Author Topic: INFECTED  (Read 11455 times)

0 Members and 1 Guest are viewing this topic.

ABPickett

  • Guest
INFECTED
« on: October 26, 2012, 06:25:09 AM »
I need help with my computer, I am sure I have a virus my internet explorer and google chrome gets hijacked, it does always allow me to download programs and it took me several tries to download the programs listed on this site and I am missing all programs listed in my start folder and sometimes i get a message saying i do not have administrator rights. I am attaching the logs mentioned on this site needed to help clean my computer

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37526
  • Not a avast user
Re: INFECTED
« Reply #1 on: October 26, 2012, 08:13:36 AM »
also attach aswMBR log.....


it seems you also have AVG installed?

never install multiple AV as this will make your comp slower, give mysterious windows errors, and false positive detections


malware removers are notified. it may take hours before one arrive so be patient



ABPickett

  • Guest
Re: INFECTED
« Reply #2 on: October 26, 2012, 08:55:26 AM »
Thank you
I will be patient and in the mean time I will uninstall AVG.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37526
  • Not a avast user
Re: INFECTED
« Reply #3 on: October 26, 2012, 10:06:01 AM »
Thank you
I will be patient and in the mean time I will uninstall AVG.
when done.....run AVG removal tool so all leftover files that may conflict are gone    http://singularlabs.com/uninstallers/security-software/

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: INFECTED
« Reply #4 on: October 26, 2012, 11:10:27 AM »
Once this has run let me know if your menu returns

  • Download RogueKiller  and save it on your desktop.
     
    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled

  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ... 
  •     Click on Scan
   
 
  • Wait for the end of the scan. 
  • The report has been created on the desktop. 
  • Click on the Delete button.
     
  • The report has been created on the desktop.
  • Next click on the ShortcutsFix   

  • The report has been created on the desktop.
Please post:    All RKreport.txt text files located on your desktop.

ABPickett

  • Guest
Re: INFECTED
« Reply #5 on: October 26, 2012, 04:33:49 PM »
i have run the avg removal tool and the menu has not returned.
i am attaching the aswMBR file.
and will now run rogue killer

ABPickett

  • Guest
Re: INFECTED
« Reply #6 on: October 26, 2012, 04:39:16 PM »
attached are the RKreports

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: INFECTED
« Reply #7 on: October 26, 2012, 04:49:04 PM »
Are the menus still missing ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:OTL
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

ABPickett

  • Guest
Re: INFECTED
« Reply #8 on: October 27, 2012, 01:04:13 AM »
Yes the menu is still missing and I am currently running OTL which is taking awhile. It is still killing processes which has been about an hour so far.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: INFECTED
« Reply #9 on: October 27, 2012, 12:22:58 PM »
OK stop OTL, Uninstall MBAM.  Re-run the OTL fix and reinstall MBAM

 
Restore Accessories Program Files Menu 
 
Please download this tool
 
 
You will need to unzip the tool first. 
 
Once you've unzipped the tool, please double-click on it to run it. 
 
Ensure that the following check boxes are checked (as seen in this image below): 
 


 
Once they are, click on the Restore button.
 
 
 
Restore Admin Tools Program Files Menu 
 
Please download this tool
 
You will need to unzip the tool first. 
 
Once you've unzipped the tool, please double-click on it to run it. 
 
Click on the Restore Administrative Tools Items button. 
 
As seen in this image below: 
 


 
This next one will produce the necessary shortcut links which you can cut and paste into the start menu folder
Download the Repair.vbs file to your destop
Run the repair.vbs
It will ask for a folder name call it recovery
The tool will let you know when it is finished
On the desktop will be a recovery folder 
Open the folder
Cut and Paste the links that you want to C:\documents and settings\your name\start menu







ABPickett

  • Guest
Re: INFECTED
« Reply #10 on: October 27, 2012, 05:35:04 PM »
I have run the "restore accesories" and the "restore the admin tolls" but when I run the Repair.vbs I get a windows script error "Loading your settings failed (Access is denied)"

ABPickett

  • Guest
Re: INFECTED
« Reply #11 on: October 27, 2012, 06:02:13 PM »
sorry forgot to rerun OTL quick scan i have now and attached the file

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: INFECTED
« Reply #12 on: October 27, 2012, 08:12:36 PM »
I have just tried it on my VM and it worked quite nicely
Lets look deeper

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Allow the installation of the recovery console




  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

ABPickett

  • Guest
Re: INFECTED
« Reply #13 on: October 27, 2012, 09:09:16 PM »
 I ran combo fix, I still do not have items in my start/file and folder box I do however have some of my icons back on my desk top (like the recycle bin), and my internet explorer still seems to be hijacked every time I start it it asks me if I want it to be my default browser and such like I am starting it for the first time. and google chrome does the same, I also cannot change any of the security settings every time I do it reverts back to where they were previously also when I try and turn off windows fire wall it says its off but the check marks stats it is on. attached is combofix log

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: INFECTED
« Reply #14 on: October 27, 2012, 09:37:56 PM »
OK looks like some repairs to do, once this programme has run let me know what problems are outstanding 

Download  Windows Repair (all in one)  from this site

Install the programme then run



Go to step 3 and allow it to run SFC



On the start repairs tab click start


Select the following  items and tick restart system when finished