Unable to scan, install anctivirus, access microsoft/antivirus sites even in safemode

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Pratap, Sep 2, 2011.

  1. Pratap

    Pratap Private E-2

    Hi,

    A few weeks back Avira free antivirus alerted me to some infection.On scanning it listed lot of infections with the virus names win32/ramnit.h, win32/ramnit.c etc. Removal of these virus with Avira was not successfull. As a result I was not even able to any of the web browsers. I then installed MBAM, superantiwarespypro andmanaged to get back to a position where i was able to open browsers. However, Microsoft and other antivirus sites are still not accessible.

    Upon further search on the net, I tried to run Eset online scanner in safe mode with networking, however i cant access any antivirus sites now even in Safe mode with networking ( Hence opening a new thread as all threads ask me to run online scanning in safe mode with n/w)

    Am attachin a combofix log for you to look at.

    Any advice will be really appreciated.

    Thanks and Regards
     

    Attached Files:

    • log.txt
      File size:
      14.7 KB
      Views:
      6
    Pratap, Sep 2, 2011
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Re: Unable to scan, install anctivirus, access microsoft/antivirus sites even in safe

    Please go here and do back to back scans. Reboot after each scan and do it three times. Attach the three logs on your next reply:
    '
    eSet Online Scan.

    Once your are done, try to do this:
    READ & RUN ME FIRST. Malware Removal Guide
     
    TimW, Sep 2, 2011
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Re: Unable to scan, install anctivirus, access microsoft/antivirus sites even in safe

    Sorry, missed that you are unable to run Eset scans. let me look at what you have and get back to you. Can you run MGTools?

    Now download The Avenger by Swandog46 to your Desktop.

    See the download links under this icon http://forums.majorgeeks.com/chaslang/images/MGDownloadLoc.gif
    Extract avenger.exe from the Zip file and save it to your desktop

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Make sure that you tell me if you receive a success message about adding the above
    to the registry. If you do not get a success message, it definitely did not work.


    1. Run avenger.exe by double-clicking on it.
    2. Click OK at the warning to continue to use The Avenger
    3. Do not change any of the check box options!
    4. Shut down your protection software now to avoid possible conflicts.
    5. Copy everything in the Quote box below, and paste it into the Input script here: part of The Avenger
    6. Now click the http://img33.imageshack.us/img33/9159/executeavenger.jpg button
    7. Click Yes to the prompt to confirm you want to execute.
    8. Click Yes to the Reboot now? question that will appear when The Avenger finishes running.
    9. Your PC should reboot, if not, reboot it yourself.
    10. A log file from The Avenger will be produced at C:\avenger.txt and it will pop-up for you to view when you login after reboot.
    11. Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )


    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below log:

    • C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    TimW, Sep 2, 2011
    #3
  4. Pratap

    Pratap Private E-2

    Re: Unable to scan, install anctivirus, access microsoft/antivirus sites even in safe

    Hi Tim,

    Thanks a lot for your prompt analysis and reply.

    The regedit, avenger and MGTools were all suucessfull. During the MGtools run, I was promopted to install Hijackthis which i accepted. All logs, as you asked for, are attached with this reply.

    I still couldnt access Eset.com in normal mode.

    Thanks and regards
     

    Attached Files:

    Pratap, Sep 2, 2011
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Re: Unable to scan, install anctivirus, access microsoft/antivirus sites even in safe

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now let's use ComboFix to remove a bunch of malware files.

    * Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    If it is not on your Desktop, the below will not work.
    * Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    * If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    * Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    KILLALL::

File::
C:\Documents and Settings\LocalService\Local Settings\Application Data\axxexuxr.log  
C:\Documents and Settings\LocalService\Local Settings\Application Data\cqobktcu.log  
C:\Documents and Settings\LocalService\Local Settings\Application Data\nfwdefmb.log 
C:\Documents and Settings\LocalService\Local Settings\Application Data\ovbqwctb.log  
C:\Documents and Settings\LocalService\Local Settings\Application Data\pvtgujwr.log  
C:\Documents and Settings\LocalService\Local Settings\Application Data\sorxgxdv.log  
C:\Documents and Settings\Owner\Local Settings\Application Data\axxexuxr.log  
C:\Documents and Settings\Owner\Local Settings\Application Data\cqobktcu.log  
C:\Documents and Settings\Owner\Local Settings\Application Data\gfhqmdys.log  
C:\Documents and Settings\Owner\Local Settings\Application Data\ipmqaoel.log  
C:\Documents and Settings\Owner\Local Settings\Application Data\lwjvpckq.log  
C:\Documents and Settings\Owner\Local Settings\Application Data\nfwdefmb.log  
C:\Documents and Settings\Owner\Local Settings\Application Data\ovbqwctb.log  
C:\Documents and Settings\Owner\Local Settings\Application Data\pvtgujwr.log  
C:\Documents and Settings\Owner\Local Settings\Application Data\sorxgxdv.log  
C:\Documents and Settings\Owner\Local Settings\Application Data\exbjfdqv\metldghf.exe C:\WINDOWS\Temp\ejrgfigliemuehue.exe  
Folder::  
C:\Documents and Settings\Owner\Local Settings\Application Data\exbjfdqv   

Registry::  
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MetLdghf"=-

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
"Userinit"="C:\WINDOWS\system32\userinit.exe,"

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\NoExplorer]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    If it asks you to overide the previous file with the same name, click YES.
    * Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
    * Follow the prompts.
    * When it finishes, a log will be produced named c:\combofix.txt
    * I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below log:

    • C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    Last edited: Sep 3, 2011
    TimW, Sep 3, 2011
    #5
  6. Pratap

    Pratap Private E-2

    Re: Unable to scan, install anctivirus, access microsoft/antivirus sites even in safe

    Hi Tim,

    Combofix and MGTools logs attached below.

    I can now access ESET site but still cant run the online scanner. Havent tried any other online scanners or to install any antivirus. Let me know the next steps.

    Thanks and Regards
     

    Attached Files:

    Pratap, Sep 3, 2011
    #6
  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Re: Unable to scan, install anctivirus, access microsoft/antivirus sites even in safe

    Stubborn little bugger!!

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.


    1. Run avenger.exe by double-clicking on it.
    2. Click OK at the warning to continue to use The Avenger
    3. Do not change any of the check box options!
    4. Shut down your protection software now to avoid possible conflicts.
    5. Copy everything in the Quote box below, and paste it into the Input script here: part of The Avenger
    6. Now click the http://img33.imageshack.us/img33/9159/executeavenger.jpg button
    7. Click Yes to the prompt to confirm you want to execute.
    8. Click Yes to the Reboot now? question that will appear when The Avenger finishes running.
    9. Your PC should reboot, if not, reboot it yourself.
    10. A log file from The Avenger will be produced at C:\avenger.txt and it will pop-up for you to view when you login after reboot.
    11. Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )


    * Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    If it is not on your Desktop, the below will not work.
    * Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    * If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    * Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    KILLALL::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MetLdghf"=-

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MetLdghf"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,"
    * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    If it asks you to overide the previous file with the same name, click YES.
    * Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
    * Follow the prompts.
    * When it finishes, a log will be produced named c:\combofix.txt
    * I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below log:

    • C:\MGlogs.zip
     
    TimW, Sep 3, 2011
    #7
  8. Pratap

    Pratap Private E-2

    Re: Unable to scan, install anctivirus, access microsoft/antivirus sites even in safe

    Hi Tim,

    MGTools log attached below.

    After completing all the steps you listed below, I tried doing the online scan but still cant access the eset online scanning pop ups.

    Waiting for the next set of instructions.

    Thanks and Regards
     

    Attached Files:

    Pratap, Sep 3, 2011
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Re: Unable to scan, install anctivirus, access microsoft/antivirus sites even in safe

    This seems to be deeply embedded in your system. Let's try one more approach>

    Download OTM by Old Timer and save it to your Desktop.




