Author Topic: xp virus  (Read 11522 times)

0 Members and 1 Guest are viewing this topic.

Offline avastment

  • Jr. Member
  • **
  • Posts: 66
Re: xp virus
« Reply #15 on: December 04, 2011, 08:52:52 PM »
I hope OTL is a file I just downloaded from opensource.
And first time I clicked on link to get to OTL this site popped up.
http://www.apartmentfinder.com/?ecid=PS|MV1|21189S281210530

Offline ady4um

  • Massive Poster
  • ****
  • Posts: 2667
Re: xp virus
« Reply #16 on: December 04, 2011, 08:54:42 PM »
What's OTL?

Read the previous post of essexboy. The "OTL" word (in red) is a link. Follow EXACTLY the instructions he wrote in his previous post (copy them to some text file if needed).
ADD/REMOVE PROGS -> avast -> CHANGE/REMOVE -> REPAIR & REBOOT
Avast! 7 FAQ | FAQ & KB | Docs | Removal Utils | Configure Mail Shield | report FP | License Registration | UNSECURED?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37027
Re: xp virus
« Reply #17 on: December 04, 2011, 09:14:54 PM »
What's OTL?
If you had checked the first link i gave you in reply #3....all info is there

OTL is a diagnostic tool....that can also remove malware using specific comands that you paste in
« Last Edit: December 04, 2011, 09:36:40 PM by Pondus »

Offline avastment

  • Jr. Member
  • **
  • Posts: 66
Re: xp virus
« Reply #18 on: December 04, 2011, 09:53:48 PM »
see attached

Offline avastment

  • Jr. Member
  • **
  • Posts: 66
Re: xp virus
« Reply #19 on: December 04, 2011, 09:54:38 PM »
see attached
« Last Edit: December 06, 2011, 10:12:41 PM by avastment »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: xp virus
« Reply #20 on: December 04, 2011, 11:27:59 PM »
Could you post the combofix log please it should be at C:\combofix.txt

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Quote
    :OTL
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.17.1.1:8080
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.17.1.1:8080
    O3 - HKU\S-1-5-21-3965117846-3910970753-1910252748-1006\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-3965117846-3910970753-1910252748-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\S-1-5-21-3965117846-3910970753-1910252748-1006\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - Reg Error: Value error. File not found
    [2009/02/25 18:21:08 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\my name\Application Data\.#

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Offline avastment

  • Jr. Member
  • **
  • Posts: 66
Re: xp virus
« Reply #21 on: December 05, 2011, 12:01:18 AM »
Rather than work or carry my XP back home and back again.  I left it where it at work. I am at home on my W7 now.
First thing tomorrow morning 7am
I'll do what you say in above.

And if you want or can I if this works delete those two text files I uploaded or do some people have better things to do than read both?

Thanks

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37027
Re: xp virus
« Reply #22 on: December 05, 2011, 12:06:27 AM »
Quote
And if you want or can I if this works delete those two text files I uploaded or do some people have better things to do than read both?
It is usually only of interest to those removing malware....but if you want you can edit your post and remove them   ;)

Offline avastment

  • Jr. Member
  • **
  • Posts: 66
Re: xp virus
« Reply #23 on: December 05, 2011, 05:03:29 PM »
8:04am.  Your instructions are easy to follow.
Will attachment tell Avast what was causing problem so Avast can help others or is it a fix with no telling what caused problem?
And why is there a warning triangle on Avast A in my task bar.  I saw it there yesterday.
« Last Edit: December 06, 2011, 10:13:01 PM by avastment »

Offline avastment

  • Jr. Member
  • **
  • Posts: 66
Re: xp virus
« Reply #24 on: December 05, 2011, 05:57:08 PM »
8:58am.  I typed into FF8 search google box Avast and a Avast sites choice came up.  I left click on top one and was misdirected to some other site having nothing to do with Avast.

Warning triangle is still over Avast A in task bar.  And I did do an update.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: xp virus
« Reply #25 on: December 05, 2011, 08:55:31 PM »
Hi lets now have a look at your partitions

Do the following:
Start -> Run
type diskmgmt.msc
Click "OK"
 
Disk Management will open.
 
Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.
 
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.

THEN

Please download MBRCheck.exe to your Desktop. Run the application.
 
If no infection is found, it will produce a report on the desktop. Post that report in your next reply.
 
If an infection is found, you will be presented with the following dialog:
 
Quote
Enter 'Y' and hit ENTER for more options, or 'N' to exit: 

 
Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

Offline avastment

  • Jr. Member
  • **
  • Posts: 66
Re: xp virus
« Reply #26 on: December 05, 2011, 09:14:53 PM »
see below for screen shot
« Last Edit: December 06, 2011, 10:13:18 PM by avastment »

Offline avastment

  • Jr. Member
  • **
  • Posts: 66
Re: xp virus
« Reply #27 on: December 05, 2011, 09:20:47 PM »
see attachment.

I fixed warning triangle earlier by clicking auto download new versions.   White A in red circle is fixed.
« Last Edit: December 06, 2011, 10:13:38 PM by avastment »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: xp virus
« Reply #28 on: December 05, 2011, 09:32:42 PM »
You have the new kid on the block

Please read these instructions three or four times please to ensure that you know what you are doing... Any doubts then please ask

 I need you to download: gparted-live-0.10.0-3.iso (115.1 MB)
Windows XP Recovery Console rc.iso 
 
Create a bootable CD, 1 for Gparted and 1 for the Windows XP Recovery Console, from the ISO images.  You can use ImgBurn do this.
 
Now boot off of the newly created Gparted CD.
 

You should be here...
Press ENTER
 

By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER.
 

Choose your language and press ENTER. English is default [33]
 

Once again, at this prompt, press ENTER
 
You will now be taken to the main GUI screen below

According to your logs, the partition that you want to delete is  8Mb
I have highlighted it in your screenshot and attached it below
Click the trash can icon to delete and then click Apply.
 
You should now be here confirming your actions:

 
Now you should be here:

 

Is "boot" next to your OS drive?
 
If "boot" is not next to your OS drive under "Flags", right-mouse click the OS drive while in Gparted and select Manage Flags
 
In the menu that pops up, place a checkmark in boot like the picture below:

 
Now double-click the button.
 
You should receive a small pop up like this:

Choose reboot and then press OK.
 
Now reboot from the Windows XP Recovery Console CD and execute the following commands:
 
  • fixmbr \Device\HardDisk0
  • fixboot c:
  • exit
Once back in Windows.
 
Download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter[/i] twice.
  • If nothing unusual is found just press Enter[/i]
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.   
  • Attach that file.

Offline avastment

  • Jr. Member
  • **
  • Posts: 66
Re: xp virus
« Reply #29 on: December 05, 2011, 09:57:42 PM »
I managed to download   gparted*.iso, rc.iso and imgburn.
problem.  I need to open first two.  Do I need special programs to open *.iso files before I can send them each to a CD?  They don't just open!