Jump to content

Recommended Posts

Hey Guys,

Yesterday I was here for help removing CryptoWall 3.0, and now I appear to have been infected with a virus called ICSPA.

Facts

- After removal yesterday I only downloaded Comodo Anti-virus (Free) and Comodo Internet Security (Free).

- When I booted this morning, I received the error "Rundll32 Has Stopped Working)

- Did some research, and one solution was to remove recently DL programs. Was able to delete the Comodo Internet Security, but not the Anti-virus.

- In the process of doing so, I ran CCleaner and Malware, and nothing was found

- While trying to delete the Anti-virus, and after a few restarts, as my computer is running very slow, I was brought to a Lock screen that stated it was from the ICSPA and that my computer computer was locked due to illegal software (Dont have any).

- After a few repeats after restarts, I looked up a solution and part of it was to run Malwarebytes in Safe Mode, which would get partially through and my comp will shut down

- I can boot into Safe Mode, but after doing certain tasks (i.e. Running MB, being on Chrome too long, it either brings up the same lock screen or shuts down.

- Sometimes after a shut down, I can't restart it for a few minutes.

I'm WAY over my head here! Please help!

Link to post
Share on other sites

Hello,
 
 
 
We will have to work outside windows to try to fix your problem:
 
 
 
 
Please download Farbar Recovery Scan Tool and save it to a flash drive.

  • Plug the flashdrive into the infected PC.
  • Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer
  • Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.
  • In the Choose Recovery Tool menu select Command Prompt.
  • You will see a big black window with a blinking cursor (command prompt).
     
     
     
    notepad.png Access the notepad and identify your USB drive
     
    In the Command Prompt please type in:
    notepad
    and press Enter.
  • When the notepad opens, go to File menu.
  • Select Open.
  • Go to Computer and search there for your USB drive letter.
  • Note down the letter and close the notepad.
     
     
     
    FRST.gif Scan with Farbar Recovery Scan Tool
     
    Once back in the command prompt window, please do the following:
  • Type in e:\frst.exe and press Enter.
    You need to replace e with the letter of your USB drive taken from notepad!
  • FRST will start to run. Give him a minute or so to load itself.
  • Click Yes to Disclaimer.
  • In the main console, please click Scan and wait.
  • When finished it will produce a logfile named FRST.txt in the root of your pendrive and display it. Close that logfile.
     
    Transfer it to your clean machine and include it in your next reply.
Link to post
Share on other sites

Download attached fixlist.txt and save it to your USB flashdrive as fixlist.txt
 
>>  Boot into Recovery Environment
 
 
Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....

  •    Press the Fix button once and wait.
  •    FRST will process fixlist.txt
  •    When finished, it will produce a log fixlog.txt on your USB flashdrive.

>>  Exit out of Recovery Environment and post me the log please.
 
 
 
Try to boot Windows normally...

fixlist.txt

Link to post
Share on other sites

Sorry for the delay, I only have my tablet here, which would DL the fixlist.txt file you posted, so I had to run out to find a PC that would let me.

I ran the file, restarted the machine, and was able to, albeit slowly, remove the rest of Comodo. After a second restart, I got no errors or pop ups when I logged on.

See the attached file you requested, and let me know if there is anything else I should do!

Thanks for your help!

Fixlog.txt

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.