Re: *** URGENT *** Vile viruses that are proving difficult to resolve.

[nexar]

I've been doing some further testing.  The error only appears when I try to login to this one webmail provider.  They use Open-Exchange Server software.  Once I click the 'prevent...etc' it shows a small window saying Rebuild Tree...60% and then get's stuck there.

I have been able to login from another m/c to that webmail without problem so clearly it is a remnant of the infection on this m/c.

I'm happy to contact the webmail ISP but not sure what it is I'm going to ask them other than explaining the symptoms.  Do you guys want me to ask any specific questions.  I'll hold off from contacting them until I've had some direction from you.

Thanks. 

I was so sure that everything had been resolved.  So near and yet a bit far!!

Nexar

[essexboy]

Try this quick fix and then retry

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:OTL
IE - HKU\S-1-5-21-4243572757-462005793-91445984-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.16.0.1:8080


:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[nexar]

Thanks will let you know once all that's done.

[nexar]

Hi

I tried running the OTL quick fix mentioned above.  On the screen I have the OTL window showing a message at the bottom of the screen saying : 'Killing processes: DO NOT INTERRUPT....'

All the desktop icons are still there.  However the clock is frozen to around the time when the OTL process started.  I can still move the cursor but apart from that it looks like the process has hung the machine.  There is no disk activity. I haven't tried to bring up the Task Manager using Ctrl+Alt+Del.

Is there any way of telling if the process is still running?  If not what is my next step?

Thanks

Nexar

[Pondus]

abort it, and try run the fix from safe mode...

possible avast or malwarebytes if you installed it as pro version, the is protecting its process from being killed

[nexar]

Hi

I ran the fix in safe mode as suggested and the log from it is attached.  However now I can't get FireFox to start up.  It tries to start but then nothing happens.  However when I then try to shut the system down it says attempting to shutdown FF or words to that effect.

Please help as getting FF back is fairly crucial to my work.

Thanks

Nexar

[Pondus]

Essexboy will continue when he arrive here later....usually after work hours UK time....

[nexar]

Ouch but OK.  By the way IE also doesn't start on the m/c.

Will wait to hear from Essexboy.

Nexar

[essexboy]

I can see no reason in that log why FF nor IE are functioning

Lets check the services out

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  
• Accept the disclaimer and allow to update if it asks

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.[/b]
  

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[nexar]

Hi

Ran Combofix.exe as required.  it started running and I left it.  When I came back the window was no longer there.  Does it close itself?  However no c:\combofix.txt file either.  Should I re-boot before it will appear?

Too scared to anything at the moment.

[essexboy]

Yes reboot please

[nexar]

Ok rebooted.  Still no comfix.txt file.  Then I tried to run FF and that didn't come up although it's showing in the Task manager.  Wanted to check something else on the drive and explorer (not IE) has stopped working now.

Getting very worried about this.  Please help.

Nexar

[essexboy]

Could you reboot to safe mode and run combofix from there please, this is something new as all I removed was a proxy setting

[nexar]

Sure I will but I did reboot whilst waiting for your reply and one of the things I found was a number of my services missing.  I'm hoping that is temporary.

Any way wait till I have rebooted in safe mode and run comfix.  Will let you know soon.

Thanks for all your help.  Hopefully we change directions and move towards the positive soon.

Nexar

[nexar]

I started in safe mode and ran combofix which did run but then it told me that avast was still running and that combofix would continue to run but at my risk.  However I did not get an option to terminate or anything.

It is currently running in safe mode in what appears to be a dos like window.  It is Attempting to create a new System Restore point.

It is has now connected to download.microsoft.com and is downloading some restore software.

What EXACTLY is happening?!!  This is getting worse rather than better.

VERY WORRIED NOW

Nexar