Jump to content

Windows Antivirus Pro

turnerb

By turnerb
in Resolved Malware Removal Logs

 Share

Recommended Posts

turnerb

turnerb

Posted
Posted

Hi,

I just posted the following to the general forum and got a reply to post to the HijackThis Logs forum. I will paste the original message here again as I already tried to run hijackthis, malewarebytes and combofix but none of them will open.

Thanks!

Hello,

I have used this forum before with great success for my fiancee's laptop and now my pc is having issues. I currently run eset smart security and use malwarebytes to scan weekly. Just today, however, a nasty little program called Windows Antivirus Pro found its way into my pc. After trying to get rid of it using malwarebytes and eset I restarted the computer and very bad things started to happen. Everytime I click on any .exe file the following message shows up:

16 bit MS-DOS Subsystem

C:\WINDOWS\system32\desot.exe

SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers. Virtual Device Driver format in the registry is invalid. Choose 'Close' to terminate the application.

-Also, behind it, a DOS prompt window opens.

Clicking on ignore or close causes both windows to go away.

I have tried installing combofix and hijackthis in order to prep logs for you, but once downloaded they will not open.The above message just shows up again.

I have tried running malwarebytes in safemode, but the same above message shows up.

Also, I cannot get regedit, regdt32, msconfig or cmd to function from the RUN feature.

I found the Windows Antivirus Pro program files on my C: drive and deleted them.

Oddly enough (Although I'm sure there's a perfectly rational explanation unbeknownst to me) Internet Explorer will run.

I am fairly competent when it comes to computers and, as I have said, I have used Combofix and HijackThis before, but I can't get any .exe to open.

Please help me!

Link to post
Share on other sites
sjpritch25

sjpritch25

Posted
Posted

Welcome to Malwarebytes !!!! <_<

We need to see some additional information about what is happening in your machine.

Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explanation about the tool.

    [*]When done, DDS will open two (2) logs

    1. DDS.txt

    2. Attach.txt

    [*] Save both reports to your desktop.

    [*] The instructions here ask you to attach the Attach.txt.

    DDS.jpg

    [*]Instead of attaching, please copy/past both logs into your next reply.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.

After downloading the tool, disconnect from the internet and disable all antivirus protection.

Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Link to post
Share on other sites
turnerb

turnerb

Posted
  • Author
Posted

Hello,

I tried to download, save and run the DDS program, but the same 16 bit MS-DOS system error pops up...

...Also this message pops up: The NTVDM CPR has encountered an illegal instruction

CS:00cf IP:0514 OP:ff ff 00 00 98 Choose close to terminate the application.

Please let me know if you come up with anything. Thanks.

Welcome to Malwarebytes !!!! <_<

We need to see some additional information about what is happening in your machine.

Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explanation about the tool.

    [*]When done, DDS will open two (2) logs

    1. DDS.txt

    2. Attach.txt

    [*] Save both reports to your desktop.

    [*] The instructions here ask you to attach the Attach.txt.

    DDS.jpg

    [*]Instead of attaching, please copy/past both logs into your next reply.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.

After downloading the tool, disconnect from the internet and disable all antivirus protection.

Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Link to post
Share on other sites
turnerb

turnerb

Posted
  • Author
Posted

Hello,

I got DDS to work and ran the scans you asked. Here are the results:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 12/29/2006 11:59:26 PM

System Uptime: 8/2/2009 9:51:11 AM (7 hours ago)

Motherboard: http://www.abit.com.tw/ | | AN7 (nVidia-nForce2)

Processor: AMD Athlon | Socket A | 2079/166mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 75 GiB total, 4.437 GiB free.

D: is CDROM ()

G: is FIXED (NTFS) - 34 GiB total, 34.407 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

6200

6200_Help

6200Trb

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)

Adobe Download Manager

Adobe Flash Player 10 ActiveX

Adobe Photoshop Elements 6.0

Adobe Reader 8.1.2

Adobe Reader 8.1.2 Security Update 1 (KB403742)

Adobe Shockwave Player

Adobe

Link to post
Share on other sites
sjpritch25

sjpritch25

Posted
Posted

Download Combofix from this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.