My computer to be unusable! by Malware

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by ashkan190, Mar 23, 2009.

  1. ashkan190

    ashkan190 Private E-2

    Hi
    I test many souloution but I didn't get result .
    my Antiviruse don't work and I uninstall it .
    my task manager , regedit , msconfig disable and I cann't run
    computer in safe mode .
    I read and execute commands of "READ & RUN ME FIRST Before Asking forupport" post but
    1. I cannot execute Msconfig in Run box when I execute it
    windowes give a error message .
    2. I download ComboFix but it dose not work on my OS .(messaeg
    error:ComboFix.exe has encountred a problem and need to close ...
    3 I change "Don't show hidden file and folders " in folder option
    to "show hidden file and folders " but after ok it return to befor
    setting .
    My computer to be unusable !!!!!!!! please
    help me .
    best regards
     

    Attached Files:

    ashkan190, Mar 23, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Did you try after running the cleaning procedure?

    Not true. ComboFix works fine with your OS. Try it again in safe boot mode.

    Are you filtering anything from being displayed with HijackThis? Your log looks way too small which would indicate you are filtering information which you must not do or we will not be able to fix your problems.

    First please run this Resetting Registry and File Permissions Make sure you reboot as requested.

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O4 - HKLM\..\Run: [RRT-Auto] C:\Documents and Settings\Administrator\Desktop\RRT\RRT.exe auto
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1continue.

    After clicking Fix, exit HJT.

    Copy the bold text below to notepad. Save it as C:\fixme.reg That is save it to the root folder of your C drive. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.


    Now download The Avenger by Swandog46, and save it to your Desktop.
    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
    C:\WINDOWS\TEMP
    C:\Documents and Settings\Administrator\Local Settings\Temp
    Now run Ccleaner to clean out only temp files and nothing else!

    Now download the current version of MGtools[/URL] and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

    Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

    Then attach the below logs:
    • C:\avenger.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Mar 27, 2009
    #2
  3. ashkan190

    ashkan190 Private E-2

    Hi chaslang!
    Tanks for replay .
    1 . you say :"Did you try after running the cleaning procedure?"Yes , I did . but I don't know why !
    2 .you say "Not true. ComboFix works fine with your OS. Try it again in safe boot mode "
    first one when I execute ComFix.exe file on my computer I recive error message " ComboFix.exe has encountred a problem and need to close ...", I think my downloaded file is damaged and
    I downloaded it again but it did not work and my computer gave befor error .
    When I boot LapTop in safe mode the " famous!!" blue screen is apeared .​

    3. Excuse me I forget say you :
    when I execute MGtools the message "Registry editting has been disabled by your administrator"are dispayed more than 35 and I have to OK it thus MGtools complate make all of files .
    I do all of steps that you said . but I recive "Registry editting has been disabled by your administrator"
    4. After make fixme.reg file and double click it the the massage "Registry editting has been disabled by your administrator"
    is displeyed.
    5. I effor download MGtools from link you have gived " http://[url]http//forums.majorgeeks.com/chaslang/files/MGtools.exe " but I could not download from that link thus I downloaded it from befor link .
    6.In avenger software When I paste code in the " Input script here " and press execute buttonI recive message error (I attach picture of error for more exact )
    but avenger.exe make a file that I attached it and when computer reboot "not good !!!" "not interresting !!!" message :"Registry editting has been disabled by your administrator" . is appeared .
    tanks
     

    Attached Files:

    ashkan190, Mar 27, 2009
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You don't know why what?


    Did you run this Resetting Registry and File Permissions as requested and reboot? What happened while you were running this?

    • Are you able to run and update Malwarebytes? If so, update and run a new scan. Attach the new log.
    • Are you able to run and update SUPERAntiSpyware? If so, update and run a new scan. Attach the new log.
    • Do you see this folder? C:\WINDOWS\Web\TSWeb96 If yes, can you delete the TSWeb96 folder?
    • Are you able to boot in Safe Mode with Command Prompt?
     
    Last edited: Mar 30, 2009
    chaslang, Mar 30, 2009
    #4
  5. ashkan190

    ashkan190 Private E-2

    I do all of Resetting Registry and File Permissions minus section 6 : " 6.Install Windows XP SP3" . I think you have emphasis on registry , Should I Install Windows XP SP3 ?
    In this part after instructions on Resetting Registry and File Permissions my computer make reset.cmd file on desktop and execute this file , execute this file take a long time , after it I do another instructions .

    I update Malwarebytes more than twice but when update it , the software begin update from first(for more sure I downlod mb-rules file and execute it ) . Do you think Malwarebytes is updated ? How can I find out my Malwarebytes software has updated ?
    I update SUPERAntiSpyware . I checked my computer by SUPERAntiSpyware , Malwarebytes and attached it's Log file .


    I see TSWeb96 file that you say , I effort delete it but the error message is apeard ( For more exact I attached the image of error ) .
    I reboot my computer in "Safe mode " and "Safe Mode with Command Prompt " but the BLUE SCREEN are appeared .

    A new problem : FOLDER OPTION was on Tools menu yesterday but it is not in Tools menu !!!
     

    Attached Files:

    ashkan190, Apr 1, 2009
    #5
  6. ashkan190

    ashkan190 Private E-2

    I do all of Resetting Registry and File Permissions minus section 6 : " 6.Install Windows XP SP3" . I think you have emphasis on registry , Should I Install Windows XP SP3 ?
    In this part after instructions on Resetting Registry and File Permissions my computer make reset.cmd file on desktop and execute this file , execute this file take a long time , after it I do another instructions .

    I update Malwarebytes more than twice but when update it , the software begin update from first(for more sure I downlod mb-rules file and execute it ) . Do you think Malwarebytes is updated ? How can I find out my Malwarebytes software has updated ?
    I update SUPERAntiSpyware . I checked my computer by SUPERAntiSpyware , Malwarebytes and attached it's Log file .


    I see TSWeb96 file that you say , I effort delete it but the error message is apeard ( For more exact I attached the image of error ) .
    I reboot my computer in "Safe mode " and "Safe Mode with Command Prompt " but the BLUE SCREEN are appeared .

    A new problem : FOLDER OPTION was on Tools menu yesterday but it is not in Tools menu !!!
     

    Attached Files:

    ashkan190, Apr 1, 2009
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Since you do not seem to be able to run anything, it may become necessary for you to reinstall since we may not be able to remove your malware. There are too many Windows issues getting in our way. However let's try one more fix.

    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.
    Now run Ccleaner to clean out only temp files and nothing else!

    Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

    Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )



    Then attach the below logs:
    • C:\avenger.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Apr 4, 2009
    #7
  8. ashkan190

    ashkan190 Private E-2

    Hi
    I unpartition and format C drive and install winXP on it , but immadately after install WinXP
    my computer return to before problem ( mean task manager ,msconfig , regedit disabled ) ,
    then I have to unpartition all of my drive and make new partition , then my problem solve .
    Thanks a lot of you becuse of with your patient , spend alot of time for analyse my files .
    Can you tell me , How can I protect my computer against attack of spyware , worm and ect. also to be have a safe computer ?
     
    ashkan190, Apr 13, 2009
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    Complete all of the instructions in the below and follow all of the tips

    How to Protect yourself from malware!
     
    chaslang, Apr 16, 2009
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds