JimboDavis
-
Posts
24 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by JimboDavis
-
-
They are just about done. The OTL cleanup has run and the computer is rebooting. I should get a message soon saying that they finished the checklist. Thanks for all your help!
Jim
-
Looking that list over, I am inclined to have them uninstall Java Runtime, then update Adobe Reader and IE. What are your recommendations?
Jim
-
Here's the results:
Results of screen317's Security Check version 0.99.63
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET Online Scanner
`````````Anti-malware/Other Utilities Check:`````````
AntiSpyware
CCleaner
Java 2 Runtime Environment, SE v1.4.2_03
Java version out of Date!
Adobe Reader 7 Adobe Reader out of Date!
Google Chrome 26.0.1410.43
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 8%
````````````````````End of Log``````````````````````
Jim
-
Interesting - when I had them turn Avast back on, it said that they needed to re-register. We made it through that process. They should be running Security Check now.
Jim
-
When I talked to them I realized that their antivirus program (Avast) isn't running. Should it be running before we run Security Check?
Jim
-
I'll try to remember to post, not attach the results.
-
Okay - passing the instructions along. I was swamped Saturday, and yesterday they were busy. We're back at it today.
Jim
-
They were busy, then they ran it twice. (Couldn't find the log file after the first run) Attached are both log files.
Jim
-
I think they are going to rebel!
Anyway - I'm passing this message along. Same routine, I'll let you know when I get something back.Jim
-
Just realized I didn't post my last comment. Sorry. Attached is the ComboFix file.
-
This is getting intense! I'm passing along the instructions - hope to be back to you soon.
-
Here are the logs from the second scan. It looks clean.
-
Sorry this took so long! Attached are the logs from the first scan.
-
The first scan is finished. They are rebooting and will run the second scan.
Jim
-
Sorry - the only file I got was the one I attached. I have passed along these instructions. I'll let you know what I hear back.
Jim
-
Whoops - that should have read RogueKiller.
-
They were finally able to get back to work on the computer this morning. Attached is the Roadkiller report.
Jim
-
I sent the instructions along. Hopefully we can get this done tonight.
-
The computer booted up normally. Thank you very much for your help and expertise. Attached is the fixlog.txt file.
Jim
-
The friends are a couple of thousand miles away, so I'm not sure if I remember exactly what I told them. Basically I had them boot to the boot menu, then selected command prompt (w/o network support). They have a laptop which is running, so I had them download frst.exe and save it on a thumbdrive. They put the thumbdrive in the infected computer and ran f:\frst.exe and did "scan." I had them remove the thumbdrive and put it back in the laptop and asked them to email it to me. When I looked over the txt file I could see registry stuff I would delete, and files/folders that looked questionable. But since I am not at the computer I didn't want to take any chances.
I will send them the fixlist.txt file and report back with a fixlog.txt file as soon as I can.
Thanks
Jim
-
These were my google search tems: ukash malware running in safe mode
-
I saw it on a couple of other messages on this forum that came up from a google search.
http://forums.malwarebytes.org/index.php?showtopic=121717
I thought I could decipher it or find some instructions, but I got nervous and decided to ask for help.
Jim
-
Friends got infected with Ukash malware. They are unable to boot in Safemode. I am trying to help them. I found items pointing to the Farbar Recovery Tool so I have had them run that. Attached is the FRST.txt file that was generated. They are running 32bit XP. Thank you for your help.
Jim
Anyway - I'm passing this message along. Same routine, I'll let you know when I get something back.
Ukash malware Unable to boot using safe mode
in Resolved Malware Removal Logs
Posted
Finally made it through! Thank you very much for your help, MrC. Comment duly left on the profile feed. Probably doesn't adequately express appreciation, though
Jim