I Followed the 8 step Viruses/Spyware/Malware Preliminary Removal

Status
Not open for further replies.

macca7

Posts: 11   +0
Hi I am new to all this but today I was on the net and AVG 8 discovered that I had w32/heur. It then found that I had w32.virut. I have used the virut removal tool from AVG but it then said that I still had both infections. I read that I should remove AVG and install AVIRA. So did uninstall and tried to complete the AVIRA install but to no avail. Decided to give your 8 step removal a go as I can't seem to get access to any known antivirus company sites. Even to the point that when i was downloading some of the tools in the 8 step removal I had to download from File.Hippo as couldn't get them through the links you provided.

Attached is the logs and I now have no antivirus or firewall.

Please help me asap.
 
Sorry also meant to tell you that whenever the system is rebooted it makes me logon which I have never needed or wanted it to do.

Macca
 
Hello macca7

Please download combofix here ->
ComboFix
Before Saving it to Desktop, please rename it to 123.com to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after
scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post
 
Touch,

Clicked on the link and changed the file to save as 123.com on to the desktop. Double clicked and clicked on run to begin. It had combofix come up in a very small window in the middle of the screen and then came up with an error saying please download a new copy from bleedingcomputer.com as this one was corrupted and something about virut virus then the only option was ok.

Now what?
 
We´ll try this scanner ->

Please download DDS: Here
to your Desktop and doubleclick on DDs.scr to run it.
If your security software includes script blocking features, please disable these before you run this utility.
When the scan has finished, two logs will open.
(DDS.txt
Attach.txt)


Attach both reports in this topic.
 
Please download Avenger: Here by Swandog46 to your Desktop.
Click on Avenger.zip to open the file
Extract avenger2.exe to your desktop

Start Avenger


Files to delete:
C:\WINDOWS\TEMP\VRT1.tmp
C:\WINDOWS\TEMP\VRT5.tmp
C:\WINDOWS\TEMP\VRTB.tmp
C:\WINDOWS\TEMP\VRT11.tmp
C:\WINDOWS\TEMP\VRT14.tmp
c:\windows\system32\15.tmp
c:\windows\system32\12.tmp
c:\windows\system32\10.tmp
c:\windows\system32\E.tmp
c:\windows\system32\6.tmp
c:\windows\system32\siemens32.dll
c:\windows\system32\3.tmp
c:\windows\system32\17.tmp
c:\windows\system32\skrb32.dll
c:\windows\system32\8.tmp
c:\windows\system32\2.tmp
c:\windows\system32\bb1.dat
c:\windows\system32\9.tmp
2c:\windows\system32\7.tmp
c:\windows\system32\B7841EAD28.sys
c:\windows\system32\E8D373E22A.sys

Copy/Paste all the text in the above quote box into the main window
Click Execute

The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)

On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions.

This log file will be located at C:\avenger.txt

Post C:\avenger.txt in next reply.

NB. If you can run combofix, please post that log as well
 
Sorry just tried to add the avenger.txt but it is password protected and somehow managed to delete it as well.

Can I run it again
 
cannot find the avira file.

Internet Explorer keeps coming up with a error when i try to log on to a virus protection site. I think the infection is blocking these sites
 
Ok. Rigtclick on these files:
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\Explorer.EXE

Properties, and tell if they come from - Microsoft, and Avira ?
 
C:\WINDOWS\system32\rundll32.exe Microsoft Corporation
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe Can't find on system
C:\WINDOWS\Explorer.EXE Microsoft Corporation

hope this help.

Also just let you know I can't open any .txt files any many of my .exe files are corrupted
 
Status
Not open for further replies.
Back