Jump to content

Recommended Posts

Short on time gonna be as straight forward as possible thanks for any help in advance and please forgive my bad grammar as this is hurried

Been following Mrcharlie's Wonderful tutorials ( http://maddoktor2.com/forums/index.php/topic,37759.0.html http://maddoktor2.com/forums/index.php/topic,37759.0.html) and I'm just losing steam I've never had this much trouble removing anything before and usually keep a very very clean computer and am the go to guy of all my friends and family for computer help anyways more information below

Mbam will not run even after renaming reinstalling and using Cacls commands to restore access it just refuses to scan and after trying will lock access until cacls commands are used

Exehelper has not done anything

Rkill has found this

Processes terminated by Rkill or while it was running:

\\.\globalroot\Device\svchost.exe\svchost.exe

C:\Users\Wrath42\Downloads\rkill.com

Vipre Rescue found 1 Infected file and removed it although I cannot find the log files but the problem still persists anyways

SuperAntiSpyware Portable Scanner Runs and finds 2 infected files including the above mentioned \\.\globalroot\Device\svchost.exe\svchost.exe but then shuts down after 2 minutes of a full scan, I tried to pause and continue in removing the 2 files it did find before the 2 minute mark and was asked to reboot, after doing so Mbam will still not start and SuperAntiSpyware still finds the 2 infected files

Went on to Combofix, saved to desktop ran as administrator, It tells me to disable Super Anti Spyware before continuing so I uninstalled and deleted all traces of super anti spyware and rebooted and tried again only to have the same happen continously, so I tried to run combofix anyways and all it does is grant me with a small blue window with around 6 lines of Access Denied and then my internet does not work until a reboot

Thats where I am so far Ive never used Hijack this but I am scanning right now and will update with a log.

Link to post
Share on other sites

Hello Wrath42,

Please stop trying to self-medicate this situation. It is quite normal to have several svchost processes running.

Stop running any further tools on your own --- from this point forward.

First, make sure you have saved all your work before you begin, and close your open apps.

Note: If using Firefox right-click on any download links and choose Save As

Please download OTH to your desktop

Please download OTL to your desktop

Please download the attached file Scan.txt to your desktop

Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.

OTH_Main.gif

Then select Start OTL. OTL will now run

  • Double-click on the Custom Scans box and a message box will popup asking if you want to load a custom scan from a file
    Select Scan.txt that you downloaded
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

    [*]Click the Internet Explorer button, post these logs into your reply.

Link to post
Share on other sites

Thanks for your help

After downloading Oth, Otl, and the text log to my desktop I closed all running programs and ran Oth, after I killed all processes my screen did go black but Oth was also forcefully closed and I was unable to navigate anywhere to reopen it due to killing all processes, after a reboot I was denied access to Oth and could no longer run it, so once again whatever I'm Infected with will not allow me to execute anything.

Link to post
Share on other sites

Because OTH was shutdown by force every time Id click the kill processes tab I thought Id try to Open OTL and then OTH at the same time kill processes and hope the OTL interface was still on the screen after doing so, after killing all processes OTL remained on the screen and then I continued to quick scan all users but like all previous attempts with scanners It was shut down instantly and access was blocked

Link to post
Share on other sites

  • Please download
Rootkit Unhooker and save it to your desktop.
Double-click RKUnhookerLE.exe to run it. If running Windows 7 or Vista, do a Right-Click on RKUnhookerLE and select Run As Administrator.
Click the Report tab, then click Scan
Check Drivers, Stealth Code, Files, and Code Hooks
Uncheck the rest, then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished then go File > Save Report
Save the report somewhere you can find it. Click Close
This log may be very large so please use multiple posts if need be.

Note:You may get this warning. If so, please ignore it.

"Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?"

Copy the entire contents of the report and paste it in a reply here for review.

Link to post
Share on other sites

  • Please download
Rootkit Unhooker and save it to your desktop.
Double-click RKUnhookerLE.exe to run it. If running Windows 7 or Vista, do a Right-Click on RKUnhookerLE and select Run As Administrator.
Click the Report tab, then click Scan
Check Drivers, Stealth Code, Files, and Code Hooks
Uncheck the rest, then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished then go File > Save Report
Save the report somewhere you can find it. Click Close
This log may be very large so please use multiple posts if need be.

Note:You may get this warning. If so, please ignore it.

"Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?"

Copy the entire contents of the report and paste it in a reply here for review.

I have this exact same problem! I have never found a virus/malware I couldn't repair until this time. Everything on the internet is apparently for an "older" version of this virus because everyone says to rename malwarebytes to some oddball name, but I don't have a problem getting the programs to run, it's getting them to scan that's the issue.

So I did what you told the previous poster to do. Where can I post my information? Do I need to start a whole new thread? I'm new to this because, like I said, I always manage to get them myself.

Thanks in advance for your response :)

Link to post
Share on other sites

@Mamma4ever,

This topic is for Wrath42 only !!! Forum procedure and policy in this sub-forum is to have one on one help for a member.

You are not allowed to interpose your problem (however similar it may appear) into a topic of another member.

Start your own (new) topic.

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post.

Please post there Gmer.txt log

the DDS logs

Don't post your logs here.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.