8 steps done, am I clean?

Status
Not open for further replies.

bkfuhrer

Posts: 76   +0
Hi, my computer came under attack by the braskt virus last Nov , I'm not sure why but my son had been on cheat sites and you-tube a lot pror to this. I think I was able to remove it using a number of different tools (Malwarebytes, Superantispyware, Rouge Remover, Spybot search and destroy and Spyware doctor I think). Unfortunately it hasn't been quite the same since and I have been plagued by random shut downs, slowness and inability to get updates for AVG or any of the other programs.
I found your website and have read some of the posts and I decided to uninstall AVG and replace it with Avira and that does seem to have helped speed things up. I was then finally able to update Malwarebytes and Superantispyware and remove some more nasties but I'm not sure if I'm done.
If somebody could please have a look at my logs and advise me on what I need to keep or add and what I should get rid of I would be eternally grateful, I do my best but am not completely computer literate.
 
Alright you cleaned repeatedly until logs were clean,

First do this..

Download SDFix to Desktop.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

On Desktop run SDdFix It will run (install) then close.

Then reboot into Safe Mode

As the computer starts up, tap the F8 key several times.

On the Boot menu Choose Safe Mode.

Click thu all the prompts to get to desktop.

At Desktop
My Computer C: drive. Double-click to open.

Look for a folder called SD Fix. Double-click to enter SD Fix.

Double-click to RunThis.bat. Type Y to begin.

SD Fix does its job.

When prompted hit the enter key to restart the computer

Your computer will reboot.

On normal restart the Fixtool will run again and complete the removal process then say Finished,
Hit the Enter key to end the script and load your desktop icons.

Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
Attach the Report.txt file to your next post.
=========================================
Download ComboFix

NOTE: If you have had ComboFix more than a few days old delete and re-download.

Get it here: https://www.techspot.com/downloads/5587-combofix.html
Or here: http://subs.geekstogo.com/ComboFix.exe

Double click combofix.exe follow the prompts.

Install Recovery Console if connected to the Internet!

When finished, it will open a log.
Attach the log and a new HJT log in your next reply.

Note: Do not click combofix's window while its running. That may cause it to stall.

Then do this to complete the AVG removal.

Download and run AVG remover: http://www.grisoft.cz/filedir/util/avg_arm_sup_____.dir/avgremover.exe

Download extract and run Kleaner http://support.kaspersky.com/downloads/products2009/avg8.zip

Mike
 
Okay, I am printing your instructions out and will proceed when I'm sure I fully understand them.
I do have one question, I'm not sure how to remove Combo fix and I don't want to do it wrong!
Thank you so much for your response!
 
If you have an old ComboFix install it this way.

Start-Run
type
combofix /u
Click OK or hit the Enter key!

Mike
 
Okay, I've completed SDF fix and am working on installing Combo fix, it seems I had not installed it previously. But now Comodo is freaking me out.
"NIR Cmd is trying to terminate DLG exe" and another message I lost before noting it. Also a warning from Combo about Avira running, I dont know what to do. Sorry, I'm a little paranoid...
 
Turn off Avira. While Avira is doing its job it interferes with ComboFix.

Run the ComboFix and turn Avira back on.

Mike
 
Well, I downloaded some info about combo fix from bleeping computers and it advised to disable firewalls also so I did and ran combo fix, got as far as the blue screen saying "Preparing Log report. Do not run any programs until Combo fix has finished". It remained on that for almost 3 hrs and then when I last checked on it had crashed. I rebooted and Windows told me I had recovered from a serious error. I connected to the internet and Windows was unable to find the file it was looking for (error reporting).
I am attaching the log from SD fix, I looked in the Combo fix folder but could not find a log so I am supposing I'll have to run Combo fix again. I'll wait to hear your advice first however...
 
Installed
LimeWire (no use cleaning with this installed)
AVG8
Symantec Shared Registry Backup

Try this:

Uninstall Limewire (file sharing program)

Uninstall your AVG Antivirus
Then run the removal tool
Here is the 32Bit version (most users): http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe
Here is the 64Bit version: http://www.avg.com/filedir/util/avg_arv_sup_____.dir/avgremoverx64.exe

Uninstall Symantec (Norton) product
Run the Norton Removal tool

Then run a full updated scan with Avira
 
Okay, I'm working on all of the above. Thanks for your patience. (I'm on dial up so it sometimes takes a long time)
 
Sorry, I just finished the other stuff. The Norton took forever to remove for some reason, I thought I got rid of that years ago... Will try the combofix in safe mode now...
BTW Avira found nothing further but one warning, I don't seem to be able to find any info on what that is.
 
No go. I am not able to connect to the internet in safe mode with networking. Could I be doing something wrong?
 
Huh?

Safe Mode networking only?

If it is not working in Normal either then do the below.

Download XP TCP/IP Repair (Netrepair.exe) http://www.xp-smoker.com/freeware.html
Install (check place shortcut on desktop).

Then run and first click Reset TCP/IP it may or may not require a reboot here if it does not require a reboot then click the Repair Winsock and approve all to fix/repair and it will then require a reboot for sure. Reboot recheck for internet.

If the first Repair Reset TCP/IP does require a reboot the as soon as it comes back up the run the second Reset Winsock!

Mike
 
I could also try combo fix again in normal (?) I'm wondering if the screen saver or hibernate kicked in to cause it to crash...
I will do nothing at the moment as it is late and I'll be more alert in the am. I think I read somewhere that safe mode with networking doesn't work with dial up, could that be right?
 
No my last question was about the Internet itself.

Does it work in Normal mode?

If so do ComboFix in Normal Mode.

Mike
 
Yes, my internet works in normal mode. When in safe mode with networking I can't access my service provider- sorry for the confusion. I will try combo fix again after turning off my interfering security devices.
 
OK if you download in Normal Mode and then boot to regular Safe Mode and run it, it shoud run ok.

But either way if we can get thu this we are almost finished I think!

Also last after the combofix get me one more HJT log.

Mike
 
Okay, lets see if I understand this... I need to be on the internet for combofix to download the recovery console (which didn't work the last time btw) and then I can leave combo fix, restart in safe mode and reopen combo fix?
 
Nope you need Internet to get Recovery console.

But for cleaning you can run it in Safe Mode after downloading then after I get the log and we are clean then you can run it again to get Recovery console.

And we can install Recovery console directly later. I am mostly concerned with seeing the log now.

But if you can turn of your protections easily do that and install the RC!

Mike
 
Status
Not open for further replies.
Back