Jump to content

aliB

Trusted Advisors
  • Content Count

    329
  • Joined

  • Last visited

Posts posted by aliB

  1. hi

    1. Please download The Avenger by Swandog46 to your Desktop.

    • Right click on the Avenger.zip folder and select "Extract All..."
    • Follow the prompts and extract the avenger folder to your desktop

    2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

    Drivers to delete:
    mulml
    Files to delete:
    C:\Windows\System32\mulml.exe

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

    • Right click on the window under Input script here:, and select Paste.
    • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
    • Click on Execute
    • Answer "Yes" twice when prompted.

    4. The Avenger will automatically do the following:

    • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
    • On reboot, it will briefly open a black command window on your desktop, this is normal.
    • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

    5. Please copy/paste the content of c:\avenger.txt into your reply.

  2. hi

    Step 1

    Update MalwareBytes AntiMalware and Run a Quick Scan.

    Post the log it produces

    Step 2

    Please run a free online scan with the ESET Online Scanner

    Note: You will need to use Internet Explorer for this scan

    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic

    Things i would like to see in your reply:

    • Malwarebytes Results.
    • Eset scanner report.
    • Update on how your computer is running

  3. hi

    Step 1

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following
      :OTL
      SRV - [2011/07/13 22:31:36 | 000,018,944 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\ktixk.exe -- (ktixk)
      DRV - File not found [Kernel | Unknown | Running] -- -- (82026456)
      DRV - File not found [File_System | Unknown | Running] -- -- (1427776drv)
      O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
      [2011/07/13 22:31:36 | 000,018,944 | ---- | C] () -- C:\Windows\System32\ktixk.exe
      [2008/06/19 09:19:51 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
      @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:098DBB8A

      :Commands
      [purity]
      [resethosts]
      [emptytemp]
      [EMPTYFLASH]
      [Reboot]


    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

    Step 2

    Rootkit Unhooker:

    • Please download Rootkit Unhooker and save it to your desktop.
    • Now double-click on RKUnhookerLE.exe to run it.
    • Click the Report tab, then click Scan.
    • Check (Tick) Drivers, Stealth. Uncheck the rest and then click OK.
    • Wait till the scanner has finished and then click File, Save Report.
    • Save the report somewhere where you can find it. Click Close.

    Copy the entire contents of the report and paste it in a reply here.

    Note** you may get the following warning, just click OK and continue.

    "Rootkit Unhooker has detected a parasite inside itself!

    It is recommended to remove parasite, okay?"

  4. hi

    Congratulations your logs appear clean :thumbsup:

    Reset and Re-enable your System Restore

    The following will implement some cleanup procedures as well as reset System Restore points:

    • Click START then RUN
    • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      Combofix_uninstall_image.jpg

    NEXT

    • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
    • Click on the CleanUp button.
    • Click Yes to begin the cleanup process and remove tools, including this application
    • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

    Recommendations

    See Here for a list of recommendations for free Antivirus\AntiSpyware applications.

    • Keep Your windows up to date by regularly checking their website at:
      http://windowsupdate.microsoft.com/
    • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
    • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
    • Make Internet Explorer more secure
      • Click Start > Run
      • Type Inetcpl.cpl & click OK
      • Click on the Security tab
      • Click Reset all zones to default level
      • Make sure the Internet Zone is selected & Click Custom level
      • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
      • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

      [*]MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

      [*]Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more

      secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up

      blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from

      Here

      If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.

      • NoScript - for blocking ads and other potential website attacks
      • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

      [*]Click Here to learn how to keep a backup of your important files

      [*]FileHippo Update Checkker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

    Thank you :)

  5. hi

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following
      :OTL
      @Alternate Data Stream - 1111 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:B6p8fxB0z2r2CCeDE9lnKFZY
      @Alternate Data Stream - 1055 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:8xNRneHyrbOIvVvCqbWKTHJZnQ9S

      :Commands
      [purity]
      [emptytemp]
      [EMPTYFLASH]
      [Reboot]


    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  6. hi

    Step 1

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following
      :OTL
      [2011/06/24 17:18:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\{CBCE2F73-24E4-481F-84B2-1A5EB720D187}
      [2011/07/09 21:36:51 | 000,106,496 | RHS- | M] () -- C:\Windows\SysWow64\C_20278U.dll

      :Commands
      [purity]
      [emptytemp]
      [EMPTYFLASH]
      [Reboot]


    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

    Step 2

    Update MalwareBytes AntiMalware and Run a Quick Scan.

    Post the log it produces

    Things I would like to see in your reply:

    • OTL log
    • MBAM log

  7. hi

    Download AVPTool from Here to your desktop

    Run the programme you have just downloaded to your desktop (it will be randomly named )

    First we will run a virus scan

    On the first tab select all elements down to Computer and then select start scan

    Once it has finished select report and post that.

    avpfront-1.jpg

    Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

    Now an analysis scan

    Select the Manual Disinfection tab

    Press the Gather System Information button

    Once done Open the last report saved folder then attach the zip file to your next post zip

    The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

    avpmanual.jpg

  8. hi

    Download ComboFix here :

    Link 1

    Link 2

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them
      Click me
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    RcAuto1.gif

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply

  9. hi :welcome:

    Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

    • Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.
    • Please do not do anything or perform other steps unless I have asked you to do so.
    • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.

    Step 1

    Download aswMBR.exe ( 1.8mb ) to your desktop.

    Double click the aswMBR.exe to run it

    Click the "Scan" button to start scan

    aswMBR2-1.gif

    On completion of the scan click save log, save it to your desktop and post in your next reply

    aswMBR2.png

    Step 2

    Download OTL to your Desktop

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Select All Users
    • Under the Custom Scan box paste this in
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      /md5stop
      %systemroot%\*. /mp /s
      hklm\software\clients\startmenuinternet|command /rs
      hklm\software\clients\startmenuinternet|command /64 /rs
      CREATERESTOREPOINT

    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Post both logs

    Things I would like to see in your reply:

    • aswMBR log
    • OTL.txt and Extras.txt

  10. hi

    Step 1

    Update MalwareBytes AntiMalware and Run a Quick Scan.

    Post the log it produces

    Step 2

    Please run a free online scan with the ESET Online Scanner

    Note: You will need to use Internet Explorer for this scan

    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic

    Things i would like to see in your reply:

    • Malwarebytes Results.
    • Eset scanner report.
    • Update on how your computer is running

  11. 1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the quotebox below into it:

    KillALL::

    File::

    c:\windows\system32\ktixk.exe

    Driver::

    ktixk

    Save this as CFScript.txt, in the same location as ComboFix.exe

    CFScriptB-4.gif

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Next

    Update MalwareBytes AntiMalware and Run a Quick Scan.

    Post the log it produces

    Next

    Please run a free online scan with the ESET Online Scanner

    Note: You will need to use Internet Explorer for this scan

    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic

    Things i would like to see in your reply:

    • Malwarebytes Results.
    • Eset scanner report.
    • Update on how your computer is running

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.