I've got winbo32.exe, a.bat, and bsod's. HELP ME PLEASE

Status
Not open for further replies.
Hi,

As kitty suggested, kerio is a very good firewall. The problems you faced occurred because of conflicts with windows firewall (we never recommend running two firewalls at any one time because of such potential problems) It is up to you to give that program a chance though.

Should you wish to remove it totally from your system, please post a hijackthis log and combofix log.


Regards,
Your friendly momok =)

This thread is for the use of Jandizz only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
After doing some research and having some common sense, I changed my mind, I'm just gonna re-install kerio and hope everything works. Wish me luck.
 
Cool. I hope it goes well for you.

It is strongly recommended to turn off the Windows firewall before reinstalling Kerio. As momok said, your problem was caused by the two firewalls conflicting.

Regards :)
 
Installed Kerio again, internet didnt work, didnt want to put up w/ it so I uninstalled it and i had the same problems as before with the internet not working upon start up. Attached my logs. Just wanna get rid of Kerio.
 
Hi,

Your system has been reinfected.

The Kerio Winroute Firewall you have been using is designed for corporate use. I would be inclined to believe default settings are set to disable internet access for certain use, since the corporate settings requires office workers to not use the internet for anything other than official reasons. Therefore I would believe this to be the cause of your internet problems previously. The right firewall to use would be Kerio personal firewall, which is one of the best amongst 2 others I recommend for home users and comes out tops in several online reviews.

I also notice traces of AVG Antivirus Plus firewall on your system. Please let me know if you are still running that and if you wish to remove it. If not, I would still recommend you install a firewall (either of this 3 - Zonealarm, Kerio, Comodo)

You may wish to copy and paste these instructions on notepad for easier reference later.

Download the attached "CFScript.txt" (from my attachment) and save it to the same folder as Combofix.

Boot into safe mode under your normal user name. See how HERE
Next turn on "Show all files and folders, including hidden and system". See how HERE

  1. Go to start > run and type msconfig. Press the enter key.
    Search for the following services and disable from startup by unchecking the box beside it.

    InstallShieldSetup
    InstallShieldSetup1
    WrCtrl


    1. Go to start > run and type services.msc. Press the enter key.
      Search for the following services. Double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

      Kerio WinRoute Firewall

    2. After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):

      O1 - Hosts: 66.98.148.65 auto.search.msn.com
      O1 - Hosts: 66.98.148.65 auto.search.msn.es
      O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{53550~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{53550~1\reboot.ini -l0x9
      O4 - HKLM\..\RunOnce: [InstallShieldSetup1] C:\PROGRA~1\INSTAL~1\{53550~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{53550~1\reboot.ini -l0x9
      O4 - HKCU\..\Run: [WrCtrl] "C:\WINDOWS\WinRoute Firewall\wrctrl.exe"
      O23 - Service: Kerio WinRoute Firewall (WinRoute) - Unknown owner - C:\WINDOWS\WinRoute Firewall\winroute.exe (file missing)

      Close HJT.

    3. Referring to the image below, drag the CFScript.txt that you downloaded earlier over on to Combofix.exe and release.

      CFScript.gif


      This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job. Attach the resultant log in your reply.

    4. Reboot into normal mode and rehide your protected OS files.

    Thereafter, please post fresh HJT, ComboFix and AVG Antispyware logs from normal mode as attachments into this thread.


    Regards,
    Your friendly momok =)

    This thread is for the use of Jandizz only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Hi,

I think you've posted the wrong ComboFix file hehe. Do post your ComboFix.txt in your next reply.
PS. Are you running the AVG Antivirus plus firewall?

Regards,
Your friendly momok =)

This thread is for the use of Jandizz only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
my bad, and no i realized that im not using any firewall right now so i turned the windows one back on.
 
Hi,

Please follow these instructions carefully.

1. Download The Avenger by Swandog46 from HERE. Save it to your Desktop and extract it.

2. Download the attached "avengerscript.txt" (from my attachment) and save it to your desktop

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by double clicking on its icon on your desktop.

Under "Script file to execute" choose "Load script from file".
Now click on the folder icon which will open a new window titled "open Script File"
navigate to the attachment avengerscript.txt you have just downloaded, click on it and press open.
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please attach the content of c:\avenger.txt into your reply, as well as a fresh HJT and ComboFix log.


Regards,
Your friendly momok =)

This thread is for the use of Jandizz only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
I followed all of the directions and when i use avenger and click the folder icon to locate the script the program closes and nothing happens. I also tried typing the path of the script in and it says it cant find it. Should i be in safe mode or something?
 
Hi,

This is very strange indeed. Have you tried downloading avenger again as well as my attachment? Put both files in desktop. The program does not need safe mode to run. If you still can't run it, please try it in safe mode to see if it works.


Regards,
Your friendly momok =)

This thread is for the use of Jandizz only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.
Back