Unexperienced User with Problems

Discussion in 'Malware Help (A Specialist Will Reply)' started by Xet, May 4, 2010.

  1. Xet

    Xet Private E-2

    I followed the procedure in the 'read me' thread. I was unable to perform ComboFix. When I tried installing it, it tried to install Windows Recovery Console which I agreed to. Then it mentioned installation failed and soon, I received the blue screen. I ran ComboFix again and it looked like ComboFix was installed. It didn't give me the window to install Windows Recovery Console and went straight ahead but I got the blue screen again.

    My issues with my computer are rare pop-ups in the form of a new tab, redirects with the same icon before opening a random page (this is problematic in both my browsers, FireFox & Internet Explorer), and unable to connect to Microsoft's update page. I can't even type the address here and submit post.
     

    Attached Files:

    Xet, May 4, 2010
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, May 5, 2010
    #2
  3. Xet

    Xet Private E-2

    It's in a zip file and I hope you don't mind.
     

    Attached Files:

    Xet, May 5, 2010
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Now please download SystemLook from one of the links below and save it to your Desktop.

    Download Mirror #1


    Download Mirror #2

    • Double-click SystemLook.exe to run it. (If you are using Vista, please right-click and select run as administartor)
    • A blank Windows shall open with the title "SystemLook v1.0-by Jpshortstuff".
    • Copy and Paste the content of the following codebox into the main textfield under "File":

    Code:
    :filefind
i8042prt.sys
    • Please Confirm everything is copied and Pasted as I have provided above
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. You can close this notepad window as the log will already be saved as SystemLook.txt on your Desktop ( if you downloaded and ran SystemLook to your Desktop as requested ).
    • Please attach this log in your next reply.

    Note: The scan may take a while from several seconds to a minute or more depending on the number of files you have and how fast your computer can perform the task.
     
    TimW, May 5, 2010
    #4
  5. Xet

    Xet Private E-2

    Anything else?
     

    Attached Files:

    Xet, May 5, 2010
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    * Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    If it is not on your Desktop, the below will not work.
    * Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    * If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    * Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    KILLALL::
FCopy::
C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\i8042prt.sys | C:\WINDOWS\system32\drivers\i8042prt.sys
    * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    If it asks you to overide the previous file with the same name, click YES.
    * Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
    * Follow the prompts.
    * When it finishes, a log will be produced named c:\combofix.txt
    * I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Now re-run GMER.

    Please attach the new Combo log and the GMER log.
     
    TimW, May 5, 2010
    #6
  7. Xet

    Xet Private E-2

    I ran into problems. First, after making the .txt file, I dragged and dropped into ComboFix.exe which failed. It asked me to update, which I did, and a couple of "Yes" buttons and I received the blue screen.

    I mentioned that I had problems running ComboFix in the first place. It was attempting to install Windows Recovery Console and that failed. I tried running ComboFix again, after failing Windows Recovery Console, it skipped re-installing Windows Recovery Console and attempted to scan my computer which also failed.

    Your most recent procedure, click & drop, failed so I deleted the ComboFix icon and tried to run it again, fresh start. I started with the procedures given from the READ ME thread. ComboFix worked fine but it restarted my computer couple times but I assume this is normal? It produced a log and at the same time it deleted some files which are related to a game.

    I then went to click & drop since ComboFix appeared to be working fine. I'll let you know what happens soon.
     
    Xet, May 5, 2010
    #7
  8. Xet

    Xet Private E-2

    As I said before, I re-ran ComboFix with a fresh start. I followed directions from the READ ME thread and it produced this log. I also mentioned it had deleted game files which are trivial but I'm a bit upset about.

    ComboFix had restarted my computer couple of times during its scan. It also mentioned a rootkit still active (C:\Windows\TEMP\logishrd\LVPrcInj01.dll).

    I ignored this message and continued with the procedure you had given me, click & drop. The .txt file disappeared and produced this log. I have named the logs chronologically. First is when I ran ComboFix with a fresh start. Second is what was recorded after a successful click & drop.

    I also want to note that I can now connect to Windows Update and I can actually type it in any search or post without problems, windowsupdate.microsoft.com. It seems my problem may be fixed but I haven't done anything else, procedure wise, other than to check if this problem still exists.
     

    Attached Files:

    • 1.txt
      File size:
      26.3 KB
      Views:
      1
    • 2.txt
      File size:
      20.4 KB
      Views:
      1
    Xet, May 5, 2010
    #8
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    It replaced the file we needed. As to your files that are to games, I will give you the method to dequarantine them but you need to add them to the fix. Give the entire address including the .vir as in:
    DeQuarantine::
    c:\windows\TEMP\logishrd\LVPrcInj01.dll.vir --> this is not viral, it is to your web cam.


    * Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    If it is not on your Desktop, the below will not work.
    * Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    * If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    * Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    KILLALL::

DeQuarantine::
<type in each file here>

Quit::
    * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    If it asks you to overide the previous file with the same name, click YES.
    * Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
    * Follow the prompts.
    * When it finishes, a log will be produced named c:\combofix.txt
    * I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Tell me what problems you may have. Otherwise I think your logs are clean.
     
    TimW, May 5, 2010
    #9
  10. Xet

    Xet Private E-2

    I am currently running GMER as you requested along with the ComboFix with the kill lines. Thank you for telling me they have been quarantined rather than deleted.
     
    Xet, May 5, 2010
    #10
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your last Combo log showed that the file had been copied. Why are you re-running Combo?
     
    TimW, May 5, 2010
    #11
  12. Xet

    Xet Private E-2

    After the second ComboFix scan, 2.txt, I am supposed to run GMER. I'm on GMER. I'm not running ComboFix right now. I will run it to de-quarantine.
     
    Xet, May 5, 2010
    #12
  13. Xet

    Xet Private E-2

    My GMER takes a long time to finish. I have used Google frequently and so far, no pop-ups or redirects.
     

    Attached Files:

    Xet, May 6, 2010
    #13
  14. Xet

    Xet Private E-2

    I don't need to de-quarantine the game files. I found out I have a back-up installer for that game. What is my next procedure? Follow the READ ME thread?
     
    Xet, May 6, 2010
    #14
  15. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your GMER log is clean. You need to tell me is you are still having any malware issues. Otherwise, if not, then:

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Go to add/remove programs and uninstall HijackThis.
    7. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    8. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures pointed to by step 6 of the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:
     
    TimW, May 6, 2010
    #15
  16. Xet

    Xet Private E-2

    Thanks for the help.
     
    Xet, Jun 27, 2010
    #16
  17. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are most welcome. Safe surfing. :)
     
    TimW, Jun 27, 2010
    #17

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds