Jump to content

Techno ejit here


Ozzy

Recommended Posts

Hi Guys

I know i have probaly posted this in the wrong place, so please forgive me if i have done.

I am totally useless when it comes to pc's, so when recently I bought xp antispyware ( yes i am one of those idiots) I sought help from my local pc repair man. During our telephone conversation he told me to download malwarebytes and, god bless his cotton socks, he guided me through what I needed to do. Thankfully the malware thing removed whatever I had purchased.

Anyway long story short my pc is knackered again. I think its something called antivirus 2009 ( although i didn't download it, it just kept flashing up). Anyway it won't let me open up Malware or update my AVG. It won't even let me system restore.

In other words what do I have to do to get shot of it?

Sorry for being so thick but I'm the kind of guy who switches on his pc and expects it to work and when it doesn't I get freaked out.

Can you help me out?

I've got window xp home edition.....if thats any help!

Link to post
Share on other sites

Hi Guys

I know i have probaly posted this in the wrong place, so please forgive me if i have done.

I am totally useless when it comes to pc's, so when recently I bought xp antispyware ( yes i am one of those idiots) I sought help from my local pc repair man. During our telephone conversation he told me to download malwarebytes and, god bless his cotton socks, he guided me through what I needed to do. Thankfully the malware thing removed whatever I had purchased.

Anyway long story short my pc is knackered again. I think its something called antivirus 2009 ( although i didn't download it, it just kept flashing up). Anyway it won't let me open up Malware or update my AVG. It won't even let me system restore.

In other words what do I have to do to get shot of it?

Sorry for being so thick but I'm the kind of guy who switches on his pc and expects it to work and when it doesn't I get freaked out.

Can you help me out?

I've got window xp home edition.....if thats any help!

I should also add that whatever is on my pc it won't let me view your site, I;m having to do this off my works laptop

Link to post
Share on other sites

Hi There.

Please do the following from a working computer

Requires access to a working computer with a CD/DVD burner to create a bootable CD.

http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html' rel="external nofollow">
  • Avira AntiVir Rescue System
    Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to:


repair a damaged system,

rescue data,

scan the system for virus infections.


Just double-click on the rescue system package to burn it to a CD/DVD. You can then use this CD/DVD to boot your computer.
The Avira AntiVir Rescue System is updated several times a day so that the most recent security updates are always available.

Once you have scanned the machine with the Avira cd, you should be able to update malwarebytes and it can finish the cleanup for you.

Link to post
Share on other sites

Hi there

Sorry to be a pest :unsure: but i did as you said and loaded the duly burnt cd, to be told that I have to initally reboot before I did anything, which I did. However since rebooting i have been staring lovingly at a blue screen with a little egg timer on it. Am I doing something wrong, or does it just takes ages to sort itself?

Link to post
Share on other sites

Hi there

Sorry to be a pest :blink: but i did as you said and loaded the duly burnt cd, to be told that I have to initally reboot before I did anything, which I did. However since rebooting i have been staring lovingly at a blue screen with a little egg timer on it. Am I doing something wrong, or does it just takes ages to sort itself?

Hmm.. Alright then, do this from the affected PC:

Please download and run the Trend Micro Sysclean Package on your computer.

NOTE! This scan will probably take a long time to run on your computer so be patient and don't use it while it's scanning.

  • Trend Micro Damage Cleanup Engine

Make sure you read this document to understand how to use the program.

Basically there are 3 parts that need to be downloaded from these links:
  • As an example on 2008-10-17 the files to download are:
    sysclean.com
    |
    lpt605.zip
    |
    ssapiptn697.zip

  • NOTE!
    These file names are examples and you must visit Trend Micro for the very latest files which may have different names.

  • Create a brand new folder to copy these files to.

  • As an example:
    C:\DCE

  • Then open each of the zipped archive files and copy their contents to
    C:\DCE

  • Copy the file
    sysclean.com
    to the new folder
    C:\DCE
    as well.

  • Double-click on the file
    sysclean.com
    that is in the
    C:\DCE
    folder and follow the on-screen instructions.

    After doing all of this, please post back your results, including the log file
    sysclean.log
    that will be left behind by sysclean.

  • This self-extracting archive is a stand-alone fix package that incorporates the Trend Micro VSAPI Malware and Spyware scanning engines as well as the Trend Micro Damage Cleanup Engine and Template.

    This tool supports the following features:

    o Terminate all detected malware/spyware instances in memory

    o Remove malware/spyware registry entries

    o Remove malware/spyware entries from system files

    o Scan for and delete all detected malware/spyware copies in all local drives

http://windowshelp.microsoft.com/windows/en-us/help/7050d809-c761-43d4-aae7-587550cd341a1033.mspx' rel="external nofollow">
Link to post
Share on other sites

Hello Raid

I did what you said but my infrected home pc won't let me into the trendmicro site or any other thats gonna help me. So i download the files on this laptop copied them to CD then loaded them up on my home pc. I made a folder which is in the c drive and named in systemclean, unzipped the folder from there and ran the system clean tool. It came up as like a ms-dos screen, no on screen instructions or anything, and then off it went. the whole scan lasted like 10 seconds. Trendmicro have 5 on line instructions

1. Create a temporary folder and copy SYSCLEAN.COM into this folder.

NOTE: This temporary folder should be created on a local or mapped drive.

2. Download latest malware and spyware pattern files.

Extract the downloaded ZIP pattern files into the created folder.

3. Close all applications running on your system, including any

antivirus software.

