TechSpot

Serial99 Infection. Help Needed!

By bemerson
Dec 17, 2007
  1. Hello my name is Ben and my computer (Vista) has been infected with serial99. I have read several threads by others with the same problem and followed the advice given there. This includes following the instructions on the "Viruses/Spyware/Malware, preliminary removal instructions" thread, running complete scans with SS&D, Ad-Aware 2007, SuperAnti-Spyware, HijackThis and my anti-virus Trend Micro PC-cillin, and searching for various programs on the Add/Remove list. This has removed some of the malware but I still cannot run some programs as system administrator. This is the only remaining symptom that I can identify. Any help would be greatly appreciated.
    Thankyou,
    Ben.
     
  2. momok

    momok TS Rookie Posts: 2,265

    Hi bemerson and welcome to techspot.

    Since you have followed the 15 steps, could you please post the required logs?

    Regards
    momok
     
  3. bemerson

    bemerson TS Rookie Topic Starter

    Here are the logs:
     
  4. bemerson

    bemerson TS Rookie Topic Starter

    Oh, and the AVG Antirootkit programme did not find any rootkits.
     
  5. bemerson

    bemerson TS Rookie Topic Starter

    Could somebody please analyse the attached logs????
     
  6. evilfantasy

    evilfantasy Banned Posts: 428

    Download SDFix.exe and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following:
    * Restart your computer
    * After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    * Instead of Windows loading as normal, the Advanced Options Menu should appear;
    * Select the first option, to run Windows in Safe Mode, then press Enter.
    * Choose your usual account.
    * Open the extracted SDFix folder and double click RunThis.bat to start the script.
    * Type Y to begin the cleanup process.
    * It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    * Press any Key and it will restart the PC.
    * When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    *] Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard).
    * Finally add the contents of the Report.txt in your next post as an Attachment.
     
  7. bemerson

    bemerson TS Rookie Topic Starter

    RunThis.bat is not working. When I click on it the small blue window flashes on the screen but does not remain open.
     
  8. songster

    songster TS Rookie

    Not sure whether SDFix is compatible with vista yet. At least it wasn't a little while ago. Maybe you should check with the developer, AndyManchesta.
     
  9. evilfantasy

    evilfantasy Banned Posts: 428

    Run the BitDefender Online Scanner
    Click I Agree to the license and then select Click here to scan
    DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED.
    That will make your logs huge and we don't need to see clean files.

    Once Bitdefender completes the scan:
    Click-on the Detected Problems tab.
    Then select Click here to export the scan report

    When the window comes up to save the report, change the Save as type: box to:
    Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save

    This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it.
    (take notice of where you save it so you can find it later)

    This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.

    If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us

    Post the bdscan.txt file as an Attachment.

    ----------

    Download Superantispyware (SAS) SUPERAntispyware Free Edition

    Install it and double-click the icon on your desktop to run it.
    * It will ask if you want to Update the program definitions, click Yes.
    * Under Configuration and Preferences, click the Preferences button.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked:
    • Close browsers before scanning
    • Scan for tracking cookies
    • Terminate memory threats before quarantining.
    • Please leave the others unchecked.
    • Click the Close button to leave the control center screen.
    * On the main screen, under Scan for Harmful Software click Scan your computer.
    * On the left check C:\Fixed Drive.
    * On the right, under Complete Scan, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete a summary box will appear. Click OK.
    * Make sure everything in the white box has a check next to it, then click Next.
    * It will quarantine what it found and if it asks if you want to reboot, click Yes.
    * To retrieve the removal information please do the following:
    • After reboot, double-click the SUPERAntiSpyware icon on your desktop.
    • Click Preferences. Click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Save the notepad file to your desktop by clicking (in notepad) "File" "Save As"
    * Save the log somewhere you can easily find it. (normally the desktop)
    * Click close and close again to exit the program.
    * Please add the log as an attachment along with a new HijackThis log in the next post.

    ----------

    Next post please attach
    bdscan log
    SUPERAntiSpyware log
    New HijackThis log
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...