8 step viruses/spyware/malware - step 4 doesn't work

[Hopeless88]

i downloaded step #4 in the 8 step virus/spyware/malware thingy which is the malwarebytes anti-malware and it says run error 372 . failed to load control 'vbalsgrid' from vbalsgrid6.ocx. your version may be outdated....did this only happen to me?

and i tried to download step #5 but it days the system administrator has set policies to prevent this installation... ugh! my computer is soo messed up i need URGENT heLp!

 

[mflynn]

Boot to Safe Mode networking and do all below.

Left Drag mouse and Copy for Pasting all text in the box below. Make sure the slider bar goes to bottom from the @ to the end of the second exit.

Then paste to the black screen of an open command prompt. All may not apply so ignore errors.

@echo off
cd\
:: Fix associations
ftype exefile="%1" %*
ftype batfile="%1" %*
ftype cmdfile="%1" %*
ftype comfile="%1" %*
ftype scrfile="%1" /S
ftype regfile="regedit.exe" "%1"
ftype piffile="%1" %*
ftype inffile=%SystemRoot%\System32\NOTEPAD.EXE "%1"
ftype vbsfile=%SystemRoot%\System32\WScript.exe "%1" %*
ftype jsfile=%SystemRoot%\System32\WScript.exe "%1" %*

assoc .exe=exefile
assoc .bat=batfile
assoc .cmd=cmdfile
assoc .com=comfile
assoc .scr=scrfile
assoc .reg=regfile
assoc .pif=piffile
assoc .lnk=lnkfile
assoc .inf=inffile
assoc .vbs=VBSFile
assoc .js=JSFile

sc stop TDSSserv.sys
sc delete TDSSserv.sys
:: Above sc commands first stops then deletes service if it exists
::
reg unload "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata"
reg unload "HKEY_LOCAL_MACHINE\SOFTWARE\tdss"
::
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\tdss" /f
::The above reg commands first unloads the reg keys then deletes these keys.
::
Attrib -h -s -r tdss*.* /s
del  tdss*.* /f /q /s
:: The above two lines first clears protective attributes then 
:: deletes all files on Drive beginning with the name tdss

:: Remove AntiVirus2009
attrib -h -s -r "%UserProfile%\Desktop\Antivirus 2009.lnk"
attrib -h -s -r "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk"
attrib -h -s -r "%UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\S96PZM7V\winsrc[1].dll"
attrib -h -s -r "%UserProfile%\Start Menu\Antivirus 2009\*.*"

del "%UserProfile%\Desktop\Antivirus 2009.lnk" /f /q
del "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk" /f /q
del "%UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\S96PZM7V\winsrc[1].dll" /f /q
del "%UserProfile%\Start Menu\Antivirus 2009\*.*" /f /q

rd /s /q "%UserProfile%\Start Menu\Antivirus 2009"

attrib -h -s -r "c:\Program Files\Antivirus 2009\*.*"
rd /s/q "c:\Program Files\Antivirus 2009"

attrib -h -s -r c:\WINDOWS\system32\ieupdates.exe
attrib -h -s -r c:\WINDOWS\system32\scui.cpl
attrib -h -s -r c:\WINDOWS\system32\winsrc.dll

del c:\WINDOWS\system32\ieupdates.exe /f /q
del c:\WINDOWS\system32\scui.cpl /f /q
del c:\WINDOWS\system32\winsrc.dll /f /q

attrib -h -s -r c:\program files\xwdxqu.txt
attrib -h -s -r c:\windows\x
attrib -h -s -r c:\windows\SxsCaPendDel

del c:\program files\xwdxqu.txt  /f /q
del c:\windows\x  /f /q
del c:\windows\SxsCaPendDel  /f /q

reg delete HKLM\SOFTWARE\swearware /f
reg delete HKCU\Software\Wget /f
reg delete HKLM\Software\Classes\CLSID\{CD363BEC-7150-B887-530D-F3E2E0424EA} /f