4. Run the executable file, SYSCLEAN.COM, by either:

a. Double-clicking the tool in Windows Explorer.

b. Executing it via command prompt using syntax based on the

aforementioned parameters.

5. Enable any antivirus software that is installed on your system and

perform a manual scan.

NOTE: This fix tool generates the log file, SYSCLEAN.LOG, in its

current folder.

Now number 5 on the list ....Enable any antivirus software that is installed on your system and

perform a manual scan!!!. Well I guess that means run AVG so i'm doing that right now. My infected system lets me run AVG, it just won't let me visit there site or get updates and as i said before it won't let me run malware. My AVG isn't showing any virus at this time, just a whole load of tracking cookies.

Anyway here is the log, it doesn't say much but i hope it helps you.

Damage Cleanup Engine (DCE) 6.0(Build 1053)

Windows XP(Build 2600: Service Pack 3)

Start time : Wed Nov 19 2008 08:30:49

Load Damage Cleanup Template (DCT) "C:\systemclean\TMRDCT.ptn" (version ) [fail]

Load Damage Cleanup Template (DCT) "C:\systemclean\tsc.ptn" (version 988) [success]

Complete time : Wed Nov 19 2008 08:31:00

Execute pattern count(3017), Virus found count(0), Virus clean count(0), Clean failed count(0)

There was a debug log also, whatever that is.

Debug Information Level=0

Link to post
Share on other sites

What a rude malware infection. No biggie, I have another trick :D

Please follow these instructions and report back

  • Click on
    Start
    , click
    Run
    , and then type
    devmgmt.msc
    and click OK
  • On the
    View
    menu click on
    Show hidden devices

  • Browse to
    Non-Plug and Play Drivers
    and you should see something like
    TDSSserv.sys

  • Highlight that driver and right click on it and select
    DISABLE

  • Now
    RESTART
    your computer.

  • Download a copy of
    http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button' rel="external nofollow">
    but
    DO NOT
    run it yet.

  • Rename the downloaded installer file to any generic name such as your own name but keep the
    .EXE
    extension on the file and run it.

  • Once the program is installed go to the
    UPDATE
    tab and try to update the program if you can.

  • Then go to the
    SCANNER
    tab and run a
    Quick Scan
    and allow MBAM to fix anything found.

Link to post
Share on other sites

What a rude malware infection. No biggie, I have another trick :)

Please follow these instructions and report back

  • Click on
    Start
    , click
    Run
    , and then type
    devmgmt.msc
    and click OK

  • On the
    View
    menu click on
    Show hidden devices

  • Browse to
    Non-Plug and Play Drivers
    and you should see something like
    TDSSserv.sys

  • Highlight that driver and right click on it and select
    DISABLE

  • Now
    RESTART
    your computer.

  • Download a copy of
    http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button' rel="external nofollow">
    but
    DO NOT
    run it yet.

  • Rename the downloaded installer file to any generic name such as your own name but keep the
    .EXE
    extension on the file and run it.

  • Once the program is installed go to the
    UPDATE
    tab and try to update the program if you can.

  • Then go to the
    SCANNER
    tab and run a
    Quick Scan
    and allow MBAM to fix anything found.

OH oh oh, I don't want to speak to soon but the program is running :D ( fingesr crossed it keeps going :D ) I guess it may run for a while so I'll let you know how I get on. If it works thats a large cask of beer I owe you!!!! Thanks thus far for helping an old man out!

Link to post
Share on other sites

Hi Raid

As this is my home pc that I am writing this message on, you will no doubt have guessed that I managed to get malware to run on it :D . The programme picked out 27 objects. I must say, at the same time malware was running AVG kicked in with a few warnings also. However AVG did say " not all object could be healed" I don't know if that means my pc is still infected or not.

If I could also ask while I'm on. Is AVG the best thing for me?

And also this thing you told me to disable

# Browse to Non-Plug and Play Drivers and you should see something like TDSSserv.sys

# Highlight that driver and right click on it and select DISABLE

Do I have to enable them again?

Again thank you for your help, I'm so thick when it comes to pc's you wouldn't believe it.

Ozzy

Link to post
Share on other sites

Here is the log of the run,just in case you want to see it. Thanks again :D

Malwarebytes' Anti-Malware 1.30

Database version: 1412

Windows 5.1.2600 Service Pack 3

19/11/2008 23:52:55

mbam-log-2008-11-19 (23-52-55).txt

Scan type: Quick Scan

Objects scanned: 61370

Time elapsed: 15 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 22

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 8

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{037c7b8a-151a-49e6-baed-cc05fcb50328} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{67956585-9b5c-4e2b-abe1-a01bf3046ee1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rjrgedkqtbk (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\TDSSriqp.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSxfum.dll (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\TDSSmqlt.sys (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\glrrattehgq.dll (Trojan.Agent) -> Delete on reboot.

C:\Documents and Settings\RONAN\Local Settings\Temp\wrdwn4 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\RONAN\Local Settings\Temp\wrdwn5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSbubx.log (Trojan.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSnmxh.dll (Rootkit.Agent) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hi There.

No, don't worry about re-enabling those. They shouldn't even be available anymore. :D

And glad we could help. Your log looks good.

I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine unless you Fully Understand how these programs work and what you're doing. Please start a thread of your own and someone will be happy to help you, just follow the Pre-Hijackthis instructions found here before posting Pre- HJT Post Instructions

Also don't forget that we offer FREE assistance with General PC questions and repair here PC Help

If you're pleased with the product Malwarebytes and the service provided you, please let your friends, family, and co-workers know. http://www.malwarebytes.org

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.