OMG I need HELP!!

This is unreal. I have been on the net for 9 years and have never ever seen anything like what I have going on. I somehow got this win32:banwarum-M and it is wreaking havoc with me. I also have this SpySherrif thing coming up on s&d scans but its not on my programs list?

I tried EVERYTHING you stated to get to this point, so here goes my HiJackThis log file.

• Edit by bjgarrick: Unrequested, Inline HJT log removed!

If anyone can help me this be be so appriciated. Thanks in advance, Geno.

 

Welcome to MajorGeeks.com, please follow our standard cleaning procedures:

http://www.majorgeeks.com/images/grenade.gif Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

http://www.majorgeeks.com/images/grenade.gif Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

http://www.majorgeeks.com/images/grenade.gifAfter doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis

• Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around..

http://www.majorgeeks.com/images/grenade.gif In your next post, please make sure you attach the following logs and that you have run these scans in the following order:

• CounterSpy - ONLY IF you were not able to run Windows Defender
• Bitdefender - from step 6
• Panda Scan - from step 6
• runkeys.txt - the log from GetRunKey.bat
• newfiles.txt - the log from ShowNew.bat
• HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

OK any help then? Dont know why you deleted my log? WHat can I do then?

 

I removed your log because you did not follow the instructions properly. Read my initial post (Post #2) and you will see the proper way to request help in the Malware Removal Forum. It may seem long, but it's for your own benefit.

 

Update. I did the CC scan cleaner deal. Now I get this:

"wservice.exe has encountered a problem and must close"

I also had "Briefly" se.exe.exe and ss.exe.exe showing up in my process info but it now "disappeared" I also cannot use "F8"?

Please help.

 

Also Windows Live One Care says I am at risk but I now cannot even open the program to see whats up? This is UNREAL!

 

Now I get this, OneCare now says this: ccleaner.exe is a trojan? Win32/Luder.A

WHat in the holy hell is going on? PLEASE help. It says it couldnt be cleaned and is in quarantine.

 

This was my original problem from the getgo this Luder deal. How the hell do you get rid of it?

 

It also is disableing my windows firewall on startup now too? GODDDDD!!!!!!!!!!!!!!!!!!!!!!!!! I am raging with fury can SOMEONE just please tell me how the hell to get rid of this damn file?

 

Win32:Luder-F

New approach, maybe this will get me some help.
Basically what is it, and how do I remove it. Thanks in advance.

 

I understand your frustration but you must complete our standard cleaning procedures and attach the required logs. They READ ME is for your benefit and will addres most of your issues. What is left over we will manually remove but you must first start by following the READ ME.

Go back to my initial post #2 and complete each step in the READ ME and attach the required logs. You must complete this before we can assist you.

 

I DID???!?!?!!? Wth? I am NO expert at all and I did what was in there ?

 

No you did not, you should have attached six logs to your post if you had completed the standard cleaning procedures. If you would READ instead of post you would know this.

• CounterSpy Log - ONLY IF you were not able to run Windows Defender
• Bitdefender Log - from step 6 of the READ ME
• Panda Scan Log - from step 6 of the READ ME
• runkeys.txt - the log from GetRunKey.bat
• newfiles.txt - the log from ShowNew.bat
• HijackThis Log

 

How do I do this:
runkeys.txt - the log from GetRunKey.bat
newfiles.txt - the log from ShowNew.bat

You mean you just cannot tell me how to get rid of this Luder deal?

 

Everything you need to know is in the thread below. Take the time to read it and you will be amazed at how detailed it is.

READ & RUN ME FIRST Before Asking for Support

After you complete the steps in the READ ME. It's not fair for me to just help you remove a particular infection when everyone else has to follow standard cleaning procedures before they get help.

 

I did defender and it said no problems found/ Now what?

 

There is a lot more than just "defender" and "Ccleaner", as I have said many times, READ, READ, READ and you will know exactly what to do. That is why we made the "READ & RUN ME FIRST Before Asking for Support".

 

Nevermind, thanks alot.

 

All you have to do is read and follow a few simple instructions. The time you have wasted posting this nonsense you could have been half way thru with the READ ME.

 

Simple for YOU!! I dont know shit about this stuff and my computer is infected by something that shows up on a world wide search with only a page of results, thats scary!! I do not understand all the stuff that has to be done, got it? Thanks!! BYE!

 

Have you looked at it? It's very basic and simple, that's why it's so long. It breaks down everything step by step. That's why we made it, to help users who are not that familiar.

 

WHere do I get these logs from after I do the scans. THis blows!!!

