Jump to content

Virus keeps coming back


Recommended Posts

Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable (.exe) every time you run them

with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

---------

Please download aswMBR to your desktop.

  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and attach its contents in your next reply.

aswmbrscan.jpg

Click the image to enlarge it

----------

Link to post
Share on other sites

Download Combofix from the link below, and save it to your desktop.

Link

**Note: It is important that it is saved directly to your desktop**

If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.


  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

----------

Link to post
Share on other sites

First open an elevated command prompt > Click Start and type cmd in Start Search.

When cmd.exe populates above, right click it and select Run as Administrator to open an elevated command prompt.

Copy the contents of the code box > right click in the command window and select paste >> Press Enter


copy "C:\Windows\Notepad.exe" "C:\Windows\System32\notepad.exe"

Close the Command Prompt box.

Reboot your system and see if you can open Notepad.

Link to post
Share on other sites

Let's see about getting this fixed first.....we need to use Notepad.

Download Windows Repair (all in one) from this site

Install and then run the program.

On the Start Repairs tab, select Advanced Mode and click Start

Capture1.gif

Select all of the items in the screen shot below (the image below is just an example) and check Restart System When Finished.

windowsservicetool.jpg

----------

Let me know if Notepad is fixed now.

Link to post
Share on other sites

Do you have your Windows Vista CD or can you borrow one from a friend? If so, get it out as we may need this during the following steps:

  • Click on Start, type cmd in the Start Search bar.
  • Right click on Command Prompt at the top of the window and select Run as Administrator.
  • In the Command Prompt Window, type (or copy and paste) sfc /scannow and press Enter.

The scan may take some time, so be patient. Windows will repair any corrupted or missing files that it finds. If information from the installation CD is needed to repair the problem, you may be prompted to insert your Windows Vista CD.

After you run System File Checker, try to run Notepad.

Let me know how that works. :)

Link to post
Share on other sites

It says "verification 100% complete. Windows Resource Protection found corrupt files but was unable to fix some of them."

Notepad is still unable to open.

When I click properties of notepad the Target: %SystemRoot%\system32\notepad.exe and start in: %HOMEDRIVE%%HOMEPATH%

When I go to click out of it, it says "The name %SystemRoot%\system32\notepad.exe specified in the target box is not valid". Could that be the issue?

Link to post
Share on other sites

Let's try to open Notepad through the command prompt.

First open an elevated command prompt > Click Start and type cmd in Start Search.

When cmd.exe populates above, right click it and select Run as Administrator to open an elevated command prompt.

Copy the contents of the code box > right click in the command window and select paste >> Press Enter (do one line at a time if there are more than one)


C:\Windows\system32\notepad.exe

Does Notepad open?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.