:: rootkit gaopdxserv
attrib -h -s -r "c:\windows\system32\drivers\gaopdxqfotrruc.sys"
attrib -h -s -r "c:\windows\system32\gaopdxqpqjwmyc.dll"
attrib -h -s -r "\c:\windows\system32\drivers\gaopdxuigiphwm.sys"

sc stop gaopdxserv.sys.sys
sc delete gaopdxserv.sys.sys

del  /f /q "c:\windows\system32\drivers\gaopdxqfotrruc.sys"
del  /f /q  "c:\windows\system32\gaopdxqpqjwmyc.dll"
del  /f /q  "\c:\windows\system32\drivers\gaopdxuigiphwm.sys"

reg delete "HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaopdxserv.sys" /f
reg delete "HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaopdxserv.sys" /f
reg delete "HKEY_LOCAL_MACHINE\Software\Classes\gaopdxvx" /f

reg delete "HKEY_CURRENT_USER\Software\75319611769193918898704537500611" /f
reg delete "HKEY_CLASSES_ROOT\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037C7B8A-151A-49E6-BAED-CC05FCB50328}" /f
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" "75319611769193918898704537500611" /f
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" "ieupdate" /f
echo Finshed ripping out Antivirus 2008-9
:: Fix associations
ftype exefile="%1" %*
ftype batfile="%1" %*
ftype cmdfile="%1" %*
ftype comfile="%1" %*
ftype scrfile="%1" /S
ftype regfile="regedit.exe" "%1"
ftype piffile="%1" %*
ftype inffile=%SystemRoot%\System32\NOTEPAD.EXE "%1"
ftype vbsfile=%SystemRoot%\System32\WScript.exe "%1" %*
ftype jsfile=%SystemRoot%\System32\WScript.exe "%1" %*

assoc .exe=exefile
assoc .bat=batfile
assoc .cmd=cmdfile
assoc .com=comfile
assoc .scr=scrfile
assoc .reg=regfile
assoc .pif=piffile
assoc .lnk=lnkfile
assoc .inf=inffile
assoc .vbs=VBSFile
assoc .js=JSFile
exit
exit

This should run and exit!

It is a coverall and you may see a few errors related to it addressing something you do not need. This is normal ignore.

Now still in safe Mode networking continue the 8 Steps.

Mike

 

[kimsland]

did this only happen to me?

Yes

Also here's a direct download for Malwarebytes if it helps: http://www.malwarebytes.org/mbam/program/mbam-setup.exe

 

[Hopeless88]

my computer doesnt let me copy and paste, and i have no toolbar

 

[kimsland]

Boot to Safe Mode networking

You should be able to click on the link then

 

[mflynn]

Did you boot to Safe mode?

How did you get the first 3 steps done?

We need more details!

Mike

 

[Hopeless88]

I Clicked the link same thing happened..doesnt work. i been in safe mode because in original mode i cant access the internet. the first 3 steps downloaded fine and had no problems...

Basically whats wrong with my comp is that i cant copy and paste. i cant access the internet in the normal mode. i did a virus scan it found over 200 trojans, it says rpc server is unavailable . and when i try 2 look at my firewall it says ics is not able to open...

 

[mflynn]

Well Hopeless!

Can you get this unzip it and run? http://www.castlecops.com/zx/sjpritch25/RatsCheddar.zip

Mike

 

[Hopeless88]

yea i unzipped it, its running what does this do?

 

[mflynn]

Click Enable on everything! And click exit at bottom!

Reboot back to Safe Mode and begin again with the copy paste operation if it works now. Try MalwareBytes and SuperAntiSpyware also.

Mike

 

[Hopeless88]

ugh nothing...& for the ratscheddar when i would press enable it would say failed to set data for,,

 

[mflynn]

On this board Executable (.EXE ) can not be attached so download the Fixit.zip attachment then Rt Click it get Properties and in the name box change the name from Fixit.zip to Fixit.exe.

Do not rename by editing the label under the Icon it will not work.

Then execute it and enter the Fix folder and execute the fixit.cmd
Read this and do it!
https://www.techspot.com/vb/post684649-3.html

Mike

 

[Hopeless88]

hey mike.. i followed the steps and when i was in the cmd and it was doin the scan and error window popped up and said "system error &h800706ba(-2147023174) the rpc server is unavailable. =(

a notepad popped up...what does this mean?

Not exist: C:\qlcojek.exe
Not exist: C:\WINDOWS\webhdll.dll
Not exist: C:\WINDOWS\whagent.inf
Not exist: C:\WINDOWS\whInstaller.exe
Not exist: C:\WINDOWS\whInstaller.ini
Not exist: C:\WINDOWS\SVCHOST.exe
Not exist: C:\WINDOWS\mssys.com
Not exist: C:\WINDOWS\nem216.dll
Not exist: C:\WINDOWS\cvchost.exe
Not exist: C:\WINDOWS\ntldr.exe
Not exist: C:\WINDOWS\rocky.exe
Not exist: C:\WINDOWS\wininet32.exe
Not exist: C:\WINDOWS\runwin32.exe
Not exist: C:\WINDOWS\msxmidi.exe
Not exist: C:\WINDOWS\mstaskss.exe
Not exist: C:\WINDOWS\mstasks1.exe
Not exist: C:\WINDOWS\msstasks.exe
Not exist: C:\WINDOWS\seksdialer.exe
Not exist: C:\WINDOWS\urub.exe
Not exist: C:\WINDOWS\SYSTEM\wmscrop.exe
Not exist: C:\WINDOWS\mssys.com
Not exist: C:\WINDOWS\nem216.dll
Not exist: C:\WINDOWS\cvchost.exe
Not exist: C:\WINDOWS\ntldr.exe
Not exist: C:\WINDOWS\rocky.exe
Not exist: C:\WINDOWS\wininet32.exe
Not exist: C:\WINDOWS\runwin32.exe
Not exist: C:\WINDOWS\msxmidi.exe
Not exist: C:\WINDOWS\mstaskss.exe
Not exist: C:\WINDOWS\mstasks1.exe
Not exist: C:\WINDOWS\msstasks.exe
Not exist: C:\WINDOWS\seksdialer.exe
Not exist: C:\WINDOWS\urub.exe
Not exist: C:\WINDOWS\SYSTEM\wmscrop.exe
Not exist: C:\WINDOWS\bak
Not exist: C:\WINDOWS\logonui.exe
Not exist: C:\WINDOWS\pop06ap2.exe
Not exist: C:\WINDOWS\system32\Com\SVCHOSTKEY.DLL
Not exist: C:\WINDOWS\system32\Com\SVCHOSTKEY.DLL
Not exist: C:\WINDOWS\system32\dmaas.exe
Not exist: C:\WINDOWS\system32\com\svchost.exe
Not exist: C:\WINDOWS\system32\nggstr.dll
Not exist: C:\WINDOWS\system32\wcpsvsu.exe
Not exist: C:\WINDOWS\system32\cpclccmd.dll
Not exist: C:\WINDOWS\system32\aaauxydradkw.dll
Not exist: C:\WINDOWS\system32\aaauxydradkw.dll
Not exist: C:\WINDOWS\system32\lnhbwqfqsjdn.dll
Not exist: C:\WINDOWS\system32\xwerymuwyaak.dll
Not exist: C:\WINDOWS\system32\wdywdhcgvqsf.dll
Not exist: C:\WINDOWS\system32\dlh9jkd1q8.exe
Not exist: C:\WINDOWS\system32\4a0fd307.exe
Not exist: C:\WINDOWS\system32\rqrolmk.dll
Not exist: C:\WINDOWS\system32\etbbjxtr.dll
Not exist: C:\WINDOWS\system32\vtutr.dll
Not exist: C:\WINDOWS\system32\wmvconf.exe
Not exist: C:\WINDOWS\system32\atmconf.exe
Not exist: C:\WINDOWS\system32\e1.dll
Not exist: C:\WINDOWS\system32\rpcc.dll
Not exist: C:\WINDOWS\system32\dmywn.exe
Not exist: C:\WINDOWS\system32\dvoxcqpu.dll
Not exist: C:\WINDOWS\system32\zreixu.exe
Not exist: C:\WINDOWS\system32\anhjit.exe
Not exist: C:\WINDOWS\system32\wpa20.exe
Not exist: C:\WINDOWS\system32\winjews16.exe
Not exist: C:\WINDOWS\system32\cottyafl.dll
Not exist: C:\WINDOWS\system32\vturp.dll
Not exist: C:\WINDOWS\system32\aswasuqk.dll
Not exist: C:\WINDOWS\system32\winjews16.exe
Not exist: C:\WINDOWS\system32\cottyafl.dll
Not exist: C:\WINDOWS\system32\msxslab.dll
Not exist: C:\WINDOWS\system32\bridge.dll
Not exist: C:\WINDOWS\system32\jac.dll
Not exist: C:\WINDOWS\system32\d2kpax.dll
Not exist: C:\WINDOWS\system32\a.exe
Not exist: C:\WINDOWS\system32\winproc32.exe
Not exist: C:\WINDOWS\system32\d2kpax.exe
Not exist: C:\WINDOWS\system32\mcc.exe
Not exist: C:\WINDOWS\system32\lvj6091se.dll
Not exist: C:\WINDOWS\system32\msxslab.dll