 

Everything you need is in the READ ME. Every step in broken down, how to scan, how to save the log, how to attach the log. All you have to do is be patient and take the time to read. We spent hours and day after day writing the thread so users who are not as familiar will have an easy time performing out initial cleaning steps.

If there is any one part you do not understand, ask.

 

I did ask, HOW TO ATTACH THE FILES?

 

When you click the button http://forums.majorgeeks.com/images/buttons/reply.gif at the bottom of the box your typing in, look near the bottom. There will be a button under "Attach Files" that displays "Manage Attachments". Use this feature to upload your attachments, you can upload 3 at a time.

 

I get that part, where are the log files to attach?

 

READ!!!!!!!!!!!!!!!

GetRunKey
It will create a file named runkeys.txt in the root of drive C: (C:\runkeys.txt)

ShowNew
It will create a file named newfiles.txt in the root of drive C: (C:\newfiles.txt)

The online virus scanners, see 6A: Online Virus And Trojan Scanning in the READ ME.

 

Well panda WILL NOT scan on my comp but the Bitdefender is running is this all Ill need or do I HAVE TO HAVE the Panda scan? This is a joke.

 

The Panda Scan is a great scanner, however if it will not work then skip it for now and run the BitDefender scan.

Once the scans are complete, be sure you read the thread below to scan and attach a HJT log properly.

http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis

 

The online bitdefender scan came up with nothing?

 

This is beyond bizarre. I CANT uninstall Adobe Photoshop CS? I CANNOT open my Microsoft OneCare antivirus and it is saying I am at risk? WTFFFF IS GOING THE HELL ONNNNNNNNNNNNNNN?????????????????

 

This thing is UNREAL and I hope and pray none of you ever get this piece of shit virus. Well I reinstalled Avast to see what would happen, now I did this because after the last restart all was sorta well. Things were slightly better. Then I come to find out why I cannot open the Microsoft OneCare, it's because when scanned by Avast low and behold the all mighty Luder-F was in that program!! It seems to be conatined by Microsoft somehow but not anywhere near gone. This is truly amazing. 9 years on the web and I have never seen ANYTHING this good and smart!!

I just give up, no matter what you say your walkthroughs are a joke and a half. I am a NOVICE and that walkthrought is way past me. So I will shut down, use my Wife's laptop until there is a fix!!

 

Well heres what I did. I reinstalled Avast since I couldnt open up Microsoft OneCare anymore, well I do a boot scan with Avast right after a fresh install and low and behold there was the Luder-F all up in the OneCare Files ASS!! Unreal. It disabled me from opening it but it was actively scanning and running, it also aeems to be containing it in some way because i am not having ANY of the previous problems I had before I installd the OneCare. It seemed to have gotten rid of the two other problems that Adaware wouldnt remove before, now it removed them? Weird. Anyway all I have left is this Luder-F deal. SHould I try the removal instructions for the Duel variant? Will this work?

 

Quick question please.

How do I reboot in safe mode from the command prompt. What exactly do I type into the command prompt box? I cannot F8 because of this damn Luder-F virus. Thanks in advance.

 

Luder-F update

Well I did the process explorer and looked for the duel.exe entry and even tried the process explorer program and dint see it, yet I cannot reboot with F8 and I had to switch to an oldschool keyboard to do this and I believe it is still here trapped in OneCare maybe? Only reason I say this is because OneCare is doing what Avast did when I was infected, you CANNOT open it but I ran every single scanner known to man and it says I am safe? WHat to do?

 

Re: Luder-F update

I forgot, I also went to remove OneCare from my computer and when I did add/remove programs it said it was already removed and it asked if I wanted to just remove it from the list which I did, yet the program is still running and tells me I am at risk? This is 3 weeks past bizzarre. I went into Crogram files and went to the microsoft onecare folder and it's all there?

What the hell to do now?

 

I have merged all of your threads together, please do not create anymore threads with this problem. From now on post everything you have to say in this thread!

Let's get this removed, If anyone complains I will deal with them.

Download the following two files, create a folder on your desktop, call it TSC. Save these 2 files there.

Note: They must be in the same directory for it to work properly!

Sysclean Package

Pattern.zip

After you complete the above, locate the file "lpt139.zip", right click to extract the contents to the same directory. Again, be sure you extract the files from the ZIP file to the same folder with the sysclean.com file, not doing so will not allow this to run properly.

Double click the file sysclean.com. When the system cleaner loads, click SCAN to start the scanner. After you complete the scan reboot and attach Trend SysClean Log which will be located in the same folder.