Malaware I think

Discussion in 'Malware Help (A Specialist Will Reply)' started by Jab64000, Dec 23, 2008.

  1. Jab64000

    Jab64000 Private E-2

    Hi there - I wondered if you kind folks could assist me again. I have my nieces PC which has stopped responding after it boots up. There is no desktop icons or start menu. I tried a few things such as booting up in safe mode and it is still the same - I cannot see the process explorer .exe working?
    I ran an HJ this scan and came up with a few things - one is an F2 entry showing Ntos.exe
    I have tried to remove this using HJT but it will not remove it. I can only access the PC by ctrl /alt /delete and running a new task through windows task manager- I tried to delete it by this method but it will not delete saying it is in use? ( still in safe mode)
    I changed the set up to boot from a CD and ran the SP 2 for XP cd and carried out a repair but it is still the same. I have ran a couple of programs such a Vundu .exe and it showed no infections. I tried to run combo fix from my portable hard drive via but as I can only run it via task manager it does not run?
    any help would be appreciated - I have kinda run out of ideas - I have not attached the HTJ log in case this is the wrong place - if you need to see it please let me know and I will attach it

    Thanks in advance

    Jab
     
    Jab64000, Dec 23, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.


    READ & RUN ME FIRST. Malware Removal Guide
    • If something does not run, write down the info to explain to us later but keep on going.
    • Do not assume that because one step does not work that they all will not.
    Notes:

    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
     
    chaslang, Dec 25, 2008
    #2
  3. Jab64000

    Jab64000 Private E-2

    Hi There - meant to get back to say thanks - I managed to get the pc working - it would not let me run any of the tools I needed to even in safe mode I could only get in through task manager. I managed to do this by changing the name of the applications (superantispyware) and running it that way - I was then able to log in as normal and use the other tools.
    I gave it a good clean up using all the tools in the thread and then installed avg to protect it - seems to be working a bit better now anyway!!! thanks again

    Jab
     
    Jab64000, Jan 6, 2009
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.


    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
      • Delete the C:\combofix folder from combofix (if it exists)
    5. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    9. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work thru the below link:
     
    chaslang, Jan 10, 2009
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds