stepan Posted February 26, 2010 ID:206439 Share Posted February 26, 2010 Hi All,I know the Paladin Virus had been mentioned numerous times and solved for many people but it seems as though everyone has a unique solution so here is my post. I contracted the Paladin Virus and am attempting to remove it using the bleedingcomputer instructions (rkill & malwarebytes). rkill seemed to work and last night I ran the mwb scan but when I went to remove the malware this morning it froze. I rebooted and checked the mwb log to see it had removed 4 of 28 hits. I ran the scan again and it froze again this time during the scan. I tried following these directions but the defogger tool didn't ask to reboot (log file below). I rebooted anyway and tried to run the dds.scr tool but that resulted in a notepad file with garbled text (attached). I tried running the gmer.exe but it resulted in launching the fake firewall and virus protection programs. Internet explorer won't run. I am accessing the internet from a macbook and placing downloaded files onto a shared directory on the infected PC.Please help!Defogger Log:ddds.txt Link to post Share on other sites More sharing options...
stepan Posted February 27, 2010 Author ID:206586 Share Posted February 27, 2010 Does anyone have any ideas on how to fix this? I have something due on Monday and I haven't been able to use my computer. Link to post Share on other sites More sharing options...
Blade81 Posted March 4, 2010 ID:209438 Share Posted March 4, 2010 Hi,Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Copy-paste following contents into custom scan -area:/md5starteventlog.dllscecli.dllnetlogon.dllcngaudit.dllsceclt.dllntelogon.dlllogevent.dlliaStor.sysnvstor.sysatapi.sysIdeChnDr.sysviasraid.sysAGP440.sysvaxscsi.sysnvatabus.sysviamraid.sysnvata.sysnvgts.sysiastorv.sysViPrt.sys/md5stopClick the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.Please try to run GMER by following these instructions:Download GMER here by clicking download exe -button and then saving it your desktop:Double-click .exe that you downloadedClick rootkit-tab and then scan.Don't check Show All box while scanning in progress!When scanning is ready, click Copy.This copies log to clipboardPost log (if the log is long, archive it into a zip file and attach instead of posting) in your reply. Link to post Share on other sites More sharing options...
Recommended Posts