8 steps done, am I clean?

By bkfuhrer ยท 33 replies
Feb 18, 2009
  1. Hi, my computer came under attack by the braskt virus last Nov , I'm not sure why but my son had been on cheat sites and you-tube a lot pror to this. I think I was able to remove it using a number of different tools (Malwarebytes, Superantispyware, Rouge Remover, Spybot search and destroy and Spyware doctor I think). Unfortunately it hasn't been quite the same since and I have been plagued by random shut downs, slowness and inability to get updates for AVG or any of the other programs.
    I found your website and have read some of the posts and I decided to uninstall AVG and replace it with Avira and that does seem to have helped speed things up. I was then finally able to update Malwarebytes and Superantispyware and remove some more nasties but I'm not sure if I'm done.
    If somebody could please have a look at my logs and advise me on what I need to keep or add and what I should get rid of I would be eternally grateful, I do my best but am not completely computer literate.
  2. mflynn

    mflynn TS Rookie Posts: 2,655

    Alright you cleaned repeatedly until logs were clean,

    First do this..

    Download SDFix to Desktop.


    On Desktop run SDdFix It will run (install) then close.

    Then reboot into Safe Mode

    As the computer starts up, tap the F8 key several times.

    On the Boot menu Choose Safe Mode.

    Click thu all the prompts to get to desktop.

    At Desktop
    My Computer C: drive. Double-click to open.

    Look for a folder called SD Fix. Double-click to enter SD Fix.

    Double-click to RunThis.bat. Type Y to begin.

    SD Fix does its job.

    When prompted hit the enter key to restart the computer

    Your computer will reboot.

    On normal restart the Fixtool will run again and complete the removal process then say Finished,
    Hit the Enter key to end the script and load your desktop icons.

    Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
    Attach the Report.txt file to your next post.
    Download ComboFix

    NOTE: If you have had ComboFix more than a few days old delete and re-download.

    Get it here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Or here: http://subs.geekstogo.com/ComboFix.exe

    Double click combofix.exe follow the prompts.

    Install Recovery Console if connected to the Internet!

    When finished, it will open a log.
    Attach the log and a new HJT log in your next reply.

    Note: Do not click combofix's window while its running. That may cause it to stall.

    Then do this to complete the AVG removal.

    Download and run AVG remover: http://www.grisoft.cz/filedir/util/avg_arm_sup_____.dir/avgremover.exe

    Download extract and run Kleaner http://support.kaspersky.com/downloads/products2009/avg8.zip

  3. bkfuhrer

    bkfuhrer TS Rookie Topic Starter Posts: 76

    Okay, I am printing your instructions out and will proceed when I'm sure I fully understand them.
    I do have one question, I'm not sure how to remove Combo fix and I don't want to do it wrong!
    Thank you so much for your response!
  4. mflynn

    mflynn TS Rookie Posts: 2,655

    If you have an old ComboFix install it this way.

    combofix /u
    Click OK or hit the Enter key!

  5. bkfuhrer

    bkfuhrer TS Rookie Topic Starter Posts: 76

    Okay, I've completed SDF fix and am working on installing Combo fix, it seems I had not installed it previously. But now Comodo is freaking me out.
    "NIR Cmd is trying to terminate DLG exe" and another message I lost before noting it. Also a warning from Combo about Avira running, I dont know what to do. Sorry, I'm a little paranoid...
  6. mflynn

    mflynn TS Rookie Posts: 2,655

    Turn off Avira. While Avira is doing its job it interferes with ComboFix.

    Run the ComboFix and turn Avira back on.

  7. bkfuhrer

    bkfuhrer TS Rookie Topic Starter Posts: 76

    Okay, what about Comodo and it's warnings? Should I assume it's combofix doing it's job?
  8. mflynn

    mflynn TS Rookie Posts: 2,655

    Yes let Comodo trust ComboFix and SDFix and remember!

  9. bkfuhrer

    bkfuhrer TS Rookie Topic Starter Posts: 76

    Well, I downloaded some info about combo fix from bleeping computers and it advised to disable firewalls also so I did and ran combo fix, got as far as the blue screen saying "Preparing Log report. Do not run any programs until Combo fix has finished". It remained on that for almost 3 hrs and then when I last checked on it had crashed. I rebooted and Windows told me I had recovered from a serious error. I connected to the internet and Windows was unable to find the file it was looking for (error reporting).
    I am attaching the log from SD fix, I looked in the Combo fix folder but could not find a log so I am supposing I'll have to run Combo fix again. I'll wait to hear your advice first however...
  10. mflynn

    mflynn TS Rookie Posts: 2,655

    Yes do the ComboFix in safe Mode networking!

