Jump to content

Removal Issues


Jaaa

Recommended Posts

Hey

So Ive found the virus, but i am unable to get rid of it.

The virus is contained in a nonexsistant folder that is being held in the C://Windows folder.

The supossed file is called 2978263173:2052029262.exe and is being ran off of a tlb file called {E9C1E0AC-C9B2-4c85-94DE-9C1518918D02}.tlb which is located in a Temp folder. As well as two files in the sys32 folder called 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 and 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0. Also looks like the ntuser.dat.log1 is also infected in someway, but unable to determine. It has also made files such as NTUSER.DAT{1f44c3f2-a220-11e0-b925-0021974a9f6d}.TM.blf and NTUSER.DAT{1f44c3f2-a220-11e0-b925-0021974a9f6d}.TMContainer00000000000000000001.regtrans-ms

Some of the steps that I have done:

Mcafee was off and wanted to find out why, and things started to go south.

Ran Malwarbytes and it self quit on me when looking at a file in the System32 Folder. Tried running it again i get error messages and after a reboot the program is no longer there.

Ran KasperSky Virus Removal Tool, it gets to the System32 and crashes, program tries to reboot it self it fails

Ran OTL, samething aboves happen.

Step into Command Prompt and try to take control of files throught there, it says it succeed but when deleting files throught command prompt it fails.

Step into Safemode and tried to do same steps as above, same result.

Step into Safemode with Networking and was able to get rid of the redirect google service it istalled on my computer but virus is still there.

When stepping back into Windows Normal, It now says Windows was Tampered with and we need to confirm your status as an owner, insert product key and it says looks good, but after bout 5 minutes says process wasnt finished.

Used Microsoft Security Essientals and it did the same as above.

Any Help will be apprciated, sorta wanna avoid the whole reinstall windows bit.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

-screen317

Link to post
Share on other sites

Same-thing happens, I run both of the programs and after hitting a certain file they quit themselves and are now dis-installed, still cant see where its hitting. I will say the associated exe is running in 7 files, 3 are svchosts, than services, than 3 other files in the windows folder that i cant get the names of because lockhunter also failed.

Link to post
Share on other sites

  • Staff

Hi,

These are links to Anti-virus vendors that offer free LiveCD or Rescue CD files that are used to boot from for repair of unbootable and damaged systems, rescue data, scan the system for virus infections. Burn it as an image to a disk to get a bootable CD. All (except Avira) are in the ISO Image file format. Avira uses an EXE that has built-in CD burning capability.

If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.

Let me know how it goes.

Link to post
Share on other sites

  • 4 weeks later...
  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.