Jump to content

Massive Virus Infection (repost From Other Forum)


RicOvalle
 Share

Recommended Posts

i was asked by someone to repost this here...please be aware i am unable to do any of the things requested at highjack this due to the computer not cooperating!

 

"hi folks, hope i can get some help...i have an eight year old Dell desk top (XP) that recently has been showing signs of impending doom...i run Norton anti-virus and use spybbot, malbytes and microsoft security eseentials...my problems started with what i found out was a TMP file virus...i started getting a temp file on my desktop ZLZIEAQML.TMP...then i started going through the google redirection...i looked up both issues and started the processes to clean them up...one of these things was to go into my windows file, access the WIN 32 file, open DRIVERS and then the ETC file and finally the HOST file...in looking at that open file (using notebook) i was told there should only be one address line for local host, mine had hundreds if not more, i tried deleting all the excessive address lines but i couldn't...i installed Kaspersky TDSSKiller and ran it along with Norton and my other programs and CCCleaner...i rebooted and everything seemed OK at first...then i saw that all my connections were gone so i went to system restore and the only restore point i could find was about 2 hours previous...i did that and all my connections came back but then i started getting pop ups claiming i was under attack and needed to get Microsoft Security Essentials which i though was weird since i already had that on my system...not only that but that it said it cost $69 annually when even (novice that i am with this stuff) i know that it's free...well i closed these pop ups but they continued to hit me like crazy...i then tried to run my different anti virus programs and they refused to open...i got messages like "you are not authorized to view this" or "windows cannot access the specified device, path or file"....i opened each program manually and tried to engage them but to no avail...i was able to access PCPITSTOP.COM after numerous redirects (even with typing directly into the address bar)...one there i read about using HighJackThis...i tried but after installing and trying to run the program it seemed to only get some of the neccessary info before shutting down...i then shut down and disconnected the ethernet device...now know that i had planned on buying a new system after this coming Christmas, after all as i said, this one is eight years old...so should i reformat this and try to eke out another 5 months out of it or try to convince my dear wife we need to move up the purchase of a new one...i know a little about reformatting this old one but not much, basically i'm pretty much a novice on this kind of stuff period..as they say a litlle knowledge can be worse then none at all...so any help and advice would be greatly appreciated...muchisimos gracias in advance!

Link to comment
Share on other sites

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

 

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to PC Pitstop. :)

 

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

 

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:

 

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

 

Because of this, I advise you to backup any personal files and folders before you start.

 

Next:

 

It does indeed not look good for your machine and a reformat and reinstallation of the Windows Operating System may be something we will have to consider. Saying that lets see what can be done...

 

1 - Are you still able to download anything with the infected machine or not and or is it able to boot up into Normal Mode?

 

2 - If the need do you have accesss to another machine and if so what Operating System does it have and does it have the ability to burn either a CD/R or DVD/R?

 

3 - Do you have a USB drive we could use to transfer tools to your infected machine?

 

Answer the above when ready and we will go from there, thank you.

Link to comment
Share on other sites

Hello and thank you for your quick reply...i am not able to download anything...once the browser page is opened and i try to access a web page it says i can't connect for various reasons such as "can't find pathway" or "you don't have permission to view this"...this goes for everything from a potential virus removal tool to ESPN...i have contacted you through a workplace computer that is lacking a burner but i do possess an eight gig flash drive...our IT Dept here though has severe restrictions placed on my system so who knows what i can and can't access...i have already saved and burned some items (photos mainly) to DVD's...my only concern in reformatting at this time is what to do with all my saved emails...i use outlook express and have lots of photos in emails i have received through the years as well as other important items...again thanks for your help in this

 

 

 

 

 

 

Hi and welcome to PC Pitstop. :)

 

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

 

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:

 

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

 

Because of this, I advise you to backup any personal files and folders before you start.

 

Next:

 

It does indeed not look good for your machine and a reformat and reinstallation of the Windows Operating System may be something we will have to consider. Saying that lets see what can be done...

 

1 - Are you still able to download anything with the infected machine or not and or is it able to boot up into Normal Mode?

 

2 - If the need do you have accesss to another machine and if so what Operating System does it have and does it have the ability to burn either a CD/R or DVD/R?

 

3 - Do you have a USB drive we could use to transfer tools to your infected machine?

 

Answer the above when ready and we will go from there, thank you.

 

Link to comment
Share on other sites

Hi. :)

 

OK it might be problimatic with regard to some of the tools I will be asking your good-self to download then transfer to your infected machine...as in the downloads may be blocked by the IT Dept restrictions you mentioned but no harm trying...

 

Any problems with downloading the below, you could ask one of your IT Dept staff for assistance and mention that none of the below are a security risk and by all means show them this topic etc.

 

With regard to this you mentioned:-

 

my only concern in reformatting at this time is what to do with all my saved emails...i use outlook express and have lots of photos in emails i have received through the years as well as other important items

There is a specific backup software I can advise but that all depends on whether we can get your infected machine back online.

 

Next:

 

Before using connecting your USB Drive it would be prudent to disinfect it to err on the side of caution as I would not want you to get into trouble with your company etc...

 

  • Please download Flash_Disinfector and save it to the desktop of the machine you will be using.(You can delete it afterwards)
  • Double click to run it.
  • You will be prompted to plug in your USB Drive. Plug it in.
  • Flash_Disinfector will start disinfecting your USB Drive. This takes a few seconds. Your desktop will disappear in the meantime.
  • When done, a message box will appear. Click OK. The desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
  • Click on File > New Task (Run...). Type in explorer.exe and press Enter. The desktop should now appear.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

 

Next:

 

Now please download the following(all of them as we may need to try different versions) then transfer to the desktop of your infected machine...

 

OTL.exe and both of these alternate named excutibles OTL.com and OTL.scr.

 

Now download all these versions of Rkill then transfer to the desktop of your infected machine...

 

One, Two,Three, Four or Five

 

Run Rkill:

 

(If one fails to work merely try another)

 

  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • Please leave Rkill on the Desktop until otherwise advised.
Note: A logfile will have been created, it can be located at the root of your installed Hard-Drive. EG: C:\rkill.txt.

 

Scan with OTL:

 

  • Double-click on OTL.exe to start OTL. <-- If it will not work try the others please.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.

    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
When completed the above, please post back the following in the order asked for:

 

  • How is your computer performing now, any further symptoms and or problems encountered?
  • rkill.txt.
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
Link to comment
Share on other sites

Sorry for the delay in getting back to you but i've been away from work...anyways i put the files on my flash drive with no problem here but when i tried to put them on my ill computer it longer opened up correctly...i tried more than once but to no avail...i was planning on reformating it but thankfully my wife said to heck with it, just get the new one....i am very thankful and grateful to you for your kind consideration and time in trying to help with this...i know where to come if i ever have any future problems...anybody want a crummy 2003 XP based PC? just kidding...i am going to donate it to a local charity org here that will clean it and give it to a deserving youth org...thanks again...

 

 

 

Hi. :)

 

OK it might be problimatic with regard to some of the tools I will be asking your good-self to download then transfer to your infected machine...as in the downloads may be blocked by the IT Dept restrictions you mentioned but no harm trying...

 

Any problems with downloading the below, you could ask one of your IT Dept staff for assistance and mention that none of the below are a security risk and by all means show them this topic etc.

 

With regard to this you mentioned:-

 

 

There is a specific backup software I can advise but that all depends on whether we can get your infected machine back online.

 

Next:

 

Before using connecting your USB Drive it would be prudent to disinfect it to err on the side of caution as I would not want you to get into trouble with your company etc...

 

  • Please download Flash_Disinfector and save it to the desktop of the machine you will be using.(You can delete it afterwards)
  • Double click to run it.
  • You will be prompted to plug in your USB Drive. Plug it in.
  • Flash_Disinfector will start disinfecting your USB Drive. This takes a few seconds. Your desktop will disappear in the meantime.
  • When done, a message box will appear. Click OK. The desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
  • Click on File > New Task (Run...). Type in explorer.exe and press Enter. The desktop should now appear.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

 

Next:

 

Now please download the following(all of them as we may need to try different versions) then transfer to the desktop of your infected machine...

 

OTL.exe and both of these alternate named excutibles OTL.com and OTL.scr.

 

Now download all these versions of Rkill then transfer to the desktop of your infected machine...

 

One, Two,Three, Four or Five

 

Run Rkill:

 

(If one fails to work merely try another)

 

  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • Please leave Rkill on the Desktop until otherwise advised.
Note: A logfile will have been created, it can be located at the root of your installed Hard-Drive. EG: C:\rkill.txt.

 

Scan with OTL:

 

  • Double-click on OTL.exe to start OTL. <-- If it will not work try the others please.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
When completed the above, please post back the following in the order asked for:

 

  • How is your computer performing now, any further symptoms and or problems encountered?
  • rkill.txt.
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...