Jump to content

Recommended Posts

This is the third time a different rogue malware has infected our family's desktop.

This time I am unable to use any anti-spyware (including malwarebytes).

I saw directions on one forum of how to run some commands, but it won't let me do that.

Is it possible to download malwarebytes onto cd rom or jump drive and then have it auto run?

One neighbor said this happened and he had to basically restart his computer.

thanks

Topher

Link to post
Share on other sites

Hello topher2

Welcome to Malwarebytes.

=====================

You will need a blank cd,a cd burner and another computer to do the following.

Ok this file is big Print these instruction out so that you know what you are doing

Two programs to download

First

ISOBurner this will allow you to burn OTLPE.iso to a cd and make it bootable. Just install the program, from there on in it is fairly automatic. Instructions

Second

  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the C:\OTL.txt file in your reply.

Link to post
Share on other sites

Hello topher2

Welcome to Malwarebytes.

=====================

You will need a blank cd,a cd burner and another computer to do the following.

Ok this file is big Print these instruction out so that you know what you are doing

Two programs to download

First

ISOBurner this will allow you to burn OTLPE.iso to a cd and make it bootable. Just install the program, from there on in it is fairly automatic. Instructions

Second

  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the C:\OTL.txt file in your reply.

Wow, thanks. I have to run off to work, but will try this later today and post the results. Topher

Link to post
Share on other sites

Wow, thanks. I have to run off to work, but will try this later today and post the results. Topher

Okay, I got the CD to boot my computer and double clicked on the OTLPE icon. A Browse for Folder screen appears. I tried clicking on different items (e.g., My Computer, RAMDisk (:)

OS (C:), etc, but when I do I just get a screen that says RunScanner Error: Target is not windows 2000 or later.

Do you have a suggestion for when I get to this screen?

Thanks.

Topher

Link to post
Share on other sites

Yes it will matter the OTLPE is made for xp so it probably is not going to work out that way but instead of that please try the following:

Please download the dr.weblivecd.iso from here: ftp://ftp.drweb.com/pub/drweb/livecd/minD...iveCD-5.0.3.iso

Burn that just as you did the OTLPE as an image and boot with it.

Make sure that the computer has a wired internet connection as it will not update with a wireless card.

Once it loads click on the green circle button at the top to choose to update it.

It may take a while.

Once it is done updating please choose a full scan and let it cure or delete after that is done you can simply restart the machine.

Let me know if that takes the infection down a notch to regain control of the machine.

If you need further instructions they can be found here > http://www.freedrweb.com/livecd/how_it_works/

Link to post
Share on other sites

So far I have only gotten large green screen. I've gone back over your instructions and you mention there being an icon to click on like with the OTLPE. I never got the icon. I start the Dr. Web Live CD from the default setting. I get to a screen that says Preparing the LiveCD environment. Press Alt + F1 for verbose mode. There is no green circle to click at top, and in fact, mouse does not work when I am here. I'm going to go back to regular settings and make srue mouse still works.

Link to post
Share on other sites

That is fine since you are into Windows now please do the following:

  • Please download OTH.scr to your desktop.
  • Download OTL to your desktop.
  • Double click the OTH file and select Kill All Processes, your desktop will go blank
    OTH_Main.jpg
    Then select Start OTL OTL will now run
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    netsvcs

    %SYSTEMDRIVE%\*.*

    %systemroot%\*. /mp /s

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\System32\config\*.sav

    %systemroot%\system32\drivers\*.sys /90


  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Link to post
Share on other sites

Evidently it still has control. It allowed me to open a firefox window (kind of, the Security Tool still blocks most of screen. I was able to do a google search of malwarebytes forum, but it won't allow me to go there by clicking on the google results, or by writing in the address. The screen says Server not found. When I tried. It will let me go to other sites (e.g., new york times)

Link to post
Share on other sites

PLease from another computer download Combofix from one of these locations:

Link 1

Link 2

Save ComboFix.exe to your Desktop of another computer then burn it onto a cd and transfer it to the infected computer's desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

First, I want to say I really appreciate all your help.

I copied the ComboFix to my laptop (okay, at first I launched it and accidentally scanned my laptop) :)

I've tried booting up my desktop with it, but although I tell the desktop to boot from the CD, there doesn't seem to be anything on the CD that will launch it, as compared to the other programs you had me copy and insert.

Am I doing something wrong in booting up my desktop? What happens is that after trying to start it from the CD (and I've designated CD as the first, second and third boot) it goes to hard drive boot.

Topher

Link to post
Share on other sites

Hi no it is not bootable you just boot up the infected computer like normal and when the computer has booted just double click on Combofix and run it.

I said to do this because you said you could get mbam to run.

Please try Combofix that way.

Link to post
Share on other sites

Hi no it is not bootable you just boot up the infected computer like normal and when the computer has booted just double click on Combofix and run it.

I said to do this because you said you could get mbam to run.

Please try Combofix that way.

Thanks. The computer won't let me open it. I click on it, it starts for half a second, and then the green bar disappears.

Link to post
Share on other sites

Good idea. Am at work now, will try tonight.

Thanks again.

Okay, this is how I believe I finally fixed the problem.

A co-worker recommended the following article with step by step instructions.

http://bl108w.blu108.mail.live.com/default...x?wa=wsignin1.0

This allowed me to get rid of some of the malware, but I still couldn't go to the malwarebytes.or page.

I scanned with my Avira and three more viruses showed up.

Now I am happily typing you from our desktop computer.

I made sure all of our photos and documents are backed up.

Next I'm going to start the computer over (wipe it clean, don't know the technology) because the speed isn't what it used to be.

Thanks for your help.

I left a donation this a.m.

Topher

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.