[cant remove trojan cyclers in any mode :-( please help]

No problem.

[cant remove trojan cyclers in any mode :-( please help]

Didn't catch that last post...

I would say yes. It includes all previous updates and hot fixes if you missed any, and also addresses many new issues itself.

[cant remove trojan cyclers in any mode :-( please help]

I wouldn't recommend something to you if it were a scam or virus. But do use some caution with what programs you download.

System Restore is incredibly useful if you ever need to rollback your computer to an earlier time. There are many reasons you may have to do this. I'd say that if you use good judgment on what you download and everything, that the benefits of being able to restore your computer outweighs the risk of an infection hiding out in there.

[cant remove trojan cyclers in any mode :-( please help]

No problem

The logs on the forums shouldn`t matter. There are hundreds of thousands of logs floating around. This topic will get burried under them shortly. If it`s really bothering you, I can request it be deleted. (I don`t have the moderation powers to do so myself)

You're in the All Clear! Here are a few cleanup procedures that are a must after malware removal. Also, I have a few program recommendations I like to suggest.

System Restore

System Restore creates snapshots of your computer, called Restore Points, so that in the event something goes wrong, you can restore your computer to an earlier date. Viruses would have gotten got in the Restore Point snapshots also and can reinfect you if you restore to an infected date. Clearing the Restore Points and making a new one is essential after removal:

• Open OTL.
  
• Under the Custom Scans/Fixes box at the bottom, paste in the following:
  

  :commands
  [CLEARALLRESTOREPOINTS]

  
  

• Then click the Run Fix button at the top.
  
• You may or may not be asked to reboot. In any case, I don't need the log that follows.
  

Removal of Removal-Tools

This is to make sure that tools that any powerful tools we used aren't left behind and to make sure that if you ever get reinfected, you will download all the most recent tools.

• Open OTL.
  
• In the top right corner will be a button called "Clean Up!"; click it.
  
• Follow any prompts, and reboot when prompted.
  
• OTL will be gone on startup also. Delete any logs or leftover tools manually.
  

Windows Updates

You should visit Windows Update about once a month, to receive Security Fixes, Hot Fixes and Service Packs. These are all important to fix things like bugs to vulnerabilities which could lead to infection.

Go to Tools > Windows Update, within Internet Explorer

• Click Express. It will check for updates for your computer.
  
• Click Install Updates. A windows should pop up giving the status of each update.
  
• Reboot when prompted.
  

If you're feeling lazy you can turn on Automatic Updates which will do the work for you.

• Click Start, then Control Panel
  
• Click Automatic Updates
  
• Check Automatic (Recommended)
  
• Ok your way out.
  

More information about Windows Updates and clear configuration instructions can be found here.

Prevention Programs and Practices

• Two AntiSpyware \ AntiMalware programs that are effective, easy to use, and free. A weekly scanning with one or both of these tools can be very useful in preventing\removing a wide variety of infections. I strongly recommend these products:
  • MalwareBytes' Anti-Malware
    
  • SUPERantispyware
    

  [*]The following are two alternative web-browsers. Both are great choices (And can be installed and used with Internet Explorer still present!) You may wish to experiment with the two, to decide which you prefer.

  • Firefox
    
  • Opera
    

  [*]Cleans out temporary files safely and effective. It does not clean out URL history, prefetch, or cookies.

  • TFC - Temp File Cleaner
    

  [*]Keep your programs and applications up to date. This is important, not only for content, but for vulnerability-fixes. Here are a few you should definitely keep up-to-date if you have them:

  • Java
    
  • Adobe Reader
    
  • Adobe Flash Player
    

Glad I could help, piano9playa5 :cheers:

[Trojan.Cycler]

Hello, and welcome to the forums.

What is the make and model of your computer? (ex: Toshiba Satellite C650) Does it have a Recovery Partition on it? Does it have multiple operating systems on it?

Download Bootkit remover to your Desktop.

