8 Step Removal Program and Win32/Heur Problem

Status
Not open for further replies.

Jaydee11

Posts: 43   +0
Hi

I am new at this a little but I caught a virus from trying to upload a bit torrent fie a few days ago. The virus that I am having some struggles with is the Win32/HEUR virus. I have followed the Eight Steps recomnended by Julio and Blind Dragon with the exception of Malwarebytes due to the fact that I would have to pay for it online and with virus on the computer, I did not feel safe to do so. So I used Webroot Spybot for Step 4. I only removed a few items. I also have AVG as my anti virus. I keeps giving me the Win32/Heur threat to this point.

All of the other steps, I have followed in safe mode. My computer seems to run slow at this point as well. I also have ZONE Alarm as my firewall which alerts me of internet intrusions.

I am looking for the next step and removing the remaining virus and fully cleaning up m system. Please review my log files. I have to break them up becuase they were too large to upload. I really do appreciate the help and support in this.

Thanks

Jaydee11
 

Attachments

  • SUPERAntiSpyware Scan Log - 02-18-2009 - 23-31-19 1.txt
    131.5 KB · Views: 17
  • Super AntiSpyware og 02-18-2009 23-31-19 2.txt
    76.2 KB · Views: 10
  • hijackthis#1.txt
    199 KB · Views: 15
  • hijackthis #2.txt
    196.7 KB · Views: 8
Run SAS again post logs for each run it will likely find more, Run it until it comes up clean or finds thins it can not clean post each log!

Negative on the MalwareBytes (just download the free one) download and run it now from the 8 Steps!

Mike
 
ok. I am running both SAS and Anti Malware and will post the logs when it is done. thanks for the help. they take a while for them to run.
 
Should not run the simultaneously, they may conflict with each other and you will gain no speed or time, will take twice as long.

But if you have and they have been running long then let them run and hope they finish OK without locking up.

Mike
 
I'm sorry. I meant one at a time which I am doing. I finished SAS with no virus and I am running A Malware now. I will have all logs latest to earliest including hijackthis posted in the morning. Thanks
 
mike

I just rebooted my computer in normal mode after I ran all of the programs and I cannot see none of my icons on the desktop. What should I do?
 
Jeeze!

Hit Ctrl Alt Del for task manager then click run
then
type
Explorer

Click ok or hit enter key.

Were you returning from the SDFix reboot from Safe Mode?

Mike
 
ok. it opened up. I ran abam,SD and hijack this in safe mode. SD found nothing while ABAM found four threads. I am going to send all files in a minute.
 
Here are the MBAM and Anti Files. I will send Hijackthis on the next response. My computer seems to run very slow at this point. I noticed that AVG keeps sending me a threat removal of the WIN32/HEUR Virus. I currenlty have AVG, and ANTI SPYWARE, SPYSWEEPER running as programs. Should I delete one of them to see if the computer runs faster? Thanks
 
Owee!

Leave all running for now just contend with the slowness until we are clean. You ahve so much we need all the protection we can get.

You weren't only infected you were eat up infested.

Another run indicated!
OK there were found/removed items in both MBAM and SAS so we need to run again as the last runs likely exposed things that were not even seen the first time.

So another run Quick Scan will likely find more. So UPDATE run both again. Post the logs.

Mike
 
Ok I will run both again. did you notice that the last SAS quick scan came up clean and the last Malware run came up with four infections. quite a drop from the first runs. Also when shutting down my computer to go into safe mode to rerun, I had noticed a bunch of dll's failing to shut down. I wonder what this is about.
 
Yes I noticed the cleaned items dropped.! The shutdown dll issues it will likely self correct when clean or we will address them when clean.

Ok no need to run SAS again! My mistake.

Mike
 
ok. I have stopped SAS and I am now running MBAM again. Will let you know the results.

Mike

Here is the latest mdam file. Let me know what is next. AVG is still giving me the WIN32/heur threat emoved reminder. Dont know if that is a False Positive or not. Look forward to you response.r
 
Do the below! This is not hard 1 step at a time.

COMBOFIX-Script
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Code:
KillAll::

FCopy::
C:\WINDOWS\ServicePackFiles\i386\userinit.exe | C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\ServicePackFiles\i386\explorer.exe | C:\WINDOWS\explorer.exe
Then drag this script and drop on top of ComboFix.

ComboFix will now run a scan on your system.

It may reboot your system when it finishes. This is normal.

When finished, it will create a log. Attach the log back.

Mike
 
Geeze Jadee overlook me.

Too many similar threads. And the Friday rush!

Forget that for now but we may need to come back to it!

Do this. Part of it is ComboFix

Download SDFix to Desktop.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

On Desktop run SDdFix It will run (install) then close.

Then reboot into Safe Mode

As the computer starts up, tap the F8 key several times.

On the Boot menu Choose Safe Mode.

Click thu all the prompts to get to desktop.

At Desktop
My Computer C: drive. Double-click to open.

Look for a folder called SD Fix. Double-click to enter SD Fix.

Double-click to RunThis.bat. Type Y to begin.

SD Fix does its job.

When prompted hit the enter key to restart the computer

Your computer will reboot.

On normal restart the Fixtool will run again and complete the removal process then say Finished,
Hit the Enter key to end the script and load your desktop icons.

Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
Attach the Report.txt file to your next post.
=========================================
Download ComboFix

NOTE: If you have had ComboFix more than a few days old delete and re-download.

Get it here: https://www.techspot.com/downloads/5587-combofix.html
Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

Install Recovery Console if connected to the Internet!

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall.

Mike
 
I would love to continue this next step but now my internet browser is not working. been trying to get online for the past hour. my other online apps are working. don't know what to do next.

Mike

If it is ok with you, I am going to run another full scan on Anti Malware again. My computer is still acting a little weird and sluggish and now I cannot browser the internet for some reason. I still think that their is a virus still sworming around by box. The CPU has been running 100% even with no programs running. I need the browser so that I can do the SDFix and Combofix that you have recommended. Let me know if I need to do something else. Thanks
 
Write down the text in the box!
Code:
netsh winsock reset catalog
Boot to safe mode with networking. Try the a Browser to get on the Internet.

If it don't work open a command prompt and type the comand hit the enter key twice then close the command prompt.

If browser now works complete SDFix from here and it will reboot back to normal then run combofix.

Mike
 
How long does the SD fix run in Safe Mode? I think I have it running..my screen is black right now and I cannot see anything in safe mode. Just want to make sure it is running before I go to the next step.
 
Max 10 miniutes.

Try Ctrl Alt Del try to end task.

If you have to power off skip sdfix and do the combofix.

Mike

I need to call it a night. My mind is foggy don't want to make a mistake.

I will be on in morning!

Good night,
Mike
 
Ok. Thanks for your help today.
When I installed combofix and tried to run it both in safe and normal mode. It gave me this

Terminal Error Message:
C:\Windows\regedit.exe is missing

Copy one from another machine


We can work on this tomorrow.

Thanks

Good Morning Mike,

When I installed combofix and tried to run it both in safe and normal mode. It gave me this

Terminal Error Message:
C:\Windows\regedit.exe is missing

Copy one from another machine.

Thanks for your continued support.
 
Lets try to find a backup. Must have been infected and removed.

Left Drag mouse and Copy for Pasting all text in the box below.
Make sure the slider bar goes to bottom from the @ to the end of the second exit.

Then paste to the black screen of an open command prompt.
Code:
@echo off
cd\
dir /s regedit.exe >"%USERPROFILE%"\Desktop\regedit.txt
exit
exit

Now post the regedit.txt from the new icon on the desktop back to the thread.

Mike
 
Status
Not open for further replies.
Back