help me pleaseeee

I have followed the requested tasks and have submitted them in the 2 threads as 2 messages are need to submit all files needed.

Also I would like to say that i have in add/and remove programme that crashes my computer and has a count down clock and shuts down my computer when i try to remove it.. it is called (system alert popup)

Many thanks.

Gary

 

part 2 help me please

I have followed the requested tasks and have submitted them in the 2 threads as 2 messages are need to submit all files needed.

Also I would like to say that i have in add/and remove programme that crashes my computer and has a count down clock and shuts down my computer when i try to remove it.. it is called (system alert popup)

Many thanks.

Gary

 

Stay in the same thread. I have merged your posts.

Please print these instructions out, or write them down, as you can't read them during the fix.

Download and Install RogueRemover Free http://www.majorgeeks.com/RogueRemover_d5360.html

Run RogueRemover and select Scan and the program will walk you through the remaining steps.

Remove:
Video Access ActiveX Object
ErrorDoctor

Step 1:
Download SmitfraudFix (c) S!Ri http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Do NOT run any other option other than 1

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/processutil/processutil.htm

Step 2:
Next, reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode
5) Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning: running option #2 on a non infected computer will remove your Desktop background.

Reboot

Follow the directions for Virtumonde aka Trojan Vundo Removal procedure.

Post the Following Logs:
1. rapport.txt from SmitFraudFix
2. VundoFix log
3. ShowNew
4. GetRunKey
5. HijackThis

You will need 2 posts for all 5 logs.

 

I have done what was requested, although a vundufix found nothing and would not give me a option to produce a log. please help me I have 3 years of medical school on my laptop and I can not loose it. when fixed I will be putting all files on disc, but at the moment computer is running seriously slow with many many pop ups, I think it is that programme in add/remove but when I try to remove it it comes up with a clock and counts down and shuts my computer of and my antivirus says trojan found but by that time computer is shuting of.

 

Re: help me pleaseeee (part 2)

I have done what was requested, although a vundufix found nothing and would not give me a option to produce a log. please help me I have 3 years of medical school on my laptop and I can not loose it. when fixed I will be putting all files on disc, but at the moment computer is running seriously slow with many many pop ups, I think it is that programme in add/remove but when I try to remove it it comes up with a clock and counts down and shuts my computer of and my antivirus says trojan found but by that time computer is shuting of.

 

Hi I thought I would add a AVG scan that I just done, the same things come up and were deleted but every time I do a scan they return. Thank you so much. Gary

 

Download
- Pocket Killbox

You are using MsConfig to prevent several items from loading at Windows start. MsConfig is a diagnostic tool, and not intended to be used in the manner you are using MsConfig. Enable everthing you used MsConfig to disable. If you are recieving error messages, related to these items, at system start; we can fix this without using MsConfig.

Using Add or Remove Programs in the Control Panel; uninstall the following:

Do you know what these are?

If not uninstall them.

Copy the contents of the below quote box to Notepad; Save As FixReg.reg to your Desktop; make sure File Type: is set to All Files (*.*).

Close Notepad.

Locate FixReg.reg on your Desktop. Double-click on it and answer 'Yes' when asked if you want to merge with the registry.

Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click Delete Selected Temp Files
Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue..

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Reboot

Post the following logs:
1. ShowNew
2. GetRunKey
3. hijackThis

 

hey there i have done all those things and the two files yes I know what they are ther files from university. "OCUS DSE212
Lyceum
"

everytime i do a HJT they seems to be alot more files in there.

Many thanks

 

MSConfig is NOT a startup manager. You still have several items disabled by using MSConfig. Everything needs to run at system start.

Unzip the contenets of MSConfigFix.zip (attached below) to your desktop. Double-click MSConfigFix.bat.


Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click Delete Selected Temp Files
Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue..

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Reboot

Post fresh logs:
1. ShowNew
2. GetRunKey
3. HijackThis

 

done what you said, thank you

 

I have said this repeatedly MSCONFIG IS NOT A STARTUP MANAGER. Enable everything that is disabled in MSConfig.

Download and Unzip the attached ShowIT.zip. Double-click ShowIT.bat

Attach new logs for:
ShowNew
GetRunKey
HijackThis

 

If you dont mind I would like someone else to deal with the problems I am having with the computer, for one the file you are sending in the thread is not working my screen flashes back then it closes and nothing else happens.. (showIT) secondly this comment is rude and very very unprofessional..

"I have said this repeatedly MSCONFIG IS NOT A STARTUP MANAGER"

Not what I need. I have many many medical files on this computer for university and I need help, I am not happy. Please help me somone...

 

ShowIT did exactly what it was supposed to do. There are no messages to be displayed.

Our instructions tell you not to use MSConfig and to make sure it is set to Normal Startup. There is a reason for this, everything needs to run at system startup so we can see it.

I am trying to help you, but you are not helping me by not following the directions given.

I am more than glad to help you clean the infection off the system, but you can not selectively disregard instructions.

 

ok now i understand, i have done that here is the 3 files u need. thanks you.

 

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.

On the page that opens, scroll down to Windows Server Management Services or WSMSPSVC (Whichever is present) ... right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Next, run HJT, but instead of scanning, click on the 'None of the above, just start the program' button at the bottom of the choices. At the lower right, click on the 'Config' button, and then the 'Misc tools' button ... select 'Delete an NT Service' ... copy/paste the following into the box that opens, and press 'OK':

Windows Server Management Services or WSMSPSVC (Whichever you found above)

Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click Delete Selected Temp Files
Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue..

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:

Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Download a fresh copy of ShowNew this has been updated.

Post fresh logs for the following:
ShowNew
GetRunKey
HijackThis