Author Topic: AV Security 2012  (Read 11601 times)

0 Members and 1 Guest are viewing this topic.

Fran9932

  • Guest
Re: AV Security 2012
« Reply #15 on: November 20, 2011, 07:17:59 PM »
Here is the combofix log. It took quite a while....

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: AV Security 2012
« Reply #16 on: November 20, 2011, 07:24:27 PM »
One more to kill and you should have the internet back.  Let me know what problems remain on completion please 

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
Quote
Folder::
c:\windows\$NtUninstallKB43628$

Save this as CFScript.txt, in the same location as ComboFix.exe


Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Fran9932

  • Guest
Re: AV Security 2012
« Reply #17 on: November 20, 2011, 07:26:21 PM »
I hate to sound stupid. but I do not seem to be able to disable any of my malware or antivirus. In the past that has not been a problem. Now I do not see the option to disable. Kept having to tell Avast not to sandbox the previous program. Follow the same procedure?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: AV Security 2012
« Reply #18 on: November 20, 2011, 07:30:07 PM »
Right click Avast and select shield control > disable till reboot
Then run the Combofix script

Fran9932

  • Guest
Re: AV Security 2012
« Reply #19 on: November 20, 2011, 07:55:02 PM »
This may be a double post but i do not see. Attached is a screen shot of what I am able to see to disable avast. what you have pictured is not an option. when I try to do as you said with combofix I am told the file is spelled incorrectly. Will get a screen shot of that.
Thanks for your patience.
 

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: AV Security 2012
« Reply #20 on: November 20, 2011, 07:57:50 PM »
OK just do the stop thing with Avast - do notlet it quarantine/delete or sandbox anything

Could you confirm the the file you are dragging is called CFScript


If it still fails then just re-run combofix and it should get it this time ... Do you have internet back now

Fran9932

  • Guest
Re: AV Security 2012
« Reply #21 on: November 20, 2011, 08:16:26 PM »
Now internet on my laptop is crawling slowly..... No internet on desktop. I believe my ip address was stripped.
Attached is my log. Can I just restore to an earlier date?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: AV Security 2012
« Reply #22 on: November 21, 2011, 12:11:29 AM »
Yes you can try a restore
Quote
I believe my ip address was stripped
What do you mean by this ?

Fran9932

  • Guest
Re: AV Security 2012
« Reply #23 on: November 21, 2011, 02:46:00 PM »
When I go to internet explorer and run a diagnostics, the log says there is no IP address and that I should reboor the modem. Whenever I do this, I have no luck. I was on the phone with the service provider and they could not get it to run either. We even typed in a number in the bar and that would not pull up any service. This is when I found the virus and they said SOL, your problem, not ours.
I will try a restore to a day earlier in the month and then see what happens.

Fran9932

  • Guest
Re: AV Security 2012
« Reply #24 on: November 21, 2011, 03:00:35 PM »
The only days offerec by my computer for restore points are yesterday and the day i got the virus, which sounds kinda tricky to me. Would you restore to the day you got the virus????

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: AV Security 2012
« Reply #25 on: November 21, 2011, 10:24:23 PM »
OK I see what you mean now - so lets investigate


Could you type the following in the run box please and let me know what the output is

CMD /K SC QC DHCP

It should be this

Quote
[SC] GetServiceConfig SUCCESS

SERVICE_NAME: dhcp
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : Tcpip
: Afd
: NetBT
SERVICE_START_NAME : LocalSystem

THEN

Open Services...
Start > Run > Type: services.msc > Click OK   
Scroll down to and double click DNS Client
Set to Automatic under Startup type 
Click the Apply button
Click the Start button
When it starts click OK

Repeat for DHCP Client.
And repeat for Remote Procedure Call (RPC).

When done, close Services.

Try the connection again

OK run OTL and run the following script as I need to check the dependency files

  • Select All Users
  • Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
afd.*
tcpip.*
netbt.*
/md5stop
C:\Windows\assembly\tmp\U /s
CREATERESTOREPOINT


Fran9932

  • Guest
Re: AV Security 2012
« Reply #26 on: November 21, 2011, 10:51:23 PM »
First step displayed exactly as you said it should.

The DNS was in the started mode already so I could not click start.

DHCP and i received the following error message:
Could not start the DHCP client service on the local computer.

Error 1075: The dependency service does not exist or has been marked for deletion.

I stopped here and did not run OTL again. Is that okay?

Thanks again!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: AV Security 2012
« Reply #27 on: November 21, 2011, 11:02:27 PM »
Could you now run OTL as I need to determine if the files are present and the registry keys are intact

So a slight change to the script could you copy the following into the custom scans and fixes box and then press Run Scan


/md5start
afd.*
tcpip.*
netbt.*
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s


Fran9932

  • Guest
Re: AV Security 2012
« Reply #28 on: November 21, 2011, 11:24:36 PM »
Here is the otl log

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: AV Security 2012
« Reply #29 on: November 21, 2011, 11:46:28 PM »
Hi I am afraid you did not copy the script properly so if you could download the attached scan.txt to your desktop
Start OTL
Double click the blank custom scan and fixes box
On the prompt that comes up press OK
Locate and select the scan.txt that you downloaded and press run scan