Jump to content

CatByte

Trusted Malware Techs
  • Content Count

    174
  • Joined

  • Last visited

About CatByte

  • Rank
    WTT Teacher

Previous Fields

  • Teams:
    Nothing Selected
  1. We just have some housekeeping to do now, Please do the following: You can delete the TDSSKiller, JRT, aswMBR and the Farbar logs and programs from your desktop. NEXT Follow these steps to uninstall Combofix Make sure your security programs are totally disabled. Press the WinKey +R to open a run box Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there. NEXT Double click on adwcleaner.exe to run the tool. Click on Uninstall. Confirm with yes. NEXT Clean up with OTL:
  2. It would appear JonTom has already removed the infection there are just a few orphaned files left behind which we will clear up now, then we can take care of cleaning up the tools Run OTL.exe Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL :OTL DRV:64bit: - [2012/11/14 14:32:45 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:WindowsSysNativedriversavgtpx64.sys -- (avgtp) IE:64bit: - HKLM..SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKCU..SearchScop
  3. Hello, While my good friend and colleague JonTom is taking a short break, I am going to assist you Have the redirects stopped now? Are there any outstanding issues? If you could please run a fresh log with OTL and post the results, I can make certain there is no remaining malware thanks
  4. Hi, Looks good Juliet will want you to intall SP3 at some point, so I'll turn you back over to her to do some final scans Glad to have helped ~CB Over to you Juliet
  5. Good I like to copy those files and put them in the DLLCACHE for insurance, just so they are handy if anything like this happens again so please do the following: Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Copy/paste the text inside the Codebox below into notepad: Here's how to do that: Click Start > Run type Notepad click OK. This will open an empty notepad file:
  6. OK good, there are suitable replacements available please do the following: Go to Start > Run type cmd into the open run box and hit enter. This will open the command prompt window. Now type in the following red text exactly as seen at the command prompt. expand C:\WINDOWS\i386\explorer.ex_ C:\explorer.exe expand C:\WINDOWS\i386\winlogon.ex_ C:\winlogon.exe (take note of the spaces, especially the space between .ex_ and C:\ - it needs to be there) Please let me know that the command executed properly - you should see something like "expanded to {x
  7. Hi, Juliet asked if I'd stop by to lend a hand. First let's see if you have any replacements on the machine that we can use. if not, we'll have you download SP3 and extract them from there Please do the following: Please download SystemLook from one of the links below and save it to your Desktop. Download Mirror #1 Download Mirror #2 Double-click SystemLook.exe to run it. Copy the content of the following codebox into the main textfield: :filefind *explorer* *winlogon* Click the Look button to start the scan. When finished, a notepad window will open with the res
  8. awesome: Please do the following: Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Copy/paste the text inside the Codebox below into notepad: Here's how to do that: Click Start > Run type Notepad click OK. This will open an empty notepad file: Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')
  9. Perfect I believe that stop message has given us what we need without having to run the scan. This is what I need you to do: Boot the computer with the OTLPE CD wait till the reattogo desktop loads (this takes a very long time - be patient) First I want to make sure you have the service pack files accessible to you and that i8042prt.sys exists there Now you need to navigate to C:\WINDOWS\ServicePackFiles\i386 This is how to do that: At the bottom left of the ReattoGo GUI is a small windows type symbol > that's your start button go to Start> My co
  10. Hi, pardon my intrusion, but Juliet asked if I could assist. I'll do my best. Couple of things we need to do: First we need to find the file name and error you are getting: Reboot your computer: When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode Select "Disable Automatic Restart on System Failure", as shown here: When your system errors, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are lookin
  11. Hi, You are clean, Time fr some housekeeping: please do the following: Your Java is out of date. Java™ 6 Update 14 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; > follow the prompts. NEXT A defrag may improve the speed of your machine somewhat. Download and run Auslogics Disc Defragmenter NEXT Follow these steps to uninstall Combofix Click START then RUN Now type Combofix /uninstall in the runbox and click OK.
  12. Hi, Those items are in the Avast quarantine Please post a fresh DDS and Attach.txt and advise how your computer is running now and if there are any outstanding issues.
  13. hi, much of that log was cut off, you may need to post it over several posts: Please do the following as well: Please open your MalwareBytes AntiMalware Program Click the Update Tab and search for updates If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish, so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. <-- very important When disin
  14. Hi, You have several antivirus programs Avast, Kaspersky and CA, you need to remove two of them. Having more than one antivirus program causes system slow downs, conflicts and crashes. Please do the following: Please plug in your usb when you run this script. You appear to have an infection on your usb also. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Copy/paste the text
  15. Please post the latest ComboFix log as well, thanks
×
×
  • Create New...