Problems with Malware Removal Guide Read & Run First

Discussion in 'Malware Help (A Specialist Will Reply)' started by YOYOADRIAN, Dec 27, 2008.

  1. YOYOADRIAN

    YOYOADRIAN Private E-2

    First of all, I am pretty certain that I have malware...my main problem is that I have the blue default background saying "Warning: Spware Has infected your PC..."

    I am running into obstacle after obstacle trying to perform the read & run first instructions. I first uninstalled all the listed malware programs and then tried to install the latest Java (in safe mode) and I got a message saying "The system administrator has set polices to prevent this installation". I then finished the rest of step 1 "house cleaning and setup" with no problems. I also had no problems in step 2.

    I then went to step 3 "Windows XP cleaning" and had no problems downloading the tools to a thumb drive from my laptop. I then started my PC in safe mode and tried to run SAS and kept getting an error message saying "SUPERAntiSPyware Application has encountered a problem and needs to close".

    I then tried to install Spybot - Search & Destroy, but when I clicked install, I got a file download error "Error sending request. The server name or address could not be resolved." Of course, at this point, I was pretty dismayed but kept pushing forward with the "Windows XP cleaning" instructions.

    Well, I then went to try to install Malwarebytes Anti-Malware and it got hung up and never fully installed. This is when I decided to finally give up. So where do I go from here? Please help.


    Here are my main questions....Should I install the programs in normal mode, safe mode, safe mode with networking, or safe mode with command prompt? Since I have to download the programs from a thumb drive, do I need to do anything differently?

    Also, is this type of malware changing to where it prevents the download of these cleaning tools? (I ask because it doesn't allow me to even search for fixes from google or download the cleaning tools or even use the task manager). If so, are there any new tools that someone might be able to suggest?

    Thanks in advance for the help you provide.
     
    YOYOADRIAN, Dec 27, 2008
    #1
  2. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Hello, YOYOADRIAN

    These instructions should help.

    First:
    Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.
    • Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.
    • Then search for TDSSserv.sys
    • Let me know if you find this or not.
    • If you do find it, right click on it, and select Disable. Do not try to uninstall it.
    • Also if this is found and you disable it, then reboot and see if you can run the other scans that would not run.

    Secondly:
    Important Notice: A new version of SUPERAntiSpyware is out that should help with this problem from Vundo.
    • Please uninstall your current version (this is necessary).
    • Then download this SUPERAntiSpyware
    • Install this new version. It may tell you that you need to reboot to complete the installation. You must reboot at this time.
    • After the reboot, run SUPERAntiSpyware and immediately click the Check for Updates button to get more updates for the database.
    • Now run a new full scan of your system. And attach this first log later.
    • Since this infection has been reappearing after a reboot, you will have to reboot again and then run an additional scan to make sure it comes back clean. Attach this second log too.

    *If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run the steps in safe boot mode but make sure you tell us what you did later when you post logs.

    Links are given in the Step 2: Installing Tools and Running Scans section for downloading the definitions for the MBAM & SAS scanners.     Then copy them to the problem PC. Yes, you could use a flash drive too but flash drives are writeable and infections can spread to them.

    Now see if you can install and run the rest of the tools.
    See: HOW TO: Attach Items To Your Post ) the below logs created while running the requested scans
    • SASlog.txt log from SuperAntiSpyware.
    • Malwarebytes Anti-Malware log
    • ComboFix.txt (normally C:\ComboFix.txt)
    • MGlogs.zip - normally it is C:\MGlogs.zip - only attach this log from MGtools.exe DO NOT attach any logs seen in the MGtools folder.
    • You will need to post 2 messages to attach all four logs since only 3 attachments are allowed in any single message. Post all of them in one thread.
    • Be patient after posting your logs and wait for one of the helpers to get to you. It can take a while to read thru all of the logs and to create individual fixes for you.
     
    dr.moriarty, Dec 28, 2008
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds