Author Topic: XP Internet Security 2012 Trojan virus  (Read 25487 times)

0 Members and 1 Guest are viewing this topic.

jackelec

  • Guest
Re: XP Internet Security 2012 Trojan virus
« Reply #15 on: July 02, 2011, 11:47:43 PM »
What did I do wrong  ???

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: XP Internet Security 2012 Trojan virus
« Reply #16 on: July 02, 2011, 11:48:13 PM »
Did OTS create a log file ?

If not then can you burn a CD and we will work outside of windows

Please print these instruction out so that you know what you are doing

Latest version: v3.1.47.1

OTLPENet.exe
MD5=79209302A1AFB2490808DB890A815CED
Size: 127,222,215b / 121.3MB

  • Download the attached scan.txt to a USB drive
  • Download OTLPENet.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn  to burn the file to CD

  • Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads  :) 
  • Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Double click the Custom scans and fixes box
  • In the dialogue locate the scan.txt you have on the USB
  • Press Run Scan to start the scan.
  • When finished, the file will be saved  in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive. 
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

jackelec

  • Guest
Re: XP Internet Security 2012 Trojan virus
« Reply #17 on: July 02, 2011, 11:51:05 PM »
I don't see a log. I'll have to follow your directions - hopefully I can understand this.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: XP Internet Security 2012 Trojan virus
« Reply #18 on: July 02, 2011, 11:53:15 PM »
I will be here for a little longer

It is a very easy programme to run albeit a bit slow as it is a PE windows

jackelec

  • Guest
Re: XP Internet Security 2012 Trojan virus
« Reply #19 on: July 03, 2011, 12:00:13 AM »
I hope it is easy, because you are dealing with someone who knows just enough to be dangerous. I will work on this a few minutes longer and then need to go pick up a kid and start some dinner. Hopefully I don't really mess something up.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: XP Internet Security 2012 Trojan virus
« Reply #20 on: July 03, 2011, 12:04:25 AM »
No problem it is late here in the UK so I will be going to bed soon.   But with the Reatogo desktop you will be able to access all your files and folders and go online  ;D

jackelec

  • Guest
Re: XP Internet Security 2012 Trojan virus
« Reply #21 on: July 03, 2011, 12:08:39 AM »
Now all of a sudden all of my icons are back?? HMMMMM?

So there is an icon for OTS text, but when I try to open it I get a message saying "Not enough quota to process this command."

That is the same message I get when I try to copy OTLPENet.exe to my desktop.

jackelec

  • Guest
Re: XP Internet Security 2012 Trojan virus
« Reply #22 on: July 03, 2011, 05:44:23 AM »
I am about to give up! After nearly 3-4 hours at this, I have gotten no where. I went through the process of attempting to create a CD to reboot and create Reatogo desktop. I went into my system set up and chose to boot from my disk drive, but apparently it isn't doing that because nothing has changed on my desktop. When I open the CD the information is there though.

So, since I was stuck, I tried the steps listed here... http://answers.microsoft.com/en-us/windows/forum/windows_vista-security/windows-vista-2012-security-pop-ups/34fed570-caeb-410a-af2f-5d3b79f92921?page=1&tm=1309663712164#footer

Answer Removal guides that are very helpful when researching how to get rid of Vista Security 2012 malware:


http://deletemalware.blogspot.com/2011/06/remove-vista-antispyware-2012-win-7.html


http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012


Tools need to remove the rogue application.
1. FixNCR.reg http://download.bleepingcomputer.com/reg/FixNCR.reg
2. Rkill (optional) http://www.bleepingcomputer.com/download/anti-virus/rkill
3. Malwarebytes Antimalware, SUPERAntispyware, Hitman Pro or any other anti-malware software.June 25, 2011 Reply with quoteReport abuse
Child exploitation or abuseHarassment or threatsInappropriate/Adult contentNudityProfanitySoftware piracySPAM/AdvertisingVirus/Spyware/Malware dangerOther Term of Use or Code of Conduct violation

I have gotten no where.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: XP Internet Security 2012 Trojan virus
« Reply #23 on: July 03, 2011, 11:15:58 AM »
Could you attach the OTS text to your post as I will open it here and hopefully create a fix for you

jackelec

  • Guest
Re: XP Internet Security 2012 Trojan virus
« Reply #24 on: July 03, 2011, 03:20:28 PM »
Argh!

I ran SUPER Antispyware Free edition last night and it SEEMS to have removed the problem, on the surface anyway as far as I can tell.

However, Now I can't access most of my programs. I either get told the Application was not found or it asks me to pick a program to open it with.

I obviously cleaned out things I shouldn't have.

I still can't figure out how to attach the OTS, nothing shows up on the Notepad, it doesn't even popup.
Should I run OTS again?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: XP Internet Security 2012 Trojan virus
« Reply #25 on: July 03, 2011, 03:48:12 PM »
OK lets clear the programme problem and yes could you run OTS again please  after running this small programme

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe 

Please post the contents of the RKreport.txt in your next Reply.

jackelec

  • Guest
Re: XP Internet Security 2012 Trojan virus
« Reply #26 on: July 03, 2011, 06:32:36 PM »
When I run RogueKiller and choose option 2 (Delete), it gets part way through the I get a message telling me it has encountered a problem and has to close.

The last thing in the Rogue Killer screen is:

127.0.01  www.100888290cs.com
[...]
Copy all to quarantine...

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: XP Internet Security 2012 Trojan virus
« Reply #27 on: July 03, 2011, 06:36:01 PM »
OK lets try this programme -  are you able to access safe mode at all ?

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

jackelec

  • Guest
Re: XP Internet Security 2012 Trojan virus
« Reply #28 on: July 03, 2011, 06:51:32 PM »
I am starting to think I need to admit defeat and take it to someone for repair!  :-\

I can't disable my spyware and virus protection because when I ran SuperAntispyware Free Edition it took all of my icons out of my tray and when I try to open them to disable them it asks me what program I want to use to disable them.

I can't even get into my Control Panel to Add/Remove programs. It tells me that Add or Remove Programs application is not found. I think I cleaned  out all of the dll's or whatever.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89015
  • No support PMs thanks
Re: XP Internet Security 2012 Trojan virus
« Reply #29 on: July 03, 2011, 07:11:35 PM »
If you are able to run SAS again, open its Repair function, that should give you back access to control panel, aside from the control panel repair it has many others.

You should be able to access the avastUI by starting it manually, C:\Program Files\AVAST Software\Avast\AvastSvc.exe.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security