Author Topic: "Take On Support" Scam (Read 13083 times)

essexboy · « **Reply #15 on:** May 14, 2010, 08:46:41 PM »

Hi Arfer ( a good East End name

) The GMER log was empty, could you repost it please

Arfer · « **Reply #16 on:** May 15, 2010, 03:41:22 AM »

When I boot up GMER I get this message.....

C:\Windows\system32\config\system: The system cannot find the file specified.

All the tick boxes down the right are grayed out and each time I run it the save saves an empty file.

When I click scan I get this message....

C:\Windows\system32\config\system: The process cannot access the file because it is being used by another process.

I get this even if I right click the GMER.exe and select run as administrator.

essexboy · « **Reply #17 on:** May 15, 2010, 01:03:31 PM »

Could you try it in safe mode please

Arfer · « **Reply #18 on:** May 15, 2010, 02:43:47 PM »

Tried it in normal and safe mode and get the same two error messages and an empty file to save :-(

Wonder why it wont run.

essexboy · « **Reply #19 on:** May 15, 2010, 05:12:57 PM »

That is a tad disturbing

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Arfer · « **Reply #20 on:** May 15, 2010, 05:48:14 PM »

When I launch ComboFix (PC running in normal mode) I get a warning Error "Win32 only" "Incompatible OS. ComboFix only works for workstations with windows 2000 and XP"

Umm running windows 7 64Bit Ultimate.

essexboy · « **Reply #21 on:** May 15, 2010, 06:02:05 PM »

Duh numpty knew that and then promptly forgot that CF does not run on 64 bit systems

Download avz4.zip from HERE

Unzip it to your desktop to a folder named avz4
Double click on AVZ.exe to run it.
Run an update by clicking the Auto Update button on the Right of the Log window:
Click Start to begin the update

Note: If you recieve an error message, chose a different source, then click Start again

Start AVZ.
Choose from the menu "File" => "Standard scripts " and mark the "Advanced System Analysis with malware removal mode enabled" check box.

Click on the “Execute selected scripts”.
Automatic scanning, healing and system check will be executed.
A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.
It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.
All applications will work properly after the system restart.

When restarted

Start AVZ.
Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Analysis" check box.

Click on the "Execute selected scripts".
A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

As they are zipped files virusinfo_syscure.zip and virusinfo_syscheck.zip upload to Mediafire and post the sharing link.

Arfer · « **Reply #22 on:** May 15, 2010, 07:02:46 PM »

Scans completed and files uploaded.....

http://www.mediafire.com/file/0tyuyimmzk1/virusinfo_syscheck.zip

http://www.mediafire.com/file/nktz3inznzd/virusinfo_syscure.zip

Quite a lot of info in there.....

essexboy · « **Reply #23 on:** May 15, 2010, 08:44:58 PM »

AVZ was suspicious of writelog - is it a programme you installed ?

Apart from that there was no evident malware - is your system still running slow ?

Arfer · « **Reply #24 on:** May 15, 2010, 09:43:54 PM »

WriteLog is OK :-)

It has a module to collect data from some live servers while the app is running to keep you up to date with who is active within your area of interest (Radio Hams)

Looks like its all been cleared up then

?

essexboy · « **Reply #25 on:** May 15, 2010, 09:55:43 PM »

Well none of my tools show any malware

Arfer · « **Reply #26 on:** May 15, 2010, 10:31:55 PM »

Thanks EssexBox for all your help. PC is running sweet again now.

Hopefully this topic will guide others through this problem.

essexboy · « **Reply #27 on:** May 15, 2010, 10:42:23 PM »

To remove my rubbish - run OTL and hit the cleanup button, for AVZ just delete the folder

Author Topic: "Take On Support" Scam (Read 13083 times)

essexboy

Re: "Take On Support" Scam

Arfer

Re: "Take On Support" Scam

essexboy

Re: "Take On Support" Scam

Arfer

Re: "Take On Support" Scam

essexboy

Re: "Take On Support" Scam

Arfer

Re: "Take On Support" Scam

essexboy

Re: "Take On Support" Scam

Arfer

Re: "Take On Support" Scam

essexboy

Re: "Take On Support" Scam

Arfer

Re: "Take On Support" Scam

essexboy

Re: "Take On Support" Scam

Arfer

Re: "Take On Support" Scam

essexboy

Re: "Take On Support" Scam