  11. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    LimeWire (no use cleaning with this installed)
    Symantec Shared Registry Backup

    Try this:

    Uninstall Limewire (file sharing program)

    Uninstall your AVG Antivirus
    Then run the removal tool
    Here is the 32Bit version (most users): http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe
    Here is the 64Bit version: http://www.avg.com/filedir/util/avg_arv_sup_____.dir/avgremoverx64.exe

    Uninstall Symantec (Norton) product
    Run the Norton Removal tool

    Then run a full updated scan with Avira
  12. bkfuhrer

    bkfuhrer TS Rookie Topic Starter Posts: 76

    Okay, I'm working on all of the above. Thanks for your patience. (I'm on dial up so it sometimes takes a long time)
  13. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    All the more reason to uninstall Limewire and AVG8 :grinthumb
  14. bkfuhrer

    bkfuhrer TS Rookie Topic Starter Posts: 76

    Gotcha :)
    I was thinking that also (about limewire)
  15. mflynn

    mflynn TS Rookie Posts: 2,655

    Did the combofix run in Safe Mode?

  16. bkfuhrer

    bkfuhrer TS Rookie Topic Starter Posts: 76

    Sorry, I just finished the other stuff. The Norton took forever to remove for some reason, I thought I got rid of that years ago... Will try the combofix in safe mode now...
    BTW Avira found nothing further but one warning, I don't seem to be able to find any info on what that is.
  17. bkfuhrer

    bkfuhrer TS Rookie Topic Starter Posts: 76

    No go. I am not able to connect to the internet in safe mode with networking. Could I be doing something wrong?
  18. mflynn

    mflynn TS Rookie Posts: 2,655


    Safe Mode networking only?

    If it is not working in Normal either then do the below.

    Download XP TCP/IP Repair (Netrepair.exe) http://www.xp-smoker.com/freeware.html
    Install (check place shortcut on desktop).

    Then run and first click Reset TCP/IP it may or may not require a reboot here if it does not require a reboot then click the Repair Winsock and approve all to fix/repair and it will then require a reboot for sure. Reboot recheck for internet.

    If the first Repair Reset TCP/IP does require a reboot the as soon as it comes back up the run the second Reset Winsock!

  19. bkfuhrer

    bkfuhrer TS Rookie Topic Starter Posts: 76

    I could also try combo fix again in normal (?) I'm wondering if the screen saver or hibernate kicked in to cause it to crash...
    I will do nothing at the moment as it is late and I'll be more alert in the am. I think I read somewhere that safe mode with networking doesn't work with dial up, could that be right?
  20. mflynn

    mflynn TS Rookie Posts: 2,655

    No my last question was about the Internet itself.

    Does it work in Normal mode?

    If so do ComboFix in Normal Mode.

  21. bkfuhrer

    bkfuhrer TS Rookie Topic Starter Posts: 76

    Yes, my internet works in normal mode. When in safe mode with networking I can't access my service provider- sorry for the confusion. I will try combo fix again after turning off my interfering security devices.
  22. mflynn

    mflynn TS Rookie Posts: 2,655

    OK if you download in Normal Mode and then boot to regular Safe Mode and run it, it shoud run ok.

    But either way if we can get thu this we are almost finished I think!

    Also last after the combofix get me one more HJT log.

  23. bkfuhrer

    bkfuhrer TS Rookie Topic Starter Posts: 76

    Okay, lets see if I understand this... I need to be on the internet for combofix to download the recovery console (which didn't work the last time btw) and then I can leave combo fix, restart in safe mode and reopen combo fix?
  24. mflynn

    mflynn TS Rookie Posts: 2,655

    Nope you need Internet to get Recovery console.

    But for cleaning you can run it in Safe Mode after downloading then after I get the log and we are clean then you can run it again to get Recovery console.

    And we can install Recovery console directly later. I am mostly concerned with seeing the log now.

    But if you can turn of your protections easily do that and install the RC!

  25. bkfuhrer

    bkfuhrer TS Rookie Topic Starter Posts: 76

    Okay, I will try one more time (now) in normal mode and if it doesn't work will go to safe mode....
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...