Need help removing winivstr.exe

Well i'm usually ok with malware and the sort, but i did have an idiot moment and managed to get bit in the *** with winivstr.exe. I downloaded MGtools and ran it, and here is the log. Im not that great with computers so give me a break

 

Hello fork :cool

It looks like you got part of the instructions done, but please take a further look at the following link. Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide

 

Oops, sorry Just me not paying attention. I followed the steps, however Superantispyware and Combofix will not install, and spybotsd will install but not open, am I missing something? Thanks for any forthcoming help.
Was out at the weekend, reason for late reply.

 

Hello fork,

Combofix doesn't really install itself, it simply gives you a disclaimer, you accept it, and it runs. Does it give you an error message when you try to run it?

 

Nope, nothing appears, the icon just selects as if you had clicked it once.

Have tried re-downloading it and opening from different roots but no luck

 

Thanks for the heads up chaslang, I spent some time doing more research on this infection and I believe I have found a way to get CF to properly run.

Please delte your current copy of Combofix.exe, and download the newest version from the following link.

Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


When you download it and save it to your Desktop, run ComboFix using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.

"%userprofile%\desktop\combofix.exe" /killall

After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply after you re-enable all the programs that were disabled during the running of ComboFix:

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

 

Tried RipChains instructions before Chaslangs, and simply nothing appears.

As to Chaslang, mind giving me a hand with avenger? Have the program, just dont want to play around after all the scary warnings it gives

Thanks for replies

 

Hello fork,

I think I made a mistake on those instructions, please try these revised ones instead.

Please rename Combofix.exe to CF.exe and try running it again with the following directions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.

"%userprofile%\desktop\combofix.exe" /killall

After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply after you re-enable all the programs that were disabled during the running of ComboFix:


Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

 

Well that one worked .
Annoying "Your computer is infected!" messages are gone, and internet is back up to speed, logs below as requested. Any more problems that you can see?

 

Hello fork,

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

7. Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

 

Results:

 

Hello fork,

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report