Not exist: C:\WINDOWS\system32\bridge.dll
Not exist: C:\WINDOWS\system32\jac.dll
Not exist: C:\WINDOWS\system32\d2kpax.dll
Not exist: C:\WINDOWS\system32\a.exe
Not exist: C:\WINDOWS\system32\winproc32.exe
Not exist: C:\WINDOWS\system32\d2kpax.exe
Not exist: C:\WINDOWS\system32\mcc.exe
Not exist: C:\WINDOWS\system32\lvj6091se.dll
Not exist: C:\WINDOWS\system32\vxga4me1.exe
Not exist: C:\WINDOWS\system32\svch21.dll
Not exist: C:\WINDOWS\system32\ldcore.dll
Not exist: C:\WINDOWS\system32\sdfghjgewaertyutrew.exe
Not exist: C:\WINDOWS\system32\nweipeg.dll
Not exist: C:\WINDOWS\system32\out.dll
Not exist: C:\WINDOWS\system32\qvx5gamet2.exe
Not exist: C:\WINDOWS\system32\comdlg77.dll
Not exist: C:\WINDOWS\system32\hrcopul.dll
Not exist: C:\WINDOWS\system32\vxga4me1.exe
Not exist: C:\WINDOWS\system32\tccpip.exe
Not exist: C:\WINDOWS\system32\dlh9jkd1q7.exe
Not exist: C:\WINDOWS\system32\dlh9jkd1q6.exe
Not exist: C:\WINDOWS\system32\vpumthw.exe
Not exist: C:\WINDOWS\system32\dlh9jkd1q8.exe
Not exist: C:\WINDOWS\system32\ljjkhii.dll
Not exist: C:\WINDOWS\system32\opnkkli.dll
Not exist: C:\WINDOWS\system32\mshta.dll
Not exist: C:\WINDOWS\system32\msiexec16.ex
Not exist: C:\WINDOWS\system32\m4rmle911h.dll
Not exist: C:\WINDOWS\system32\zopenssl.dll
Not exist: C:\WINDOWS\system32\rpcc.exe
Not exist: C:\WINDOWS\system32\ATTJIT.EXE
Not exist: C:\WINDOWS\system32\drivers\agrerial.sys
Not exist: C:\WINDOWS\system32\drivers\pxscrmbl.sys
Not exist: C:\WINDOWS\system32\pushow86.dll
Not exist: C:\WINDOWS\system32\KDXNZ.EXE
Not exist: C:\WINDOWS\system32\lpqrio.dll
Not exist: C:\WINDOWS\system32\vmmdiag32.exe
Not exist: C:\WINDOWS\system32\nvritf.dll
Not exist: C:\WINDOWS\system32\krnsvr32.dll
Not exist: C:\WINDOWS\system32\win18110.dll
Not exist: C:\WINDOWS\system32\wmimgr32.dll
Not exist: C:\WINDOWS\system32\win33810.dll
Not exist: C:\WINDOWS\system32\win48372.dll
Not exist: C:\WINDOWS\system32\win59645.dll
Not exist: C:\WINDOWS\system32\win31461.dll
Not exist: C:\WINDOWS\system32\win10698.dll
Not exist: C:\WINDOWS\system32\win27776.dll
Not exist: C:\WINDOWS\system32\win1654.dll
Not exist: C:\WINDOWS\system32\win43005.dll
Not exist: C:\WINDOWS\system32\win62458.dll
Not exist: C:\WINDOWS\system32\win42086.dll
Not exist: C:\WINDOWS\system32\win22370.dll
Not exist: C:\WINDOWS\system32\win40260.dll
Not exist: C:\WINDOWS\system32\win19106.dll
Not exist: C:\WINDOWS\system32\win58114.dll
Not exist: C:\WINDOWS\system32\win15359.dll
Not exist: C:\WINDOWS\system32\win56663.dll
Not exist: C:\WINDOWS\system32\win35494.dll
Not exist: C:\WINDOWS\system32\win54931.dll
Not exist: C:\WINDOWS\system32\win31247.dll
Not exist: C:\WINDOWS\system32\win10140.dll
Not exist: C:\WINDOWS\system32\win36546.dll
Not exist: C:\WINDOWS\system32\win17564.dll
Not exist: C:\WINDOWS\system32\win58525.dll
Not exist: C:\WINDOWS\system32\win10957.dll
Not exist: C:\WINDOWS\system32\win53699.dll
Not exist: C:\WINDOWS\system32\win52749.dll
Not exist: C:\WINDOWS\system32\win309.dll
Not exist: C:\WINDOWS\system32\win43035.dll
Not exist: C:\WINDOWS\system32\win22491.dll
