also @ TechSpot: Onion Pi transforms Raspberry Pi into anonymous Wi-Fi hotspot

System infected: ZeroAccess Rootkit Activity 4 and TidServ Activity 2

Discussion in 'Virus and Malware Removal' started by paulisofi, Feb 6, 2012.

Post New Reply
Page 11 of 13

  1. paulisofi Newcomer, in training Posts: 145

    ok... I will... I'm sorry but I'm on the verge of a heart attack here... and I truly can't lose my computer or the docs in it... So then it doesn't matter that it "booted" as windows xp and this machine is vista?
    paulisofi, Feb 12, 2012
    #201

  2. Broni Malware Annihilator Posts: 40,078   +187

    No. You're fine.
    Broni, Feb 12, 2012
    #202

  3. paulisofi Newcomer, in training Posts: 145

    I double clicked on OTLPE icon and now I have a pop up that says: (Note: I had to delete the final parenthesis of all indicated drives because this post was not being allowed like that).

    Browse for folder

    Choose Windows Directory

    My computer

    RAM Disk (B:
    HP (C:
    HP_PAVILION (D:
    Removable Disk (E:
    Removable Disk (F:
    Removable Disk (G:
    Removable Disk (H:
    Removable Disk (I:
    ReatogoPE (X:
    Shared documents

    Folder: My Computer

    OK Cancel
    paulisofi, Feb 12, 2012
    #203

  4. paulisofi Newcomer, in training Posts: 145

    I don't know what to do because this is not mentioned in the instructions.
    paulisofi, Feb 12, 2012
    #204

  5. Broni Malware Annihilator Posts: 40,078   +187

    This is not the best news if the tool can't find Windows folder.

    Navigate to a folder where Windows is normally installed.
    That'd be C:\Windows
    Broni, Feb 12, 2012
    #205

  6. paulisofi Newcomer, in training Posts: 145

    I went to HP (C:) and I found one of the folders there is WINDOWS. i went in there and it has a lot of subfolders. What shall I do?
    paulisofi, Feb 12, 2012
    #206
     

  7. Broni Malware Annihilator Posts: 40,078   +187

    Just stop at "Windows" folder.
    Click ok or whatever accepting button you have there.
    Broni, Feb 12, 2012
    #207

  8. paulisofi Newcomer, in training Posts: 145

    Would you like me to list all these subfolders within WINDOWS folder?
    paulisofi, Feb 12, 2012
    #208

  9. paulisofi Newcomer, in training Posts: 145

    Sorry, posted at the same time..
    paulisofi, Feb 12, 2012
    #209

  10. paulisofi Newcomer, in training Posts: 145

    ok, now it's asking me the first question posted in your instructions. I'll proceed as indicated.
    paulisofi, Feb 12, 2012
    #210

  11. paulisofi Newcomer, in training Posts: 145

    Sorry, that wasn't the first question in your instructions, but the one that I got first is listed second in your instructions. Shall I proceed?
    paulisofi, Feb 12, 2012
    #211

  12. Broni Malware Annihilator Posts: 40,078   +187

    What question is it?
    Broni, Feb 12, 2012
    #212

  13. paulisofi Newcomer, in training Posts: 145

    The first question that popped up on the infected pc is:

    Do you wish to load remote user profile(s) for scanning?

    According to your instructions, that question should be second, after Do you wish to load the remote registry? which I've never had so far.
    paulisofi, Feb 12, 2012
    #213

  14. Broni Malware Annihilator Posts: 40,078   +187

    Yes to that question.
    Broni, Feb 12, 2012
    #214

  15. paulisofi Newcomer, in training Posts: 145

    Yes, yes. I wasn't sure if it was ok that it was not following the supposed order. Now, I clicked Yes there and I got another pop up that says:

    Select User Profile

    IUSR_NMPR
    LocalService
    NetworkService
    paulisofi
    systemprofile

    Automatically load all remaining users? (-----> this one has a checkmark to the left of it)

    OK CANCEL
    paulisofi, Feb 12, 2012
    #215

  16. paulisofi Newcomer, in training Posts: 145

    One more thing: the very first profile listed is the one that came highlighted.
    paulisofi, Feb 12, 2012
    #216

  17. Broni Malware Annihilator Posts: 40,078   +187

    Just click OK.
    Broni, Feb 12, 2012
    #217

  18. paulisofi Newcomer, in training Posts: 145

    Running the scan now...
    paulisofi, Feb 12, 2012
    #218

  19. paulisofi Newcomer, in training Posts: 145

    Scan has just finished running. i see the OTL.txt in notepad but I don't think it's been saved to C:|. I already looked for it there and didn't find it. Shall I manually save it somewhere first and then save a copy in the usb flash drive?
    paulisofi, Feb 12, 2012
    #219

  20. Broni Malware Annihilator Posts: 40,078   +187

    Save it straight to USB flash drive.
    Broni, Feb 12, 2012
    #220
Page 11 of 13

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...

Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.