Author Topic: urlseek  (Read 24531 times)

0 Members and 1 Guest are viewing this topic.

jeffce

  • Guest
Re: urlseek
« Reply #15 on: August 11, 2012, 03:50:09 PM »
Hi,

FRST

For 32 bit systems, download Farbar Recovery Scan Tool and save it to a flash drive.
For 64 bit systems, download Farbar Recovery Scan Tool64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
    [/list]
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64)  and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    ehargett

    • Guest
    Re: urlseek
    « Reply #16 on: August 12, 2012, 05:45:22 PM »
    Here you go!

    Elizabeth

    jeffce

    • Guest
    Re: urlseek
    « Reply #17 on: August 13, 2012, 01:49:31 AM »
    Download Combofix from any of the links below but rename it to Vageta.com before saving it to your desktop.

    Link 1
    Link 2


    ==================================

    Right-click and Run as Administrator on the renamed ComboFix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt so we can continue cleaning the system.

    ehargett

    • Guest
    Re: urlseek
    « Reply #18 on: August 13, 2012, 02:55:08 PM »
    Still not working.  >:(
    How can I uninstall both the Combofix and the renamed Vegeta.com? I was going to uninstall them then rename and download it again to see it the name change would work a second time, but I can't uninstall the programs. I get a message that Combofix.exe is in use when it shouldn't be after reboot.

    Anyway, that's where I am now. I let the renamed Combofix run all night and it was still hung up in the am.

    thanks,

    Elizabeth

    jeffce

    • Guest
    Re: urlseek
    « Reply #19 on: August 13, 2012, 04:09:36 PM »
    Ok....I would say that this is part of the infection blocking our tools. 

    Click the Windows Start button > in the Start Search bar type Run >> Select 'Run' - then copy/paste this into the run box & click OK: (assuming ComboFix.exe is on the desktop as was instructed)

    "%userprofile%\desktop\combofix.exe"

    If ComboFix creates a log please post that.

    ehargett

    • Guest
    Re: urlseek
    « Reply #20 on: August 13, 2012, 05:56:39 PM »
    ok, it says there's a newer version of combofix available, and would I like to update?

    jeffce

    • Guest
    Re: urlseek
    « Reply #21 on: August 13, 2012, 06:23:05 PM »
    Yes....  :)

    ehargett

    • Guest
    Re: urlseek
    « Reply #22 on: August 13, 2012, 07:06:43 PM »
    I think I need a hug  :'(
    I can't get combofix to get past the blue screen where it says it might take double the time to run , etc. I only let it sit there for about 30 minutes this last time because I am simply getting impatient at this point, and do not want to have to wait through another multiple-hour-non-scan only to have to force a reboot..
    Before I blow a fuse..ahem.. is there any other way we can try Combofix? Maybe in Safe mode? Or is there another tool in your belt we can try? ;)

    Elizabeth

    jeffce

    • Guest
    Re: urlseek
    « Reply #23 on: August 13, 2012, 11:33:08 PM »
    Hi,

    Yes...please try to run ComboFix in Safe Mode and post the log if there is one completed.

    If not....please run a new scan with OTL and post that new log.

    ehargett

    • Guest
    Re: urlseek
    « Reply #24 on: August 14, 2012, 04:18:21 PM »
    Combofix hung in Safe Mode, too
    Here's the OTL scan

    Thanks,

    Elizabeth

    jeffce

    • Guest
    Re: urlseek
    « Reply #25 on: August 15, 2012, 03:27:20 AM »
    Malwarebytes

    I see that you have Malwarebytes already on your computer.  Please open Malwarebytes, update it and then run a Quick Scan.  Save the log that is created for your next reply.
    ----------

    Please run a free online scan with the ESET Online Scanner
    Note: You will need to use Internet Explorer for this scan[/i]
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats is NOT selected and the option Scan unwanted applications is selected.
    • Click Scan (This scan can take several hours, so please be patient)
    • If there are threats that are found, please press List of found threats and then in the next window that opens press Export to text file...
    • Copy and paste/or attach that log as a reply to this topic
    **Note** If not threats are found there will not be a log created.
    ----------

    ehargett

    • Guest
    Re: urlseek
    « Reply #26 on: August 15, 2012, 02:40:19 PM »
    Lol, hey, I have two boys, a husband, a farm, and a computer I haven't taken the sledgehammer to...yet..so "p a t i e n c e " could be my middle name..
    I'm on it, and I'll get those reports to you a s a p. :)
    Elizabeth

    ehargett

    • Guest
    Re: urlseek
    « Reply #27 on: August 16, 2012, 02:17:17 PM »
    Ok, so maybe my patience is wearing a bit thin...scan was still running last night, so i let it.. But it rebooted for some reason, and went straight to to the Mac O S, so any logs that could have been created, w e r e  not.
    I'll run it again today, and try to keep an eye on it. I may completely exclude the Mac O S h a r d drive from the scan, because i did leave that checked when setting up ESET.
    So, just an update letting you know I've got to start over again...

    Elizabeth

    ehargett

    • Guest
    Re: urlseek
    « Reply #28 on: August 16, 2012, 04:18:57 PM »
    here you go...

    jeffce

    • Guest
    Re: urlseek
    « Reply #29 on: August 16, 2012, 06:05:59 PM »
    Hi,

    Run OTL.exe
    • Copy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL

      Quote

      :Services

      :Files
      C:\Program Files\Windows Live\Messenger\msimg32.dll   
      C:\Program Files\Windows Live\Messenger\riched20.dll   
      C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J07MTH80\updater-startnow-2.1-2.4-fixed[3].exe
      ipconfig /flushdns /c

      :Commands
      [emptytemp]
      [resethosts]
      [start explorer]
      [Reboot]

    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done
    • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
    ----------

    In your next reply please post the log made by OTL and let me know how your system is running?  :)