Jump to content


Photo
- - - - -

Browser HiJack


  • This topic is locked This topic is locked
26 replies to this topic

#1 nuttypoo

nuttypoo

    Member

  • Members
  • PipPip
  • 13 posts
  • OS:Windows Vista
  • AV:AdAwaare, SbyBot S&D, MalwareMytes
  • HIPS:Windows Standard
  • Other:None

Posted 18 December 2011 - 08:26 AM

Hello, please advise, after completing a Emisoft Scan it stated it could not remove all components and to visit this forum for additional surropt. I have attached the logs as required in the "Getting Started" section. And have not removed anything after the scans.

[attachment=8586:EEK Log.txt][attachment=8587:OTL.Txt][attachment=8588:Extras.Txt]

Thanks for your help !

Russ

#2 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12325 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 19 December 2011 - 12:07 AM

Download ComboFix from one of these locations:

Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

Link 1
Link 2

* IMPORTANT !!! Save Combo-Fix to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:
1. Do not mouseclick combofix's window while it's running. That may cause it to stall!
2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

Attach the log for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)
  • ComboFix (C:\combofix.txt)
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
Kevin Zoll [Customer Support]
Emsisoft Team - www.emsisoft.com
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#3 nuttypoo

nuttypoo

    Member

  • Members
  • PipPip
  • 13 posts
  • OS:Windows Vista
  • AV:AdAwaare, SbyBot S&D, MalwareMytes
  • HIPS:Windows Standard
  • Other:None

Posted 19 December 2011 - 09:47 AM

[attachment=8598:ComboFix.txt]

Hello,

Thanks for your assistance, I really appreciate it.

Everything appears to run well.

Attached is the log requested, could you please advise if everything looks in order ?

Thanks again,

Russ

#4 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12325 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 19 December 2011 - 09:33 PM

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 30.
  • Click the "Download JRE" button to the right.
  • Accept the license agreement.
  • Click on the download link for your system and save it to your desktop. Users of Windows Vista/7 64-bit can install both the 32-bit and 64-bit JRE without conflicts.
    Windows x86 Offline (jre-6u30-windows-i586.exe)
    Windows x64 (jre-6u30-windows-x64.exe)
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista/7 users, right click on the JRE download and select "Run as an Administrator.")
The installed version of Adobe Flash Player on this computer is out-dated. Install the latest version of Adobe Flash Player available from Adobe. (Do this using both IE and Firefox)

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
    O33 - MountPoints2\{ea8364e8-1e1a-11e1-ae66-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{ea8364e8-1e1a-11e1-ae66-806e6f6e6963}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
    [1 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ]
    [2011/12/17 00:50:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At2.job
    [2011/12/16 20:04:26 | 000,000,235 | ---- | M] () -- C:\Windows\MercuryWT.ini
    [2011/12/16 18:25:23 | 000,000,059 | ---- | M] () -- C:\Windows\Ltdlgfileu.INI
    [2011/12/16 17:34:07 | 001,532,928 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
    [2011/12/16 17:34:07 | 000,855,040 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
    [2011/12/16 13:42:31 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At6.job
    [2011/12/16 13:42:31 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\At7.job
    [2011/12/16 13:42:30 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At5.job
    [2011/12/16 13:42:28 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At4.job
    [2011/12/16 13:42:27 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At3.job
    [2011/12/16 13:42:23 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At1.job
    [2011/12/03 16:22:34 | 000,000,000 | ---- | M] () -- C:\Windows\0
    
    :Commands
    [Purity]
    [EmptyTemp]
    [EmptyFlash]
    [EmptyJava]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
Kevin Zoll [Customer Support]
Emsisoft Team - www.emsisoft.com
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#5 nuttypoo

nuttypoo

    Member

  • Members
  • PipPip
  • 13 posts
  • OS:Windows Vista
  • AV:AdAwaare, SbyBot S&D, MalwareMytes
  • HIPS:Windows Standard
  • Other:None

Posted 19 December 2011 - 10:58 PM

Attached is the most recent OTL log after completing Java and Adobe updates. I have not received any browser re-directs since completing and everything appears okay .

#6 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12325 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 20 December 2011 - 12:42 AM

Unless you are having problems, it is time to do the final steps.