    Code:
    :Processes
explorer.exe

:Files
C:\Documents and Settings\LocalService\Local Settings\Application Data\axxexuxr.log
C:\Documents and Settings\LocalService\Local Settings\Application Data\cqobktcu.log
C:\Documents and Settings\LocalService\Local Settings\Application Data\gfhqmdys.log
C:\Documents and Settings\LocalService\Local Settings\Application Data\lwjvpckq.log
C:\Documents and Settings\LocalService\Local Settings\Application Data\nfwdefmb.log
C:\Documents and Settings\LocalService\Local Settings\Application Data\ovbqwctb.log
C:\Documents and Settings\LocalService\Local Settings\Application Data\pvtgujwr.log
C:\Documents and Settings\LocalService\Local Settings\Application Data\sorxgxdv.log
C:\Documents and Settings\Owner\Local Settings\Application Data\nfwdefmb.log
C:\Documents and Settings\Owner\Local Settings\Application Data\ovbqwctb.log
C:\Documents and Settings\Owner\Local Settings\Application Data\pvtgujwr.log
C:\Documents and Settings\Owner\Local Settings\Application Data\sorxgxdv.log
C:\Documents and Settings\Owner\Local Settings\Application Data\exbjfdqv 
c:\documents and settings\Owner\Local Settings\Application Data\exbjfdqv\metldghf.exe

:Reg
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MetLdghf"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,"

:Commands
[purity]
[ResetHosts]
[createrestorepoint]
[emptytemp]
[start explorer]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large http://farm3.static.flickr.com/2782/4174320048_f01c448b32_o.png button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.


    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below log:

    • C:\MGlogs.zip
     
    TimW, Sep 3, 2011
    #9
  10. Pratap

    Pratap Private E-2

    Re: Unable to scan, install anctivirus, access microsoft/antivirus sites even in safe

    Hi Tim,

    Clicking on MoveIt! gives me an error Cannot create file C:\WINDOWS\System32\drivers\etc\Hosts.

    Havent tried the MBTools step as the first step failed.

    Please let me know what to do next. I dont have the Win XP CD with me, so reformatting is not an option for me. :(

    Thanks and Regards
     
    Pratap, Sep 3, 2011
    #10
  11. Pratap

    Pratap Private E-2

    Re: Unable to scan, install anctivirus, access microsoft/antivirus sites even in safe

    Oh and by the way, I did not get an option for run as admin.Instead it gave me to options, either to run it with my current login or as a different user. I believe am already logged in as admin to this system, so hopefully this shouldnt have had any impact on the result. But anyways, thought will let you know
     
    Pratap, Sep 3, 2011
    #11
  12. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Re: Unable to scan, install anctivirus, access microsoft/antivirus sites even in safe

    Just select to run it as the current user.
     
    TimW, Sep 3, 2011
    #12
  13. Pratap

    Pratap Private E-2

    Re: Unable to scan, install anctivirus, access microsoft/antivirus sites even in safe

    MGTools and OTM logs attached.

    And apologies for missing the step about copying from the results pane in OTM. Let me know if you want me to repeat the OTM/MGTools step you listed below.

    Also, after OTM the system performance has gone down a little. Thought should let you know.

    And thanks a lot for the help you are extending.
     

    Attached Files:

    Pratap, Sep 3, 2011
    #13
  14. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Re: Unable to scan, install anctivirus, access microsoft/antivirus sites even in safe

    Although it said it removed it all, it is still there. Try running it again.
     
    TimW, Sep 3, 2011
    #14
  15. Pratap

    Pratap Private E-2

    Re: Unable to scan, install anctivirus, access microsoft/antivirus sites even in safe

    Logs attached. Hope you see something promising in these logs :)
     

    Attached Files:

    Pratap, Sep 3, 2011
    #15
  16. Pratap

    Pratap Private E-2

    Re: Unable to scan, install anctivirus, access microsoft/antivirus sites even in safe

    Hi Tim, Please ignore the MGtools log in my earlier reply. Its the old log. Infact the Mgtool scan hasnt even finished. Will post it as soon as the scan completes.

    Thought of letting you so that you dont waste your time looking at older logs..
     
    Pratap, Sep 3, 2011
    #16
  17. Pratap

    Pratap Private E-2

    Re: Unable to scan, install anctivirus, access microsoft/antivirus sites even in safe

    Hi Tim,

    Correct MGTools log attached with this reply. My previous reply has the correct log for OTM. Since it is already uploaded once, I am not being allowed to reload it.

    And apologies for messing up the last time :)
     

    Attached Files:

    Pratap, Sep 3, 2011
    #17
  18. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Re: Unable to scan, install anctivirus, access microsoft/antivirus sites even in safe




    Code:
    :Processes
explorer.exe

:Files
C:\Documents and Settings\LocalService\Local Settings\Application Data\axxexuxr.log
C:\Documents and Settings\LocalService\Local Settings\Application Data\cqobktcu.log
C:\Documents and Settings\LocalService\Local Settings\Application Data\gfhqmdys.log
C:\Documents and Settings\LocalService\Local Settings\Application Data\lwjvpckq.log
C:\Documents and Settings\LocalService\Local Settings\Application Data\nfwdefmb.log
C:\Documents and Settings\LocalService\Local Settings\Application Data\ovbqwctb.log
C:\Documents and Settings\LocalService\Local Settings\Application Data\pvtgujwr.log
C:\Documents and Settings\LocalService\Local Settings\Application Data\sorxgxdv.log
C:\Documents and Settings\Owner\Local Settings\Application Data\nfwdefmb.log
C:\Documents and Settings\Owner\Local Settings\Application Data\ovbqwctb.log
C:\Documents and Settings\Owner\Local Settings\Application Data\pvtgujwr.log
C:\Documents and Settings\Owner\Local Settings\Application Data\sorxgxdv.log
C:\Documents and Settings\Owner\Local Settings\Application Data\exbjfdqv 
c:\documents and settings\Owner\Local Settings\Application Data\exbjfdqv\metldghf.exe
C:\WINDOWS\temp\ejrgfigliemuehue.exe
:Reg
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MetLdghf"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,"

:Commands
[purity]
[ResetHosts]
[createrestorepoint]
[emptytemp]
[start explorer]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large http://farm3.static.flickr.com/2782/4174320048_f01c448b32_o.png button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.



    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below log:


    • C:\MGlogs.zip


    I may need to consult with my colleagues about this stubborn file!!
     
    TimW, Sep 3, 2011
    #18
  19. Pratap

    Pratap Private E-2

    Re: Unable to scan, install anctivirus, access microsoft/antivirus sites even in safe

    Hi Tim,

    MGTools and OTM log attached.Also note that as am logged as OWNER which is the only user in this system, I just ran the OTM normally ( Actually, right click does not even give me the option of running it as admin)

    If you want me to run these in safe mode with or without networking, just let me know.

    And thanks again for continuing to look into this issue. Your help is really appreciated.
     

    Attached Files:

    Pratap, Sep 3, 2011
    #19
  20. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Re: Unable to scan, install anctivirus, access microsoft/antivirus sites even in safe

    Let's try it in safe mode:

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    * Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    If it is not on your Desktop, the below will not work.
    * Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    * If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    * Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    KILLALL::

File::
C:\Documents and Settings\LocalService\Local Settings\Application Data\ipmqaoel.log
C:\Documents and Settings\LocalService\Local Settings\Application Data\nfwdefmb.log
C:\Documents and Settings\LocalService\Local Settings\Application Data\ovbqwctb.log
C:\Documents and Settings\Owner\Local Settings\Application Data\exbjfdqv
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\metldghf.exe
C:\WINDOWS\temp\ejrgfigliemuehue.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\exbjfdqv\metldghf.exe

Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MetLdghf"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,"
    * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    If it asks you to overide the previous file with the same name, click YES.
    * Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
    * Follow the prompts.
    * When it finishes, a log will be produced named c:\combofix.txt
    * I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below log:

    • C:\MGlogs.zip


    If this doesn't do it, hang in there and let me consult with the other fighters.
     
    TimW, Sep 3, 2011
    #20
  21. Pratap

    Pratap Private E-2

    Re: Unable to scan, install anctivirus, access microsoft/antivirus sites even in safe

    Hi Tim,

    Did exactly as you said. Logged into Safe mode with networking and ran the MGTools analyse file. After this ran combofix with the instructions you mentioned. While rebooting, had to manually move to safe mode with networking. Then ran the MGtool bat file you had asked. All logs attached.

    Am still in safe mode with networking and still cant access the online scanners.

    Awaiting next set of instructions.

    Thanks and Regards
     

    Attached Files:

    Pratap, Sep 3, 2011
    #21
  22. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Re: Unable to scan, install anctivirus, access microsoft/antivirus sites even in safe

    I am afraid it is just become to pervasive to fix. Ramnit infections are very hard to thoroughly clean once they take over. This is our standard reply to these infections:

    Ramnit infections have really become quit nasty and dangerous. We could attempt to remove it, and we have had some success in the past, but recently it has become even more trouble to remove. It is really safer to just bite the bullet and do a clean reinstall.

    The problem is that the damage caused by this infection really makes a PC unreliable/untrustworthy. PE file infectors like Ramnit, Virut,.... etc can infect all executable files (DLL, EXE, SCR....and many more and also HTML). These infections can open back doors that truly may compromise your computer and your security. These backdoors could allow a remote attacker to access and instruct the infected computer to download and execute more malicious files.

    In many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus or by other scanning tools. Also when disinfection is attempted, the files often become corrupted and the system may become unstable or irrepairable. The longer Ramnit remains on a computer, the more files it may infect and/or corrupt so the degree of infection can vary.

    Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies the Ramnit worm using a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are a major source of system infection.

    So all the above being said, and please do take serious note of the warnings, do you really wish to attempt cleaning even though the stability and security of your be cannot be guaranteed? And also note that we could spend a lot of time trying to fix it and still fail due to the number of files that have been infected. What would you like to do?

    Unfortunately, it has gotten to well embedded in your system. I can only suggest at this point that you contact the manufacturer of your system and request an install CD so you can do a reformat and clean install. :(
     
    TimW, Sep 3, 2011
    #22
  23. Pratap

    Pratap Private E-2

    Re: Unable to scan, install anctivirus, access microsoft/antivirus sites even in safe

    Hi Tim,

    Thanks for looking into this issue.

    Actually am not sure that the laptop manufacturer wold provide a win xp cd. Though this is an original laptop with legit OS, it was bought in another country around 3-4 yrs back and now am in a different country. Not sure the manufacturer would provide the CD. Is there a way to do this without the win xp cd ( note that the key is on the CD and I dont have it with me)

    If you can help, I would still try to clean this system myself. Let me know if you can help me out.

    Thanks and Regards
     
    Pratap, Sep 4, 2011
    #23
  24. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Re: Unable to scan, install anctivirus, access microsoft/antivirus sites even in safe

    Who is the manufacturer of the laptop? There is no "fixing" this system. The only avenue you have is to reformat and do a clean install.
     
    TimW, Sep 4, 2011
    #24
  25. Pratap

    Pratap Private E-2

    Re: Unable to scan, install anctivirus, access microsoft/antivirus sites even in safe

    Hi Tim,

    Its an Acer Aspire 5052NWXMi laptop (OEM) bought in India around 4 yrs back. Am in the UK at the moment
     
    Pratap, Sep 4, 2011
    #25
  26. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, Sep 4, 2011
    #26

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds