programs. I unplug all Internet connectionsions and ran AMalwareware and Super ASpywareware again and they went through. I'm going to try and complete the other steps offline as well.

    Ok I was able to complete everything. I see some improvements already but I am sure there is some craziness lurking around my PC somewhere. Earlier I couldn't navigate the internet, it was as if I was being blocked. Here are the attached scans.

    Anti-Spyware didn't detect anything on it's last run but I have had it run before that, it was just never able to complete. I canceled once about 40 minutes in to delete what I could before my computer told me to restart. I can find attach one of those older logs as well if they will help.

    Attached Files:

  2. cubyong

    cubyong TS Rookie Posts: 45

    ow, nasty vundo trojan you got there. well, you did not take any actions with MBAM which you should. Remove those threats, run scans again and then post logs. After that, you just need to wait before someone more professional will help you using combofix and sdfix.
  3. Calinks

    Calinks TS Rookie Topic Starter Posts: 28

    Do I have to run MBAM and scan again to take action?

    Thanks for the help, this thing has been pretty bad!

    Ok I have run everything again. I did it offline and it worked again. Here are my logs.
  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    How attached are you to Norton Antivirus?
    I ask this because some users say they just paid up their subscription.
    But sadly this Antiirus is not one of the better ones, and generally slows users computers down
    Think of it this way, it didn't even protect you this time. (not uncommon, for the worst Antivirus ever made)

    Anyway, here's what I'd suggest ;)

    Uninstall Symantec (Norton) Antivirus
    Run the Norton Removal tool

    Run Startup Control Panel and remove any not required startups: (should be most!)

    Install Avira free AntiVirus

    * Start up Malwarebytes again; Update it; then run a full scan (remove all found Malwares)
    You need to run this multiple times, until all hidden Malwares are uncovered and removed

    * Now I say Malwarebytes again (3rd time) only because, whilst Avira Antivirus is protecting you it is likely that during the Malwarebytes scan, Avira will also detect and remove Viruses as well (the ones that Norton missed ;) )

    Anyway, how does that sound :)
  5. Calinks

    Calinks TS Rookie Topic Starter Posts: 28

    I got Norton for free through school but I have never really been a huge fan of it. I'm not attached, if you guys suggest something else and its free I'll move on. I'm going to bed now but I'll follow your suggestions tomorrow. Thanks again for the help. I hope to nip this in the bud!
  6. cubyong

    cubyong TS Rookie Posts: 45

    well for me, i'm using avast! for my anti-virus. i also have SAS, MBAM, ad-aware anniversary ed. and threatfire. avira is good as well but don't bother with avg, it's not as good. had one before and i didn't like it at all.
  7. Calinks

    Calinks TS Rookie Topic Starter Posts: 28

    OK so I dumped Norton and got avira. I ran avira and Malwarebytes again. My malwarebytes seems to have exited out? Avira found some threats, I didn't know what I should have done with them. Delete? Deny access? What should I choose? I denied most and deleted some. Here is the report.
  8. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Quarantine would be the word ;)

    Well among the ones removed, here was one of them:
    Incredible that Norton would miss such a big one as that.

    Anyway, how does it seem to be performing now?
  9. Calinks

    Calinks TS Rookie Topic Starter Posts: 28

    Well things are certainly better. My Malwarebytes just popped up out of nowhere with a finished scan. I started running it earlier today and didn't know where it went but here it is. I attached the log. It found 3 more so I assume I should scan again?

    Also, my PC has been much better since the initial scans but I can still tell something is amiss. Some google links take me to different sites, I haven't seen any of this since I got home today after these two latest scans but I haven't tried anything online.

    And yes, Norton is looking pretty sorry right now. It missed a bunch a stuff. It's like having Yao Ming try to defend Tony Parker on the perimeter, everything gets by.

    I just got a message saying that some Windows files have been deleted and that I should insert Window XP again. Should I do it?

    Attached Files:

  10. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    sorry for the wait -> Yes
  11. Calinks

    Calinks TS Rookie Topic Starter Posts: 28

    Ok for some reason the XP CD seems to have vansihed so I am having trouble locating it. I'll post again after I have found it and run the programs again.

    Ok if I can't find the cd would a system restore work?
  12. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Try pressing ok to allowing Windows setup CD to be run (which you don't have)
    Then try ok again, and you then might be able to browse

    Browse to either:

    C:\WINDOWS\Driver Cache

    Both these folders contain the i386 folder, where hopefully the missing Windows files exist
  13. Calinks

    Calinks TS Rookie Topic Starter Posts: 28

    Ok well my options right now are retry/More information/cancel

    and I can get to the i386 folder right now.

    I can currently browse anything I want. I don't know which file is missing though.
  14. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Well after Retry Retry Retry usually you are given the option to browse (not always (actually I thought it was ok ok, but can't remember, as I have my CD !)

    XP Home:
    XP Pro:

    You can even contact MS and state your CD is damaged or missing, to get a new one
    (but you need the authentic key of course, for your specific version).

    There is also the possibility that you have a Restore CD (which may not look like the original Xp Setup CD)
    Or you could contact your computer hardware manufacture to have this Restore CD replaced (or sold back to you)

    Or you could have a hidden partition on your HardDrive holding the "image" of Windows Xp
    Usually being accessed by some Function button (best to contact the hardware manufacture on this too)
    Or you could download Gparted live BootCd and check if you possibly have this "hidden partition"
  15. Calinks

    Calinks TS Rookie Topic Starter Posts: 28

    Ok, I'm going to keep searching but if I can't find it I have another option. About 7 months ago I bought a discounted Windows vista through my university. I was going to install it but never did because I felt like I didn't need it. Well now sounds like it might be a good time to upgrade lol. But of course with the malware stuff going on I'm not sure if I should or not. What do you think?

    Avira also said something like if a file is deleted it can bring it back. I think whatever file my windows is missing got erased when I hit delete on the avira clean. Can I reverse that?
  16. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Well I don't want two emails everytime you post
    It takes longer for me to reply trying to sort through it, I get about 100 emails a day, so you may be able to respect that. Use Edit if your post is still the last post in the thread

    Anyway, what I'd do in your case is backup by using a live boot CD like UBCD (you can back up to USB flash or CD or DVD

    Then load the Vista disc and wipe everything
  17. Calinks

    Calinks TS Rookie Topic Starter Posts: 28

    Sorry about that. I thought that maybe you wouldn't see my replies if I simply hit edit. Now that i know you can still see that I posted again I will edit my current post. Ok. I'll let you know when something comes up. Again thank you so much for the help.

    Ok, new update.

    Someone suggested that i re-install windows SP3 and that should fix the problem. I did and my error message went away so I think that problem is solved now.

    I ran the scans again and here are the logs.
  18. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Well it didn't fix it exactly. You have "Netsky" infection

    Start up HJT scan, and tick the following 3 entries:
    Then select Fix
    Then restart to Safe Mode and locate: zejidefu.dll
    An easy way to find this, Start->Run-> C:\WINDOWS\system32
    Then go all the way to the bottom, and find zejidefu.dll and right click on it and select delete

    Restart to Normal mode again
    Download the Netsky removal tool:
    More info here:

    Disable System Restore:
    Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 and then press Enter
    * Tick on the checkbox - Turn off System Restore on all drives
    * Click Apply

    Then run the removal tool

    Report back on findings
  19. Calinks

    Calinks TS Rookie Topic Starter Posts: 28

    Alright, I went into safe mode but the zejidefu.dll file was no where to be found. I even did a search for it and nothing came up. After that I didn't do your next step, I just came back here. Should I still do the next step or do something else?
  20. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Yes, please continue on
    Also it is possible that file was hidden, ie when doing a Search did you search hidden and system files too? (anyway don't answer this, just run the tool)

    Once done (if it finds and removes malware or not) you may need to all Windows Updates, to secure your system better ;)
  21. Calinks

    Calinks TS Rookie Topic Starter Posts: 28

    Ok I ran it and it told me it didn't find anything. :( I hope it isn't hiding out and alluding the scan? what's this about Windows updates? What should I do next?
  22. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Download Combofix
    Lots of info on its use h e r e
    Direct download h e r e

    Locate the downloaded Combofix. Double click on it to run, answering any prompts along the way
    Note: during Combofix scan (lasting up to 10mins) your Desktop and clock may reset (all normal)
    ComboFix will also restart your computer (eventually) and then (eventually) create a log

    Save this log file to be attached to a new reply

    Also do another scan with HJT (scan and log file) and attach this to a new reply as well

    Whilst waiting for my reply, you may want to re-open Malwarebytes; update it again; and then run another full scan (I'm thinking there may still be more uncovered malwares to remove) I would do this ;)
  23. Calinks

    Calinks TS Rookie Topic Starter Posts: 28

    Alright ran the two scans, here are the results.
  24. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    ok good :grinthumb

    To remove Combofix

    Start->Run-> combofix /u

    Clear system restore points

    • Clear your existing system restore points and establish a new clean restore point:
      • Go to Start > All Programs > Accessories > System Tools > System Restore
      • Select Create a restore point, and Ok it.
      • Next, go to Start > Run and type in cleanmgr
      • Select the More options tab
      • Choose the option to clean up system restore and OK it.
      This will remove all restore points except the new one you just created.
  25. Calinks

    Calinks TS Rookie Topic Starter Posts: 28

    Never mind. Ok I have done that. What's next?
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...