Malware Chinese Characters

Okay. Then before you put the .arn file into a ZIP file, take a look at the file size. Then look in the ZIP file afterwards and see if it shows the same size for the file inside the ZIP.

 

You have already downloaded SystemLook... so do this:

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  Code:

  :filefind
  Baidu
  Tencent
  :regfind
  Baidu
  Tencent
  

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Hey Blues, that found an awful lot of remnants, give me some time, and I'll post back again.

 

• Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
• Paste the following code under the http://farm3.static.flickr.com/2455/4173556815_a721a91733_o.png area. (See reg.txt that I have uploaded.... copy and paste that in)

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Push the large http://farm3.static.flickr.com/2782/4174320048_f01c448b32_o.png button.
• OTM may ask to reboot the machine. Please do so if asked.
• Copy everything in the Results window (under the green bar), and paste it into a text file to ATTACH into your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and attach the contents of that document back here in your next post.


Once done, re run Systemlook in exactly the same way and upload NEW log please.

 

OTM http://oldtimer.geekstogo.com/OTM.exe

You should always use CURRENT links which are given!!

 

What happened in the end? Only just seen your message...

 

Are you using the older version of OTM by any chance?

 

Have you copied and pasted everything exactly as I have it in that text file I uploaded? (reg.txt)

 

Try running it in safe mode. Follow my previous instructions on how to access safe mode.

 

Yes of course, you will have to close it to boot into safe mode.

 

Sigh.

OK, we'll do a series of reg patches... (in normal mode) this will take a few posts I'm afraid. The forum limits me on how much I can post in one fix and there is alot to fix of the junk remnants...

Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

 

Did you do this?

 

Indeed....

So you got a sucess message?

 

OK onto round 2... (Delete the other reg patch!! (fixme.reg)

Copy the bold text below to notepad. Save it as fixME2.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

 

Are you using Notepad as instructed or some other text editor?

 

Save as type All Files (*.*)
Encoding: ANSI

 

Yes.

 

The Unicode is most likely due to the two Uninstall lines with Chinese characters on them. If it becomes an issue, just leave these out of the registry patch for now.

 

OK delete the previous reg patch again.... now continue on...


Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

 

Two more reg patches to go....

OK delete the previous reg patch again.... now continue on...


Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

 

Hi Blues, we will get to the other issue... we think we can correct it. But first I want to finish off removing remnants from Baidu and Tencent, to be thorough....
Last reg patch....

OK delete the previous reg patch again.... now continue on...


Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

 

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  Code:

  :filefind
  KernCap.vbs 

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt