Either re-infected or resurrected - WAH!

Discussion in 'Malware Help (A Specialist Will Reply)' started by amym, Feb 1, 2010.

  1. amym

    amym Private E-2

    I posted about a problem I was having with win32. netsky fake antivirus and was helped a little over a week ago.....here.....

    I think (thought) everything was fixed the first time around, but now I can't be positive because I'm having problems again - though this time around the issues are a bit different.

    *Google does not work - I get "302 Moved", "The document moved here."
    *My homepage has disappeared and nothing I do will bring it back - I keep getting a Century Link Web Results page.
    *Tons of popups, big, full page popups, usually some type of survey.
    *Pages take for.ever. to load, then when the page comes up, the little spinning icon and "page loading..." never goes away.

    You all were so helpful the first time around, I really appreciate it - I hope that I didn't do something wrong to cause myself to become reinfected, or maybe something was still hiding somewhere on my computer?

    Here are my logs, RootRepeal would not run again for me....OK, here are 2, I need to find the others....:-o

    Thanks! Amy
     
    amym, Feb 1, 2010
    #1
  2. amym

    amym Private E-2

    OK, here are my logs, minus RootRepeal (wouldn't run).

    Thanks so much for any help anyone can give!
     

    Attached Files:

    amym, Feb 1, 2010
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes, you did get reinfected. But it looks like the scans took care of most of it. Please use windows explorer to find and delete:
    C:\WINDOWS\system32\tatelese
    C:\Documents and Settings\Owner\Local Settings\temp\pcf1.tmp

    * Please download TDSSKiller to your Desktop
    * Extract its contents to your Desktop so that you have TDSSKiller.exe directly on your Desktop and not in any subfolder of the Desktop.
    * Click Start > Run and copy/paste the following bold command into Run box and hit Enter.

    "%userprofile%\Desktop\TDSSKiller.exe" -v

    * Follow the instructions to type in "delete" when it asks you what to do when if finds something.
    * When done, a log file should be created on your C: drive named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\Tdss log
    * C:\MGlogs.zip
     
    TimW, Feb 2, 2010
    #3
  4. amym

    amym Private E-2

    Hi Tim - Thanks so much for your time and help!

    I did my best but ran into a few problems.

    *I could not find the two things you asked me to delete.
    *Could not figure out how to unzip the TDAAKiller directly onto my desktop w/o being w/in a folder. I opened the folder and draggged the .exe onto my desktop and ran it that way. Is that OK?
    *I ran MGtools before finding the GetLogs.bat file and running it. I'm sorry, I hope that's not a problem.

    Thanks again, Amy
     

    Attached Files:

    amym, Feb 3, 2010
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am not seeing any problems in your logs. What issues do you still have?
     
    TimW, Feb 7, 2010
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds