Superantispyware wouldnt scan

Welcome to MajorGeeks!

I am currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Our queue is working the oldest threads first.

Thanks for your patience.
dr.m

 

The below fixes and advice are specific to this member's problem and should be used for issue(s) on this machine only.

Hello, Hooda - please do not install any other software while we are still working with you unless instructed. Once we have given you the all clean and final instructions you will be free to install what you want.

I strongly recommend that you clean up this account's Desktop immediately leaving only links.[ C:\Documents and Settings\grahamf.SANDYSIKE0\Desktop ] Do not store downloads, exe files, iso files....etc on your Desktop. First it is not a safe place to keep them (i.e., you may loose them due to malware, and a cluttered Desktop is an easy hiding place for malware), and last but not least - it can have an effect on your PCs performance.

Question: Do you know what is this?
c:\documents and settings\grahamf\Start Menu\Programs\Startup\
test.bat [2007-2-20 45]

* ALL of the below files have been downloaded to the WRONG directory:

Step 1:
Please download and run Win32kDiag per the below instructions:

• Download this Win32kDiag and save to C:\Win32kDiag.exe. You must save it here!!!!
• Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.
  
  C:\win32kdiag.exe -f -r
  
• When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please attach this log.

Now download Junction,zip to your Windows folder

• Please download Junction.zip and save it to your Windows folder (i.e, C:\Windows\Junction.zip This assumes C:\ is your Windows boot drive.)
• Now unzip it and put junction.exe into the Windows folder (i.e., C:\Windows\junction.exe)
• Do not try to run it right now. We will run something that uses it later.

Now we need to reset the permissions altered by the malware on some files.

• Download and save inherit.exe to your Desktop: Inherit.exe
• It must be in your Desktop or the below fix will not work!

Now run the C:\MGtools\FixPerm.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

• A command prompt window opens and also a license agreement from SysInternals will appear for Junction.
• Accept the license agreement and the scan will begin.
• Wait until it finishes we can take a while to run since it scans your whole harddisk. e patient and don't do anything else while it is scanning.
• The command prompt window should close when it finishes.
• While this is running, you will get several/many popups that have a title "Finish" and say "OK". Just click the "OK" button each time. This is an indication that it has found a file and has attempted to fix permissions. Depending on how many files that need to be fixed, you could get only a few or many of these popups.

Step 2:
*Using Task Manager - stop the following processes:
KRlyCLis.exe
winvnc4.exe

Step 3:
Please look in Add/Remove Programs for the following and uninstall if found. If you get any errors just make a note and continue on.

Step 4:
Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Step 5:
Now we need to use ComboFix.

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Make sure you have shut down all protection software (antivirus, antispyware, firewall...etc) programs so they do not interfere with the running of ComboFix. *Remember to re-start them before coming back online.
• If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
  If it asks you to overide the previous file with the same name, click YES.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
  
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:
Do not mouseclick combofix's window while it is running. That may cause it to stall.


Step 6:
Delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).

Step 7:
Open CCleaner - select "Cleaner" > "Run Cleaner" <---use this function ONLY!


Step 8:
Now boot to the Recovery Console and run the fixmbr to clear a Master Boot Record infection that you have.

You can read the below to help you do this:

http://support.microsoft.com/kb/307654


Then boot back into normal mode.

Step 9:
Then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, use right click and select Run As Administrator).

Please attach the below logs to your next reply:

• C:\MGlogs.zip
• Win32kDiag.txt

Make sure you tell me if you had any problems running this procedure and give a description of how things are working now!

dr.m

 

Hello, Hooda

You're welcome!

Here's a link to a guide for setting up layered protection for your machine:

How to Protect yourself from malware!

Safe surfing!