Please wait while connection is beeing established

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by mike1903, May 9, 2012.

  1. mike1903

    mike1903 Private E-2

    I've had this virus for a couple of days now: locked white screen with above message and German below it. Tried various suggestions on other sites but none successful. I've read the related threads and run the suggested FRST programme which has produced the attached file. I hope you can help. I have an HP Probook running Windows XP.
     

    Attached Files:

  2. thisisu

    thisisu Malware Consultant

    Hello and welcome to Major Geeks, mike1903 :)

    Were you able to enter a Safe Mode?

    Since it looks like you ran the tool from within Windows, delete these files:

    1. C:\Documents and Settings\NASUWT1\Application Data\itunes_service86.exe
    2. C:\Documents and Settings\Administrator\Application Data\itunes_service86.exe
    3. C:\Documents and Settings\Administrator.NASUWT\Application Data\itunes_service86.exe
    4. C:\Documents and Settings\Administrator.NASUWT.000\Application Data\itunes_service86.exe
    5. C:\Documents and Settings\Administrator.NASUWT.001\Application Data\itunes_service86.exe

    Let me know if you were able to do this as well as how you initially ran FRST.

    __

    Edit: Just incase it is easier or you are unable to boot into any mode; I went ahead and made you a fixlist.txt (attached to this message).

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Attached is fixlist.txt
    • Save fixlist.txt to your flash drive.
    • You should now have both fixlist.txt and FRST.exe on your flash drive.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt).
    Please attach this to your next message. (How to attach)

    Now attempt to boot normally.
     

    Attached Files:

    Last edited: May 9, 2012
  3. mike1903

    mike1903 Private E-2

    Some preliminaries: firstly, many thanks for your suggestions and apologies for the delay in responding (I've been away for the last few days).

    To address your first question, I was able to enter Safe Mode via the Command Prompt and, from there, run Windows Explorer and then the FRST tool from my flash drive.

    I have managed to delete the suggested files, though I had to re-start before I could delete number 1 (prior to this, it suggested the file was locked by the Administrator, despite the fact that I was logged in as Administrator).

    I also found and deleted a sixth file: C:\Documents and Settings\Administrator.NASUWT.002\Application Data\itunes_service86.exe

    On re-starting the computer normally, the white screen has gone, however, nothing is showing on the desktop, other than the background photograph (though I do briefly see a message flash up to say that my original malware programme, Prevx, is running). I wonder if the virus has corrupted some of the start-up files?

    I have re-entered Safe Mode via Command Prompt and run FRST to produce the fixlog, as suggested. This is attached.

    Hopefully, having aided me to get rid of the virus, you have some suggestions on how to get my laptop re-started properly.

    Thanks again,
    Mike
     

    Attached Files:

  4. thisisu

    thisisu Malware Consultant

    Hi Mike,

    Right-mouse click anywhere on the blank desktop.
    A menu should appear.
    From here choose: Arrange Icons By -> Show Desktop Icons
     
  5. mike1903

    mike1903 Private E-2

    Unfortunately, nothing happens when I right-click the empty desktop. I tried going back into Explorer via Command Prompt and used Desktop Properties to ask for desktop icons to be shown but this has also proved unsuccessful.

    Mike
     
  6. thisisu

    thisisu Malware Consultant

    Open iexplore.exe using the Command Prompt.
    • This should open Internet Explorer.
    • Go to this webpage: http://majorgeeks.com/download.php?det=5756
    • Download, install, and update Malwarebytes Anti-Malware
    • Run a scan, remove the detections found and then reboot.
    • Then retry right-mouse clicking on the desktop before and choosing "Show Desktop Icons".
     
  7. mike1903

    mike1903 Private E-2

    Apologies, I feel like I'm becoming a bit of a pest here...
    The iexplore.exe command 'is not recognised as an internal or external command, operable program or batch file'. Managed to launch Internet Explorer from 'desktop' in Windows Explorer but no Internet connection, despite being connected to wireless box via Ethernet cable. The same applies for Mozilla Firefox.
     
  8. thisisu

    thisisu Malware Consultant

    No need to apologize. I'm here to help :)

    What you can do is download both of these from a working computer:
    1. MBAM install - mbam-setup-1.61.0.1400.exe
    2. MBAM rules/definitions - mbam-rules.exe
    Then copy both of these files to your flash drive and transfer them over to the infected computer.

    Install MBAM first, and then exit and run the mbam-rules.exe.
    Then relaunch MBAM and run a Quick Scan
     
  9. mike1903

    mike1903 Private E-2

    Ok. That's my system completely clean and up and running again (the updated Malwarebytes found three further problem files when I ran it). Many thanks for your precise and effective help. I'm happy to spread the word about you guys, if that's something that you would like to happen. Quality service!

    All the best,
    Mike
     
  10. thisisu

    thisisu Malware Consultant

    You're welcome :)

    Thanks, yes please spread the word!
    Be safe :)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds