trying to fix second system, help?

Discussion in 'Malware Help (A Specialist Will Reply)' started by wolfradiogirl, Jan 7, 2008.

  1. wolfradiogirl

    wolfradiogirl Private E-2

    Hey guys,

    Want to thank Chasling for helping me completely fix my issues with another laptop. Gave me the silly confidence to try this mess. Primary problems now are that it doesn't start in normal mode, only safe mode and even in safe mode, there is no desktop. I navigate around the computer by using task manager. All scans indicated major infections, I would clean it out and then find new and differant ones with each of your programs.

    Thanks for looking at this for me....i'm brave and patient.

    New email is <snip> to reach me.

    Thanks,

    Kelly
     

    Attached Files:

    Last edited by a moderator: Jan 7, 2008
    wolfradiogirl, Jan 7, 2008
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Did you not have a-squared fix any of it?

    Do two things for me:
    First....in task manager, click new task and type "explorer" without quotes ...what happens?
    Second ..also in task manager (if you didn't get your desktop back) type "msconfig" without quotes ...what happens? If you get the msconfig window ...click boot.ini and see if the box for safe mode is checked...if so uncheck it..reboot and see if you can't get into normal mode.

    If any of this works....Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    READ & RUN ME FIRST. Malware Removal Guide
     
    TimW, Jan 7, 2008
    #2
  3. wolfradiogirl

    wolfradiogirl Private E-2

    Tim,

    Thanks for the reply

    Yes, I did tell a square to do the fixes, did i not attach that log?

    When i type explorer as you ask, it tells me that "explorer is not a valid win32 application" and for msconfig it did pop up the box and the safemode option is not checked on that page. I would be happy to run through the whole malware steps all over again, will that help or make a differance since I just did it yesterday? The only log I couldn't find to send you was search destroy. Please let me know whatever it takes.

    Kelly
     
    wolfradiogirl, Jan 7, 2008
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes...attach the MGLogs.zip and the log from ComboFix...they both can be done in safe mode.

    You did attach the a-squared log...it just doesn't indicate that it fixed the problems.

    Try typing in "explorer.exe" without quotes...do you get the desktop?
     
    TimW, Jan 7, 2008
    #4
  5. wolfradiogirl

    wolfradiogirl Private E-2

    Tim,

    Combo fix and mg logs attached. The same thing happens when I enter it as explorer.exe...says it is not a valid application. Is this action a key to what is wrong? I'll be around all night for questions.

    Kelly
     

    Attached Files:

    wolfradiogirl, Jan 7, 2008
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    For some reason your NewFiles log is empty ....we need to try running it again, but first:
    Please uninstall:
    J2SE Runtime Environment 5.0 Update 11
    Viewpoint Media Player

    Install:
    Java Runtime 6

    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Now download The Avenger by Swandog469, and save it to your Desktop.

    * Extract avenger.exe from the Zip file and save it to your desktop
    * Run avenger.exe by double-clicking on it.
    * Check the 'Input script manually' box.
    * Click on the magnifying glass icon.
    * Copy everything in the Quote box below, and paste it in the box that opens:

    * Now click the 'Done' button.
    * Click on the traffic light icon and OK the prompt.
    * You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.
     
    TimW, Jan 8, 2008
    #6
  7. wolfradiogirl

    wolfradiogirl Private E-2

    Tim,

    I'll do all of these things but i'm having trouble with uninstall, if i try to uninstall from ccleaner, it says it can't because i'm in safe mode. Remember that i don't have a start key or desktop right now cause it won't boot, how can I access that control panel with the task manager.

    Kelly
     
    wolfradiogirl, Jan 8, 2008
    #7
  8. wolfradiogirl

    wolfradiogirl Private E-2

    Tim,

    I learned how to access add/remove from the task manager. I was able to remove the video program but not Java Runtime because I'm in safe mode and it says it can't access it. I'll go through the a.m. today and apply the instructions you gave....will it make a differance if the old Java is still in there? Please let me know if it does, if not, I'll be back with logs later.

    Kelly
     
    wolfradiogirl, Jan 9, 2008
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    No, it won't make a difference ...just carry on. Do you have your xp cd in case we need it?

    If so, after running the fixes ...go to task manager and hit new task ...type in "sfc /scannow" without quotes ..there is a space after the c and before the \
     
    TimW, Jan 9, 2008
    #9
  10. wolfradiogirl

    wolfradiogirl Private E-2

    Tim,

    I've made it through everything so far but can't seem to intall Avenger.exe. It says access is denied and I tried several differant ways, like loading it off a jumpstick to the desktop. The computer see's it but won't unzip it. Any suggestions? I feel like I'm almost there!

    Kelly
     
    wolfradiogirl, Jan 14, 2008
    #10
  11. wolfradiogirl

    wolfradiogirl Private E-2

    When trying to open Avenger it says "avenger.exe-Application error" The aplication failed to initialize properly (oxc0000005).Click ok to terminate this application.
     
    wolfradiogirl, Jan 14, 2008
    #11
  12. wolfradiogirl

    wolfradiogirl Private E-2

    Okay, can't intall the avenger.exe but I'm getting there. Getlogs attached, does this help?
     

    Attached Files:

    wolfradiogirl, Jan 14, 2008
    #12
  13. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You have avenger unzipped in two places:
    C:\Documents and Settings\Larry\Desktop\avenger.exe
    C:\Documents and Settings\Larry\Desktop\fix files\avenger.exe

    In taskmanager ...hit new task and type "explorer" without quotes....then using explorer find and delete:
    Re-run Combofix and attach the log ....
     
    TimW, Jan 15, 2008
    #13
  14. wolfradiogirl

    wolfradiogirl Private E-2

    Tim,

    Combofix logs attached, it wasn't through avenger because I still can't open it but I was able to manually remove all files/folders you requested except...

    C:\WINDOWS\system32\dllh8jkd1q5.exe
    C:\WINDOWS\system32\vedxg6ame4.exe
    C:\WINDOWS\system32\dlh9jkdq8.exe
    C:\WINDOWS\system32\dllh8jkd1q1.exe

    Couldn't find these and don't have a search option at the moment. I'm am attaching logs and will try ccleaner again to find these files?

    Do we think I'm close? Still can't boot to normal mode yet.

    Kelly
     

    Attached Files:

    wolfradiogirl, Jan 20, 2008
    #14
  15. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    In task manager ...new task and type search ....then see if you can find those files.

    What happens when you try to boot into normal mode?

    Can you re-run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file?
     
    TimW, Jan 21, 2008
    #15

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds