Inactive General trouble - 8 steps conducted

Status
Not open for further replies.
Since you do no mention removing this pirated program, Cyberlink.PowerDVD.Deluxe.v8.0.1531 and since no specific issues remain:

Remove all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
    [*]Choose Disc Cleanup
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


Empty the Recycle Bin

A tip for you: before downloading any program, examine the screen for any pre-checked boxes. These are usually for things like toolbars> the Ask Toolbar being a frequent offender. Uncheck any of the boxes before you download.
 
Thread is being reopened at your request.

Please tell me what malware related problems persist> is it just the redirects?
My Reply #8 requested that you download and run Combofix. No log was given or comment that you could not run it. Please run as requested and leave log in next reply.
==================================
You had malware Rogue.ErrorFix. This is actually showing in the installed programs. If it's still on the system, it's possible you made be seeing notice of error that do not really exist. This has been picked up by many FaceBook users and spread to other users. This is what I posted here:

There is a rogue program, named Error Check System making the rounds of Facebook Members-- non-Facebook members
Facebook members may get an error message in the notifications section that reads "(Friend's name) has faced some errors when checking your profile View The Errors Message."

This program 'invents' an error, instructing the user to click on a link to fix it. The error may show you have no programs or it may indicate your computer is locked. Neither of these "errors" are true. "The warnings are fake and a viral attempt to spread the application and recruit more Facebook users" according to Graham Cluley, a senior technology consultant with Sophos.

Do NOT take any action to 'fix' the 'error'. If you are a Facebook member, do this:
Uninstall it by using the Edit tab in the Applications section of their Facebook profile.
:
"This is an important reminder to all Facebook users that they must exercise caution about which third-party applications they install on their profile, and everyone should remember that Facebook does not approve applications before they are made available on their site," Cluley wrote and "You really are putting your trust in complete strangers when you add that next application to your Facebook profile."
However, non-Facebook members are at risk as well. A Web search of "Error Check System" will yield a link to a site that contains code that will initiate a fake virus scan and try to fool users into installing malware disguised as antivirus software,

Sophos identified the malware as Sus/FakeAV-A and Troj/FakeAV-LL.

I have seen the 'missing programs' log and the 'locked out' message log. Both were false and could be fixed but put the users in a high state of panic! What is most important is that you do not act on these fake error messages or click on any script to 'fix' the problem
,

In order to address your particular problem, I need to know what it is.
 
This thread was reopened at you request. However, you have not replied in 5 days. I'll give you a couple more days, then it will be closed again and not repened.
 
I keep trying to run Combofix, but it bluescreens each time. I have attached the relevant files where possible which the computer informs me can help tell what the problem was when the computer starts again. The names of the others are included, even though I can't access them.

C:\Windows\Minidump\Mini041711-03.dmp
C:\Users\Paul\AppData\Local\Temp\WER-82437-0.sysdata.xml

C:\Users\Paul\AppData\Local\Temp\WER67F7.tmp.version.txt:

Windows NT Version 6.0 Build: 6002 Service Pack 2
Product (0x3): Windows Vista (TM) Home Premium
Edition: HomePremium
BuildString: 6002.18327.x86fre.vistasp2_gdr.101014-0432
Flavor: Multiprocessor Free
Architecture: X86
LCID: 1033

It should be noted that my system in fact is a dual-core machine.
There were two other files, but they could not be accessed, even as an Administrator.
 
I forgot to mention the troubles I'm having:
1 - still can't use search results directly; it always diverts to some advertisement site.
2 - occasionally, some random clippet of sound will play, and I haven't the faintest idea where it's coming from. It's usually about 20 seconds long.
 
mbam-log-2011-04-05 (16-22-01).txt>> Show all entries removed by OTM

Eset log # utc_time=2011-03-17 02:02:33>>Shows the original entries before OTM

Update and new Eset scan were requested:
The purpose of the update is NOT to produce a new log- it is to add entries to the database if any new ones have been added since the scan was run previously.
Occasionally, Eset will not produce a log if no entries are found. But the log date, if provided, will always be the date you ran the scan.
=================================
You started this thread a month ago and sometimes there was a week between your replies. If we are going to attempt to clean this system, we need to get it done. I can't keep a thread open for you to pop in occasionally. I closed the thread after 6 days passed with no reply, then reopened it as your request.
=================================
**************Reboot the computer before starting the following*********************

Please update and repeat the Malwarebytes scan. Understand there here too, the update is to add entries to the database if there are new ones.
================================
NOTE: If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode:
Boot into Safe Mode
  • Restart your computer and start pressing the F8 key on your keyboard.
  • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
-or-
2. Delete Combofix file, download fresh one, but rename combofix.exe to
sunday.exe BEFORE saving it to your desktop.
Do NOT run it yet.
3. Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
  • Rkill.com
  • Rkill.scr
  • Rkill.pif
  • Rkill.exe
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following>>>>.

Please download exeHelper by Raktor and save it to your desktop.
  • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
  • A black window should pop up, press any key to close once the fix is completed.
  • A log file called exehelperlog.txt will be created and should open at the end of the scan)
  • A copy of that log will also be saved in the directory where you ran exeHelper.com
  • Copy and paste the contents of exehelperlog.txt in your next reply.

Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).

Rkill instructions
*************************************
Once you've gotten one of them to run, immediately double click on sunday.exe to run..

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.
=================================
Note: Please remember to take Word Wrap off in Notepad.
 
Status
Not open for further replies.
Back