Also having the ping.exe

[iSocialism]

I somehow got the vista internet security 2012 virus, and I was able to get rid of it( or the most part) with MAMB. But now I'm having the ping.exe problem. Avast is keeping it under control, by blocking it for now. I followed the OTL thing to my best understanding.

[mikaelrask]

welcome to the forum. someone will check that log for you and give you further advise.

after i Google the ping.exe i got up it could be part of another rough malware by the name xp home security malware.

removal instructions can be find here.

http://www.bleepingcomputer.com/virus-removal/remove-xp-home-security-2012.

but it strange that malwarebytes has not detect it.

do you have the latest database in your malwrebytes? its getting updated several times a day sometimes.

you could update the database of malwarebytes and do a new scan and see what comes up as a first option, until you get further instructions by our malware expert.

good luck

[oldman]

Hi iSocialism,




Open FireFox

• click Tools > Options
  
• Click the Advanced button
  
• Click the Network tab
  
• In the connections section click the Settings button
  
• Check mark No Proxy
  
• OK your way out.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  
  
• Right click on ComboFix.exe, click Run as Administrator & follow the prompts.
  

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3 CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Please post back with the combofix log.

Thanks

[iSocialism]

Well, I tried the combo fix, but I ran into an internet problem, after my computer restarted. Can't connect know due to a Dhcp client tool thing. I('m using another laptop. I don't have the windows CD. I lost that when i was moving awhile ago. But it's giving me the error 1075 when i tried to start the dhcp. the afd.sys is in system32 but is missing in the the other place, which I can't recall the name of. I've looked around and seem others having the problem so it seems common, but couldn't find a good answer. Hoping someone would know. I have access to another laptop and an USB drive.

[oldman]

HiiSocialism,

Please go to Start - Run - type in eventvwr.msc to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.

[oldman]

Hi iSocialism,

Along with the Event items let's check something out.

We will use OTL for this

Next

Please open OTL .

• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, click the None button near the top (it may looked greyed out)
  
  
• In the window under Custom Scans/Fixes copy and paste the following
  
  
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD /s
  /md5start
  afd.*
  /md5stop
     
  
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  

When the scan completes, it will open a notepad window, OTL.Txt. Please post this log.

[iSocialism]

Okay, here are the files. I double checked and the afd is missing in device mgmt under non play n device are something like like. I've tried to add a .reg but it won't let me.

[oldman]

Hi iSocialism,

I can't read the OTL log. Please make sure that when saving files in notead that the encoding box at the bottom is set to ANSI.

Did you type the text into OTL's custom Scan/fixes window as one of the switches appears to be incorrect in the bit of the log I can read?

The Event log does show something that may be usefull.

Let's try this again. To ensure the Custom scan gets copied correctly please copy and paste the following bolded text into a notepad and save it to your usb device. Transfer the usb to the sick computer and copy and paste the text from the notepad into OTL. Use the same settings as before.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\afd /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdx /s
/md5start
afd.*
tdx.*
/md5stop

Please check for a combofix log. It should be located at C:\combofix.txt

Please post back with the OTL.txt and combofix log.

[iSocialism]

Someone else helped me. I don't know how they fixed it, but my computer is better.

[oldman]

Ok thanks for letting me know.