Author Topic: Another "Privacy Protection" Victim ...  (Read 7953 times)

0 Members and 1 Guest are viewing this topic.

lostfilez

  • Guest
Re: Another "Privacy Protection" Victim ...
« Reply #15 on: November 30, 2011, 12:52:02 AM »
:D
the nefarious little icon is GONE...
I am able to open firefox...
I am able to run programs...
My computer has been saved!!

Oldman you are a GENIUS!!!!

THANK YOU!!!!
 :D

How does one say a proper thank you????
Seriously, what is proper protocol for someone saving a computer and files from imminent demise?


lostfilez

  • Guest
Re: Another "Privacy Protection" Victim ...
« Reply #16 on: November 30, 2011, 12:56:38 AM »
Oh Canada ...?
While saluting?
 ;D

http://www.mediafire.com/?4z4q04ik207c7z1

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: Another "Privacy Protection" Victim ...
« Reply #17 on: November 30, 2011, 01:13:02 AM »
    Hi ostfilez,

    A thank you is more than enough but thanks for the tune.  :)

    Let's tidy things up a bit.

    Your java is out of date.

    Click on the Start button > Control Panel

    Depending on your setings, either
  • Click on the Uninstall a program option under the Programs category.
  • If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.
Uninstall the following program

Java(TM) 6 Update 3


Do not uninstall Java(TM) 6 Update 26


Next

Go to Start > Control Panel , switch to Classic View if it isn't already.
  • Locate the Java icon (it looks like a coffee cup)
  • double click it to open it
  • click the Update tab
  • Click update now
Next, Right click on OTL.exe and chose Run as Administrator to run it
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
Code: [Select]
:Services

:Commands
[createrestorepoint]
[emptytemp]

Then click the Run Fix button at the top
  • Let the program run unhindered
No need to post the log.


Next

Download and save to your desktop Malwarebytes Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
                                                                                                                                                                                                                     

Please post back with thw MBAM log.


lostfilez

  • Guest
Re: Another "Privacy Protection" Victim ...
« Reply #18 on: December 01, 2011, 08:59:06 PM »
Did everything just as you asked ... and...

The MBAM scan took 2 minutes and came up with ...nothing!!

:D

Thank you so so so so much.
*salutes to Oh Canada*

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: Another "Privacy Protection" Victim ...
« Reply #19 on: December 02, 2011, 02:24:47 AM »
Hi lostfilez,

So far so good. Please post a new OTL scan log so we can see if there are any remnants. Just open the program by right clicking on OTL.exe and chose Run as Administrator and click Quick scan. 

lostfilez

  • Guest
Re: Another "Privacy Protection" Victim ...
« Reply #20 on: December 03, 2011, 04:24:03 AM »
Quick Scan complete.
 ;D

howz it look?

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: Another "Privacy Protection" Victim ...
« Reply #21 on: December 03, 2011, 09:21:31 AM »
Hi lostfilez,

This will be a quick scan with a short log.

Next

Please open OTL.

  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, click the None button near the top (it may looked greyed out)

  • In the window under Custom Scans/Fixes copy and paste the following



    /md5start
    userinit.*
    /md5stop
       


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window, OTL.Txt. Please post this log.



We'll get a file scanned at VirusTotal. If you are unable to copy and paste the filepath as in the instructions you can use the Browse button instead. If yu need to use the Browse button you will need to unhide the file,

  • Open Folder Options by clicking the Start button , clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
  • Click the View tab.
  • Under Advanced settings, click Show hidden files and folders, and then click OK.
To submit a file to virustotal, please click on this link

VirusTotal

copy and paste the following into the upload a file box 

C:\Windows\system32\userinit.exe
 


scroll down a bit and click "send file", wait for the results and post them in your next reply.

Please note that sometimes the scans take a few minutes. Please ensure that the scan has completed and the results are complete[/b.

Please post back with
  • OTL.txt
  • VirusTotal results
Thanks

lostfilez

  • Guest
Re: Another "Privacy Protection" Victim ...
« Reply #22 on: December 13, 2011, 12:04:55 AM »
 ???
Oh my gosh -- what happened??
My windows validation is in question and I can't start my computer.
A quick check indicates that an Avast download to Vista breaks the validation.

http://www.ccl-la.com/blog/index.php/alert-avast-av-seems-to-break-windows-validation/

what do I do????
I can't get into my computer!!

DonZ63

  • Guest
Re: Another "Privacy Protection" Victim ...
« Reply #23 on: December 13, 2011, 12:42:15 AM »
You sure you didn't mistakenly delete this file: C:\Windows\system32\userinit.exe?
« Last Edit: December 13, 2011, 12:45:42 AM by DonZ63 »

lostfilez

  • Guest
Re: Another "Privacy Protection" Victim ...
« Reply #24 on: December 15, 2011, 11:19:04 PM »
Pretty sure as I did nothing but what is posted in this thread.

still can't get into my laptop...using a different computer to write this.
:(

DonZ63

  • Guest
Re: Another "Privacy Protection" Victim ...
« Reply #25 on: December 16, 2011, 12:20:16 AM »
Windows validation error is somewhat ambiguous. Is it saying your copy of Vista is not genuine or is it asking you to revalidate which you do by entering your original Vista product key. Have you done that? Many times malware removal will cause core system drivers to be reinstalled. Each time a core driver is installed, a system change counter is incremented. Once a predetermined count threshold is reached, Windows assumes there has been a major system upgrade and you will be required to revalidate with the original OS product key. Sometimes the automatic validator won't work and you will have to call Microsoft, explain your malware removal activities and they will usually - not always - give you a new product key to enter. 

Are you on SP1? There appears to be a problem with Avast 6 and Vista SP1.

Appears the solution is to uninstall Avast which you can do in safe mode. You did post that you can get into safe mode. Then install another AV. I would also run Avast's cleaner to remove all traces of it prior to installing another AV.

Or install Vista SP2 after Avast has been removed and cleaned, then try to reinstall Avast after SP2 has been installed. I would download the SP2 installer on your other PC and burn it to CD/DVD or copy it to a USB drive rather than doing the SP2 download via WIN updates. Your choice.

« Last Edit: December 16, 2011, 12:31:46 AM by DonZ63 »

ady4um

  • Guest
Re: Another "Privacy Protection" Victim ...
« Reply #26 on: December 16, 2011, 12:20:59 AM »
Suggestions anyone?

Install SP1 if you haven't. Reboot. Install SP2 if you haven't. Reboot.

Go to "Control Panel -> System and Maintenance -> System" and re-validate / re-activate your Vista.

There is a possibility that you would need to re-activate Vista before updating each SP (#1/#2), and then, after rebooting, that you would need to re-activate it again.

After each, any and all of the above steps, reboot.

Finally, download the latest stable version of avast, install it with "right click -> run as administrator" and reboot when the installation finishes.

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: Another "Privacy Protection" Victim ...
« Reply #27 on: December 16, 2011, 08:46:05 AM »
Hi lostfilez.

What exactly did you do?