TechSpot

Completed 8 Steps for Virus Removal

By Texaus
May 29, 2009
  1. Greetings,

    Experiencing trouble with PC. I've done the 8-steps a while back on a different machine and it worked like a charm.

    Logs that are attached are after 2 or three go-rounds with MBAM and Avira. First time M-Bam and Avira were ran they found and removed many nasties. Is PC clean now.

    This pc has two user profiles. Internet explorer works just fine on one of them and will not load web pages on the other. Outlook still sends and receives on both profiles, so don't think it's a connection issue. Did not do this before infection so I think I still have something hangin around.

    Much Thanks!
     
  2. touch

    touch TS Rookie Posts: 978

    Hello Texaus

    Download HostsExpert: http://www.majorgeeks.com/Hoster_d4626.html

    Choose one of the servers at Majorgeeks....save the file on your desktop

    Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
    Run HostsXpert 4.2 - Hosts File Manager from its new home
    Click on "File Handling".
    Click on "Restore MS Hosts File".
    Click OK on the Confirmation box.
    Click on "Make Read Only?"
    Click the X to exit the program.

    Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

    Reboot, attach new hijackthis log and tell how things are running ?
     
  3. Texaus

    Texaus TS Rookie Topic Starter Posts: 50

    Thanks, will do after weekend when back at pc in question.
     
  4. Texaus

    Texaus TS Rookie Topic Starter Posts: 50

    Downloaded and followed directions for HostsExpert using user profile that IE works with. Rebooted and IE still no worky on other profile. Tried running HostsExpert from that profile and received following error: "ERROR: Cannot create file C:/windows/system32/Drivers/ETC/hosts"

    Attaching new log...
     
  5. touch

    touch TS Rookie Posts: 978

    Have you the administrator account on that profile ? It is necessary you have.
     
  6. Texaus

    Texaus TS Rookie Topic Starter Posts: 50

    Yes, both profiles are designated "Computer Administrator".
     
  7. touch

    touch TS Rookie Posts: 978

    Ok. Open C:/windows/system32/Drivers/ETC/hosts with notepad and copy the content of the file in next reply.
     
  8. Texaus

    Texaus TS Rookie Topic Starter Posts: 50

    Here you go....

    # Copyright © 1993-1999 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a "#" symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host
    #
    127.0.0.1 localhost
     
  9. Texaus

    Texaus TS Rookie Topic Starter Posts: 50

    After a little more thought I think I should clarify what was done with HostsExperts a little better...

    I downloaded and ran HostsExperts from the "good Internet" profile - it worked fine. I then rebooted and tried internet on other profile; internet explorer still did not work, so I tried running HostsExperts again from "bad internet" profile - this is when I received error that I mentioned. I think the error might be happening because of the fist time I ran HostsExpert I ticked "make read only". The files HostsExpert messes around with are common to both profiles, correct?
     
  10. touch

    touch TS Rookie Posts: 978

    Correct ;)

    The Hosts file looks normal.

    I assume we are on the other profile now ? If we are, I´ll suggest you run the 8 step guide, and attach the log´s.
     
  11. Texaus

    Texaus TS Rookie Topic Starter Posts: 50

    Here are the new logs...
     
  12. touch

    touch TS Rookie Posts: 978

    They looks clean. How are things running on this profile ?
     
  13. Texaus

    Texaus TS Rookie Topic Starter Posts: 50

    It runs fine and I have no doubt it's clean now. However, ie still does not work on that one profile. I'm guessing the malware changed something around with the settings and I need to somehow figure out what. :confused:
     
  14. touch

    touch TS Rookie Posts: 978

    What happen excactly, when you will run IE, and which version is it - IE7 or IE8 ?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...