Author Topic: test. PLEASE respond!  (Read 31509 times)

0 Members and 1 Guest are viewing this topic.

kissagain

  • Guest
test. PLEASE respond!
« on: March 17, 2013, 10:39:45 PM »
My computer has a Malware problem, I truly believe. However, this post is a test, as I am NOT on MY computer at which I attempted to post with a request for assistance. My computer didn't allow the CAPTCHA to be accepted or sent or whatever the problem. Therefore I am testing to find out if the CAPTCHA works at the library computer and ONLY not at mine. If the CAPTCHA works with this test, I will then return with all the detail of my problem for help.
 So, PLEASE reply to this post letting me know that it is received.
Thank you,
kissa

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: test. PLEASE respond!
« Reply #1 on: March 17, 2013, 10:44:13 PM »
Hi what are the symptoms ?

kissagain

  • Guest
Re: test. PLEASE respond!
« Reply #2 on: March 19, 2013, 02:01:30 AM »
Hi essexboy,
I hope I can continue my problem with this thread. I am going to try anyway.
Thanks for replying. I have been finding several symptoms, beginning with a short time after getting the many popups for "Malicious URL Blocked". Most of them indicate the infection to be URL:MAL. I have had a few indicate an infection for a jvascript or Jscript or something like that... "J*script". I dont'; have the exact on the script infection because I have misplaced my notes, including the print out that I made of your post titled "Logs to assist in cleaning Malware". with both popups I get the indication that they are happening in the svchost.exe. I have run a few of the programs in the past in attempting to get through onto the forum for help.
First to answer your initial question, the first thing I noticed was that I could not get to www.Google.com (still not able to). I get an error of page not available. My sound has stopped for me totally, my printer no longer will print, I cannot use any site that require CAPTCHA, inthat the words do not show for me to copy into a box (if I even get a box). There may be other syptoms that I am not recalling at this time or that I might not have realized in encountering.

I have run the first three of the programs that you request in your posting (named above). I am attaching all four of the log files that you request from them (Adwcleaner[S3], mbam-log-2013-3-18(17-54-06), the OTL, and the Extras(X)). I ran the programs and retreived the logs today with the exception og the Extras(X) file. There was not Extras file produced today, but the one that I have included was from the last time I ran the programs on my computer. If you find that you might need the logs from previous scan, I have them also.

I hope you will be able to help me with my rpoblem. Thank you for any help that you will be able to give me.

kissagain

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37504
  • Not a avast user
Re: test. PLEASE respond!
« Reply #3 on: March 19, 2013, 02:09:42 AM »
also attach aswMBR log

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: test. PLEASE respond!
« Reply #4 on: March 19, 2013, 04:20:37 PM »
OK this looks like we may need to run some repairs as we go.  I will start off with three programmes to remove as much as possible and then try to do some repairs on completion
Please attach all logs
 

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

:Files
ipconfig /flushdns /c
netsh int ip reset  /c
ipconfig /release /c
ipconfig /renew /c
netsh winsock reset /c

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.
 
 
  • Doubleclick on TDSSKiller.exe to run the application


  • Then click on Change parameters.
     

     
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
     
  • Click the Start Scan button.
     
     
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
     

     
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

  • Get the report by selecting Reports

 
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.

FINALLY

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Allow the installation of the recovery console




  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: test. PLEASE respond!
« Reply #5 on: March 19, 2013, 04:31:01 PM »
@    kissagain
The captcha requirement in the avast forums is an anti-spammer measure, but it is only for the first 3 posts. After that you should be OK in the forums without having to go to the library.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

kissagain

  • Guest
Re: test. PLEASE respond!
« Reply #6 on: March 20, 2013, 11:36:43 PM »
Essexboy
 I have 1 question before I proceed. For the custom scan, "code: [select] or only the text that is in the lavender box?
kissagain

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: test. PLEASE respond!
« Reply #7 on: March 20, 2013, 11:42:28 PM »
That is correct, if you click the underlined select it will highlight the necessary text for you to copy

kissagain

  • Guest
Re: test. PLEASE respond!
« Reply #8 on: March 22, 2013, 10:51:05 PM »
essexboy
Yesterday I proceeded with the process you wanted of me.
I ran the OTL "RUN FIX" with the custom scan. It ran for at least over an hour when my computer sceen went into sleep mode and my desktop closed. I was not able to logon to my computer screen again. I had to perform a "hard" shutdown. I then left it off until today at which time I ran the OTL Quick Scan and have now attached that report. After running the OTL Quick Scan I downloaded and began the TDSSKiller.exe program. It ran for almost 4 hrs when I left home to come to the library for this reply. (I will abort it when I get home). When I left it seemed was still at the same point it was shortly after I left home, processed 4 objects and was still on the same object. (something like C:\WINDOWS\systems32\ASPI ****  not sure the rest)
I will await your reply.
Should I rerun TDSSKiller.exe
Thanks
kissa

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: test. PLEASE respond!
« Reply #9 on: March 22, 2013, 11:04:52 PM »
Hmm that seems a tad weird

Could you go direct to the combofix stage please, but when you download combofix rename it to Gotcha as something is a tad hinky here that is not showing in the normal scans

kissagain

  • Guest
Re: test. PLEASE respond!
« Reply #10 on: March 23, 2013, 07:31:48 PM »
essexboy,
Again, I seem to have another problem. I ran the ComboFix (after ownload, named it Gotcha) It got stuck at a point that says "Completed Stage_48" (still open and stuck, on my computer) obviously without a log (I even checked).
Thanks
kissa

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: test. PLEASE respond!
« Reply #11 on: March 23, 2013, 07:35:09 PM »
Could you stop combofix please.  Reboot to safe mode and then retry from there

kissagain

  • Guest
Re: test. PLEASE respond!
« Reply #12 on: March 23, 2013, 10:10:47 PM »
I rebooted into safe mode, choosing the command prompt mode. Then I had further options. I then selected microsoft windows, which brought me to a windows logon with only the admin icons. I logged on which then opened a command prompt window. I entered the command "run" then the path for "gotcha.exe" (on the desktop). I got a return msg saying, " 'run' is not recognized as an internal or external command operable program or batch file."
It has been a long time since I have used commands within a prompt mode.
Please explain for me to get to where I need to go to run the "gotcha.exe" (ComboFix.exe renamed as previously directed)
I have shut down my computer at home and will be waiting for a hopeful quick reply here.
Thank you,
kissagain

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: test. PLEASE respond!
« Reply #13 on: March 23, 2013, 10:16:23 PM »
When you get to the safe mode menu select "safe mode with networking"
This will then bring you to the windows desktop and you can run from there

kissagain

  • Guest
Re: test. PLEASE respond!
« Reply #14 on: March 24, 2013, 04:48:36 PM »
essexboy,
I was able to get ComboFix to run in safe mode. However,  again, it ran up to the same point and no log .... "Completed stage_48".
(FYI - able to now post from home without the CAPTCHA)
kissagain