This is a .rar file. If you do not have a program to open it then download and install Peazip

• Extract the contents of bootkit_remover to your desktop
  
• Double-click Remover to run it (Vista users right-click and select Run as Administrator)
  
• It will show a Black screen with some data on it
  
• Right click on the screen and click Select All
  
• Press Ctrl+C (on keyboard) to copy the data
  
• Open a notepad and press Ctrl+V to paste the data
  

Please copy\paste the contents of Notepad here for me to review.

[cant remove trojan cyclers in any mode :-( please help]

Hello,

That was beautifully done on your part.

I`ve never seen a log that hasn`t had that many errors. So yes, it`s normal.

How`s the computer running now? Any problems?

Please open Malwarebytes' Anti-Malware.

• Click the Update tab, and then click Check for Updates.
  
• After updating, click the Scanner tab.
  
• Select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

[cant remove trojan cyclers in any mode :-( please help]

It's alright.

It should be a straight forward fix from here.

Step ? One

• Go to Start > All Programs > Accessories > Notepad
  
• Please Copy\Paste the following to notepad:
  

  @ECHO OFF
  START remover.exe fix \\.\PhysicalDrive0
  EXIT

  
  

• Go to File > Save As:
  • On the Save In: click on the drop-down menu and select Desktop
    
  • In File Name: type in Fixup.bat
    
  • In Save as Type: use the drop-down menu to change it to All Files
    
  • Click Save
    

  [*]Close Notepad

  [*]Double-Click on Fixup

  [*]A black window will briefly flash on the screen. This is normal.

Once that bit has been completed:

Run Remover exactly as you did previously, copying the data afterward, and post the results back here for me to review.

Step ? Two

Download OTL to your desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scans/Fixes box at the bottom, paste in the following:
  C:\System Volume Information\Microsoft\smss.exe
  
  
  C:\System Volume Information\Microsoft\services.exe

  
  

• Then click the Quick Scan button at the top. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
    

Logs&Info

Remember to post back the following logs:

1. Bootkit Remover Results
   
2. OTL.txt
   
3. Extras.txt
   

[cant remove trojan cyclers in any mode :-( please help]

Hello, welcome to MalwareBytes' forums.

It looks like you've acquired one of the more recent infections. It can be a real bugger to remove.

What is the make and model of your computer? Does it have an recovery partition, or boot multiple OS's?

Download Bootkit remover to your Desktop.

This is a .rar file. If you do not have a program to open it then download and install Peazip

• Extract Remover to your desktop
  
• Double-click Remover to run it (Vista users right-click and select Run as Administrator)
  
• It will show a Black screen with some data on it
  
• Right click on the screen and click Select All
  
• Press Ctrl+C (on keyboard) to copy the data
  
• Open a notepad and press Ctrl+V to paste the data
  

Please copy\paste the contents of Notepad here for me to review.

[Cannot run .exe files Halp!]

It's been a week since you last replied. Do you still need help with this?

[b.exe at startup?]

b.exe is part of many infections in the category of Rogue AntiSpyware. Rogue AntiSpyware are programs that produce fake warnings that try and trick you into buying their software. We're seeing them rapidly evolving on the forums.

:woot:

You're in the All Clear! Here are a few cleanup procedures that are a must after malware removal. Also, I have a few program recommendations I like to suggest.

System Restore

System Restore creates snapshots of your computer, called Restore Points, so that in the event something goes wrong, you can restore your computer to an earlier date. Viruses would have gotten got in the Restore Point snapshots also and can reinfect you if you restore to an infected date. Clearing the Restore Points and making a new one is essential after removal:

• Open OTL.
  
• Under the Custom Scans/Fixes box at the bottom, paste in the following:
  

  :commands
  [CLEARALLRESTOREPOINTS]

  
  

• Then click the Run Fix button at the top.
  
• You may or may not be asked to reboot. In any case, I don't need the log that follows.
  

Removal of Removal-Tools

This is to make sure that tools that any powerful tools we used aren't left behind and to make sure that if you ever get reinfected, you will download all the most recent tools.

• Open OTL.
  
• In the top right corner will be a button called "Clean Up!"; click it.
  
• Follow any prompts, and reboot when prompted.
  
• OTL will be gone on startup also. Delete any logs or leftover tools manually.
  

