TechSpot

Virus Help

By rnally
Nov 13, 2008
  1. I have been fighting vuruses for a couple of days now, I am not able to install or update anything that requires a internet connection. It is now to the point that I can't even boot my computer unless I do so in safe mode, I get memory write errors and the system just freezes up.
     
  2. mflynn

    mflynn TS Rookie Posts: 2,655

    Hi rnally

    You are lucky you got this MalwareBytes scan.

    So it shows it cleaned some so run it again and again until it comes up clean post log each run.

    When it comes up clean go here The TechSpot 8 steps: http://www.techspot.com/vb/topic58138.html

    and do all except MWBAM and then get us an SAS log and HJT log last.

    Mike
     
  3. rnally

    rnally TS Rookie Topic Starter

    The problem is that I can only boot is safe mode so when I reboot it does not execute the process to remove the items that could not be removed, it also will not update because all of the connections are hijacked. Any advise would be helpful and please dont tell me to reinstall windows
     
  4. mflynn

    mflynn TS Rookie Posts: 2,655

    Hi mally

    Do the below in full mode. If it will run but not update run without update.


    All you need to do is rename SuperAntiSpyware to say SAS.exe and mbam.exe to mwbam.exe.

    So My Computer to \Program Files\SuperAntiSpyware find and rename as above and run from there by dbl clicking. Then do the same for MalwareBytes.

    After loading but before clicking Scan do the below config changes

    SuperAntispyware config

    UPDATE!

    Then

    Click the Preferences button.

    Then Scanning Control.

    In Scanner Options make sure the following are checked:
    1. Close browsers before scanning
    2. Scan for tracking cookies
    3. Terminate memory threats before quarantining.
    4. Leave the others as they are.

    In MalwareBytes after update but before running
    Click settings and confirm all are Checked.

    I repeat Update these 2 programs.

    Run them and post their logs then a new HJT log HJT always last.

    After attaching logs from above run both programs again to confirm they find nothing else and attach new logs for this run!

    Do this correctly and we will make a short job of this!

    Mike
     
  5. rnally

    rnally TS Rookie Topic Starter

    logs

    here is the next set of logs, does not seem to have improved, I am getting errors data execution prevention errors on startup as well as svchost errors
     
  6. mflynn

    mflynn TS Rookie Posts: 2,655

    No doubt you are having these issues after looking at your log.

    If you are now running SAS post its log when finished and run again if it is not clean and post another log for each run.

    Then run mbam again same way until clear posting the log each time.

    Post another HJT log LAST, after all above is finished.

    Mike
     
  7. rnally

    rnally TS Rookie Topic Starter

    Will McCafee virus scan work or do i need to use SAS?
     
  8. mflynn

    mflynn TS Rookie Posts: 2,655

    You had McAfee all along, only run it again when you have finished the chore here!

    Perhaps in the 8 steps you skipped the part about turning of things.

    Turn off other protections and likely you will not get there isues while scanning.

    You need to get thou these 2 programs until they say clean..

    Try to short cut it at your peril.

    Mike
     
  9. rnally

    rnally TS Rookie Topic Starter

    More logs

    getting better now, here are the next round of logs, still getting the DEP error
     
  10. mflynn

    mflynn TS Rookie Posts: 2,655

    Did you do this, don't look like it!

    SuperAntispyware config

    UPDATE!

    Then

    Click the Preferences button.

    Then Scanning Control.

    In Scanner Options make sure the following are checked:
    1. Close browsers before scanning
    2. Scan for tracking cookies
    3. Terminate memory threats before quarantining.
    4. Leave the others as they are.

    In MalwareBytes after update but before running
    Click settings and confirm all are Checked.

    Do it and run both until they are clean! You still have a couple of real bad boys.

    Mike
     
  11. rnally

    rnally TS Rookie Topic Starter

    yes i did all of that several times but there is still one that cantt be removed.
     
  12. mflynn

    mflynn TS Rookie Posts: 2,655

    Good morning Mally

    Run CCleaner again twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.

    Then

    D/L install and run ATF-Cleaner clear all except passwords in all browsers you have. Run repeatedly until no more found.

    http://www.majorgeeks.com/ATF_Cleaner_d4949.html
    ----------------------------------------------------------------------------------------------------------------------------------

    The issue found is in System Restore so do the below

    Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "After cleanup at TechSpot".

    Then

    Start-Programs-Accessories-System Tools-Disk Cleanup
    Click OK to accept C:
    Select all Boxes
    Then click More Options
    Here click System Restore and OK to "Are you sure" and the OK to Run.

    As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

    It clears what is known as Shadow copies which are used by specialized back up programs.

    This is if you have the Volume Shadow Copy running which is the default.

    Now check rerun SAS and MBAM and you should find it and the tracking cookies gone.

    And we should be finished!

    Mike
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...