delself.bat removal problems...

I have the delself.bat icon on my desktop, along with with 2 icons in the system tray [one is a red shield with an x (like the yellow ones that tell you there are new updates for windows XP) and the other is a big red circle also with an x].

I have gone through the other thread about delself.dat and READ & RUN ME FIRST post, I followed all the steps, installed Super Antispyware but it will not open.!!!

Also, I don't know if it's relevant but, I tried to open task manager and got an error message saying it was disabled by the admin.

Any help at all is greatly appreciated.

 

Hello ailatana,

Go ahead and simply skip SuperAntiSpyware, simply go through what steps you can and post the resulting logs. Please also mention what steps you were unable to complete.

 

I had to skip running Super Antispyware, Spybot Search and Destroy, and Combo Fix.

When I ran the Malwarebytes and started removing infected files and folder, there was an error message from windows saying:

Files that are required for Windows to run properly have been replaced by unrecognizable versions. To maintain system stability, Windows must restore the original versions of these files. And asks for the Windows XP pro CD.

I don't have the CD so I clicked cancel, and went on to the next steps.

*Both icons in the tray have disappeared, but the icon on the desktop is still there.

Thanks for the help.

 

I was able to run Super Antispyware, and Spybot Search and Destroy.
The delself.bat icon is now gone, however I don't know if my system is still infected.

 

Hello ailatana,

The latest programs you were able to run removed a lot of the junk on your computer, however, there do appear to be missing registry values, and no doubt critical system files are corrupted or missing, as well.

Is getting the cd an option for you, or is this out of the question?

Please try running combofix like this:

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif


http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt so we can continue cleaning the system.

 

I ran combofix, and have attached the log. However, the Windows Security Alert icon [red shield with an x] is back in the tray, it says my firewall is turned off, should I turn it back on?

There is a possibility I could get the windows CD but I won't know until Tuesday.

Thanks.

 

Hello ailatana,

Yes, turn the firewall back on if possible.

It's wednesday, has the opportunity arisen that you might be able to get the windows CD?

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Save this as CFScript.txt, in the same location as ComboFix.exe


http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below log:

• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

I wasn't able to get the windows CD.

While I was running the C:\MGtools\GetLogs.bat file I got an error message to terminate-ProcessDll.exe-because it failed to initialize properly.
Other than that, everything seems to be working OK.

 

Hello ailatana,

your logs look good, unless you notice anything else let's finish up here.

1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\combofix folder from combofix (if it exists)
4. If we had you run Avenger, you can delete all files related to Avenger now.
5. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
7. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
8. Go to add/remove programs and uninstall HijackThis.
9. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
10. If you are running Vista, Windows XP or Windows ME, do the below:
    • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore to create a new clean Restore Point.
11. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!