Not exist: C:\WINDOWS\system32\win46240.dll
Not exist: C:\WINDOWS\system32\win18548.dll
Not exist: C:\WINDOWS\system32\win18704.dll
Not exist: C:\WINDOWS\system32\wmimgr32.dll
Not exist: C:\WINDOWS\system32\win23704.dll
Not exist: C:\WINDOWS\system32\lzx32.sys
Not exist: C:\WINDOWS\system32\actsrv.exe
Not exist: C:\WINDOWS\system32\iwinapp.exe
Not exist: C:\WINDOWS\system32\rpcc.dll
Not exist: C:\WINDOWS\system32\hivencnf.dll
Not exist: C:\WINDOWS\system32\rcyggcma.dll
Not exist: C:\WINDOWS\system32\abbrhlik.dll
Not exist: C:\WINDOWS\system32\jlbowagw.dll
Not exist: C:\WINDOWS\system32\fqhsdhia.dll
Not exist: C:\WINDOWS\system32\tsvibntc.dll
Not exist: C:\WINDOWS\system32\xshbcvgh.dll
Not exist: C:\WINDOWS\system32\qtjqekwq.dll
Not exist: C:\WINDOWS\system32\ouibkela.dll
Not exist: C:\WINDOWS\system32\efqwanxx.dll
Not exist: C:\WINDOWS\system32\lexlxqwb.dll
Not exist: C:\WINDOWS\system32\cvgfkrjw.dll
Not exist: C:\WINDOWS\system32\metibvuo.dll
Not exist: C:\WINDOWS\system32\dyutkecv.dll
Not exist: C:\WINDOWS\system32\crlwxswe.dll
Not exist: C:\WINDOWS\system32\fffvclsf.dll
Not exist: C:\WINDOWS\system32\ehjhukdi.dll
Not exist: C:\WINDOWS\system32\xvtyfkqi.dll
Not exist: C:\WINDOWS\system32\kilwbnoo.dll
Not exist: C:\WINDOWS\system32\qhdaesnp.dll
Not exist: C:\WINDOWS\system32\uqauprex.dll
Not exist: C:\WINDOWS\system32\kngqlljl.dll
Not exist: C:\WINDOWS\system32\ubhehyff.dll
Not exist: C:\WINDOWS\system32\ytqwpkqs.dll
Not exist: C:\WINDOWS\system32\ydaoexyc.dll
Not exist: C:\WINDOWS\system32\hsgktimn.dll
Not exist: C:\WINDOWS\system32\mwlinckx.dll
Not exist: C:\WINDOWS\system32\riojylde.dll
Not exist: C:\WINDOWS\system32\rqnofyew.exe
Not exist: C:\WINDOWS\system32\amrqqnbj.dll
Not exist: C:\WINDOWS\system32\efufiigc.dll
Not exist: C:\WINDOWS\system32\grtxctvg.dll
Not exist: C:\WINDOWS\system32\drvsud.dll
Not exist: C:\WINDOWS\system32\wincjw32.dll
Not exist: C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll
Not exist: C:\Documents and Settings\test\Application Data\turing_files.ini
Not exist: C:\Documents and Settings\test\Application Data\turing.ini
Not exist: C:\Documents and Settings\GLB\Local Settings\Application Data4a0fd307.exe
Not exist: C:\Program Files\q330994.exe
Not exist: C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
Not exist: C:\Program Files\Common Files\{6831F5EA-0960-1033-0430-020624030001}\Update.exe
Not exist: C:\WINDOWS\email-av.exe
Not exist: C:\dfndrff_125.exe
Not exist: C:\nwnmff_e35.exe
Not exist: C:\Program Files\q330994.exe
Not exist: C:\WINDOWS\system32\win_8.exe
Not exist: C:\WINDOWS\system32\n?pdb.exe
Not exist: C:\WINDOWS\TEMP\winumlgkkª.exe
Not exist: C:\4ceaf2717e9926c4f79108a2d5
Not exist: C:\Program Files\Webhancer
Not exist: C:\Documents and Settings\Office5\Application Data\SearchToolbarCorps
Not exist: C:\Program Files\Uipepio
Not exist: C:\Program Files\AWS
Not exist: C:\Program Files\SearchRelevancy
Not exist: C:\Program Files\PartyGaming

 

[mflynn]

That is a log file try to attach these.

Now go back and see if you can do post #2..

The the 8 Steps.

Mike