Windows Updates

You should visit Windows Update about once a month, to receive Security Fixes, Hot Fixes and Service Packs. These are all important to fix things like bugs to vulnerabilities which could lead to infection.

Go to Tools > Windows Update, within Internet Explorer

• Click Express. It will check for updates for your computer.
  
• Click Install Updates. A windows should pop up giving the status of each update.
  
• Reboot when prompted.
  

If you're feeling lazy you can turn on Automatic Updates which will do the work for you.

• Click Start, then Control Panel
  
• Click Automatic Updates
  
• Check Automatic (Recommended)
  
• Ok your way out.
  

More information about Windows Updates and clear configuration instructions can be found here.

Prevention Programs and Practices

• Two AntiSpyware \ AntiMalware programs that are effective, easy to use, and free. A weekly scanning with one or both of these tools can be very useful in preventing\removing a wide variety of infections. I strongly recommend these products:
  • MalwareBytes' Anti-Malware
    
  • SUPERantispyware
    

  [*]The following are two alternative web-browsers. Both are great choices (And can be installed and used with Internet Explorer still present!) You may wish to experiment with the two, to decide which you prefer.

  • Firefox
    
  • Opera
    

  [*]Cleans out temporary files safely and effective. It does not clean out URL history, prefetch, or cookies.

  • TFC - Temp File Cleaner
    

  [*]Keep your programs and applications up to date. This is important, not only for content, but for vulnerability-fixes. Here are a few you should definitely keep up-to-date if you have them:

  • Java
    
  • Adobe Reader
    
  • Adobe Flash Player
    

Glad I could help, piano9playa5 :cheers:

[b.exe at startup?]

"{BB65B0FB-5712-401b-B616-E69AC55E2757}" -> (HIDDEN!) launches: "C:\Users\Vi\AppData\Local\Temp\b.exe" [file not found]

They're on the right track

Open up Scheduled Tasks; Go to Advanaced > View Hidden Tasks; Right-click > Delete "{BB65B0FB-5712-401b-B616-E69AC55E2757}" or "b.exe"

[b.exe at startup?]

Hmm.. I see the problem. Try downloading it with Internet Explorer. Firefox give us a lot of problems like this on the forums.

[b.exe at startup?]

No references to b.exe anywhere. This is likely what is making MBAM through out that Quarantining error -- it can't find it. We'll make sure that there isn't anything hanging around before reporting it as an error.

Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As", in FF it's "Save Link As") to download Silent Runners.

• Save it to the desktop.
  
• Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
  
• You will receive a prompt:
  
  • Do you want to skip supplementary searches?
    click NO
    

  [*]If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.

  [*]You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)

  [*]Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

[Cannot run .exe files Halp!]

Let's do this instead:

Download OTL to your desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Then click the Quick Scan button at the top. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
    

[b.exe at startup?]

@dragon8161

Please start your own topic.

@liv

Run OTL (Double click to run)

• Click None at the top
  
• Under the Custom Scans/Fixes box at the bottom, paste in the following:
  %SYSTEMROOT%\b.exe /s
  hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|b.exe /RS
  hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|b.exe /RS
  hkcu\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|b.exe /RS
  
  
• Then click the Run Scan button at the top
  
• Let the program scan and post the log that pops up when done (OTL.txt)
  

[b.exe at startup?]

There's nothing to worry about in those logs.

Let's see what MalwareBytes' is saying:

Please re-open Malwarebytes' Anti-Malware.

• Click the Update tab, and then click Check for Updates.
  
• After updating, click the Scanner tab.
  
• Select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

[b.exe at startup?]

Hello and welcome to the MalwareBytes' Forums Let's take a look:

Download OTL to your desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Then click the Quick Scan button at the top. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
    

[Cannot run .exe files Halp!]

Hello Welcome to the MalwareBytes' Forums.

Yes, please post the DDS log, and do the following:

Please download exeHelper to your Desktop.

• Double-click on exeHelper to run the fix.
  
• A black window should pop up, press any key to close once the fix is completed.
  
• Post the contents of exehelperlog (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)