Author Topic: Windows Command Processor virus issue  (Read 11399 times)

0 Members and 1 Guest are viewing this topic.

Rick21

  • Guest
Re: Windows Command Processor virus issue
« Reply #15 on: March 29, 2012, 10:29:58 PM »
will that erase any of my files or programs?

jeffce

  • Guest
Re: Windows Command Processor virus issue
« Reply #16 on: March 29, 2012, 10:33:18 PM »
Hi,

Quote
will that erase any of my files or programs
No not anything you want anyway. 

Unfortunately you have both the ZeroAccess rootkit and Ramnit on your system.  They are both incredibly bad infections that need to be removed and it may be quite difficult just so that you are aware.

Rick21

  • Guest
Re: Windows Command Processor virus issue
« Reply #17 on: March 30, 2012, 10:19:57 PM »
Is it normal for the scan to take quite a long time? Not that im in a hurry but it has been about 5 hours since i did the Dr Web cd boot you told me to do.

jeffce

  • Guest
Re: Windows Command Processor virus issue
« Reply #18 on: March 31, 2012, 12:07:01 AM »
Hi Rick,

Yes it may take quite some time for it to finish.  I appreciate your patience while it is running.  You have two of the most serious infections on your system that there are today.  It may take quite some time to complete. 

Rick21

  • Guest
Re: Windows Command Processor virus issue
« Reply #19 on: March 31, 2012, 12:49:01 AM »
hi :) ok i just realised that i followed the screenshots u posted correctly but..i clicked on the DrWeb live cd (defualt) as it is shown on the first screenshot but straight after that it doesnt go into the desktop screen..instead its a blank screen with the same layout as the first screen shot but it shows options such as : graphics mode, start shell, start midnight commander, start Dr Web Scanner, start Dr Web Update, create live usb, select language, xorg configurationm, network configuration, report bug, restart, shut down, eject and shut down.

i clicked on start Dr Web Scanner and then a blank screen showed up and a scan was taking place. like the entire screen was showing file paths or links or whatever theyre called pardon me lol..but yeah hopefully i clicked the right thing.

jeffce

  • Guest
Re: Windows Command Processor virus issue
« Reply #20 on: March 31, 2012, 12:51:38 AM »
It should be just fine.  :) 

Rick21

  • Guest
Re: Windows Command Processor virus issue
« Reply #21 on: March 31, 2012, 03:09:58 PM »
hi Jeff, i dont think the scan has worked..ive attached 2 pictures i took on my phone..1 taken after the scan and the other screenshot shows what showed up after hitting 'press any key'. both options dont work, when i click launch startup repair it goes to a screen where its trying to repair and then it says it couldnt find a solution so i restarted the laptop and it goes back to the same screen with 2 options..when i click start windows normally..it doesnt really start and once again ends up at the same page where ive got the same 2 options. :( dont know what to do now

Rick21

  • Guest
Re: Windows Command Processor virus issue
« Reply #22 on: March 31, 2012, 03:10:52 PM »
the launch options

jeffce

  • Guest
Re: Windows Command Processor virus issue
« Reply #23 on: March 31, 2012, 03:27:28 PM »
Hi Rick,

Looks like Dr. Web has renamed them so we might be alright. 

Download Combofix from either of the links below, and save it to your desktop. 
Link 1
Link 2

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
    When finished, it will produce a report for you. 
  • Please post the C:\ComboFix.txt for further review.

Rick21

  • Guest
Re: Windows Command Processor virus issue
« Reply #24 on: March 31, 2012, 03:32:18 PM »
thank you but how do i get to my desktop..every time i click launch start up repair it doesnt do much and when i click start windows normally it restarts the laptop and brings it back to the same page and asks me to either launch or start normally.

Rick21

  • Guest
Re: Windows Command Processor virus issue
« Reply #25 on: March 31, 2012, 04:03:02 PM »
please help this sucks :( cant even get it to the desktop..just keeps going to the same page. ive clicked launch start up repair and start windows normally countless amounts of times now and it just comes back to the same 2 options.

Rick21

  • Guest
Re: Windows Command Processor virus issue
« Reply #26 on: March 31, 2012, 04:49:56 PM »
ok well so i couldnt get it to get to my desktop..even in safe mode it kept going back to the same screen with the 2 options..so basically i managed to do a system restore (back to the 29th) and then it finally logged on and i just downloaded combo fix and its doing a scan.. the windows command processor pop up still appears asking for permission..i havent clicked yes or no. the scan is taking place right now and then ill post the log :)

Rick21

  • Guest
Re: Windows Command Processor virus issue
« Reply #27 on: March 31, 2012, 05:10:47 PM »
ok i ran the combo fix heres the log. btw i cant open iexplorer or firefox lol or anything really..i think all my works gone xD

jeffce

  • Guest
Re: Windows Command Processor virus issue
« Reply #28 on: April 01, 2012, 12:20:07 AM »
Hi Rick,

Do you mean that you can not connect to the internet any longer on the system that is infected?  If so, sometimes that happens when fixing a system infected with ZeroAccess.  Let's see what we can get done.  :)
-------------

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
    ----------

    • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    Code: [Select]
    ClearJavaCache::

    AtJob::

    File::
    c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\ogax.exe
    c:\windows\SysWow64\QL4J0lx.com
    c:\users\Rickhill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cqbwxlg0.#xe
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ogax.exe
    C:\Windows\SysNative\lxcj_device.dll

    Firefox::
    FF - ProfilePath - c:\users\Rickhill\AppData\Roaming\Mozilla\Firefox\Profiles\zbb0fe8a.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}

    Folder::
    c:\users\Rickhill\AppData\Roaming\Kagi
    c:\users\Rickhill\AppData\Roaming\Ekex
    c:\users\Rickhill\AppData\Local\tkjknlww

    RegLock::
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
    [-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    [-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
    [-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

    Driver::
    AtiPcie

    Netsvc::
    AtiPcie
    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.



    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    ----------

    In your next reply please post the logs made by Farbar Service Scanner and ComboFix.