Now to remove most of the tools that we have used in fixing your machine:
  • Download OTC to your desktop and run it
  • A list of tool components used in the cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.
Delete the following files: (If they exist)
C:\ComboFix.txt

Delete the following folders: (If they exist)
C:\ComboFix
C:\Qoobox

Empty the Recycle Bin

Download to your Desktop:
- CCleaner Portable
  • UnZip CCleaner Portable to a folder on your Desktop named CCleaner
Run CCleaner
  • Open the CCleaner Folder on your Desktop and double click CCleaner.exe (32-bit) or CCleaner64.exe (64-bit)
  • The following should be selected by default, if not, please select:
    Posted Image
  • Click Posted Image and choose Posted Image
  • Uncheck Posted Image
  • Then go back to Posted Image and click Posted Image to run it.
  • Exit CCleaner.

Turn off System restore to flush all your restore points then turn system restore back on. See How To Enable and Disable System Restore.

You can delete and uninstall any programs I had you download, that you do not wish to keep on the system.

Run Windows Update and update your Windows Operating System.

Run the Secunia Online Software Inspector, this will inspect your system for software that is out-of-date and in need of updating. Update anything program/application detected as being out-dated.

Articles to read:
How to Protect Your Computer From Malware
How to keep you and your Windows PC happy
Web, email, chat, password and kids safety
10 Sources of Malware Infections

That should take care of everything.

Safe Surfing!
Kevin Zoll [Customer Support]
Emsisoft Team - www.emsisoft.com
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#7 nuttypoo

nuttypoo

    Member

  • Members
  • PipPip
  • 13 posts
  • OS:Windows Vista
  • AV:AdAwaare, SbyBot S&D, MalwareMytes
  • HIPS:Windows Standard
  • Other:None

Posted 20 December 2011 - 01:33 AM

Just completed all above steps. Thanks again for your help, I really appreciate it.

I currently have McAfee Security Suite installed which includes RealTime Scanning, and Firewall. Is this adequate in your opinion ?

Thanks again and hope you find the pp amount acceptable.

Russ

#8 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12325 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 20 December 2011 - 02:34 AM

I currently have McAfee Security Suite installed which includes RealTime Scanning, and Firewall. Is this adequate in your opinion ?

Yes, McAfee Security Suite provides an adequate level of protection.
Kevin Zoll [Customer Support]
Emsisoft Team - www.emsisoft.com
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#9 nuttypoo

nuttypoo

    Member

  • Members
  • PipPip
  • 13 posts
  • OS:Windows Vista
  • AV:AdAwaare, SbyBot S&D, MalwareMytes
  • HIPS:Windows Standard
  • Other:None

Posted 21 December 2011 - 11:06 PM

Hello, everything has been working well the past few days, however files saved to the desktop do not appear even after refreshing the screen, I did a google search of the issue and it said go to reg edit and change some component but when I go to Start then type reg edit the screen flashes really quick and does not open, it appears the desktop is almost locked. Do you have any thoughts ? Thanks again.

#10 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12325 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 21 December 2011 - 11:14 PM

Attach a fresh scan log from OTL.
Kevin Zoll [Customer Support]
Emsisoft Team - www.emsisoft.com
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#11 nuttypoo

nuttypoo

    Member

  • Members
  • PipPip
  • 13 posts
  • OS:Windows Vista
  • AV:AdAwaare, SbyBot S&D, MalwareMytes
  • HIPS:Windows Standard
  • Other:None

Posted 21 December 2011 - 11:36 PM

I was able to download the OTL program and txt file to the desktop, but when Im in IE downloading a file it does not appear, when I search for the file it resides at C:\user\user\desktop.

#12 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12325 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 22 December 2011 - 12:50 AM

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
    [2011/12/20 00:44:28 | 000,000,000 | ---- | M] () -- C:\Windows\0
    
    :Commands
    [Purity]
    [EmptyTemp]
    [EmptyFlash]
    [EmptyJava]
    [ResetHosts]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
Kevin Zoll [Customer Support]
Emsisoft Team - www.emsisoft.com
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#13 nuttypoo

nuttypoo

    Member

  • Members
  • PipPip
  • 13 posts
  • OS:Windows Vista
  • AV:AdAwaare, SbyBot S&D, MalwareMytes
  • HIPS:Windows Standard
  • Other:None

Posted 22 December 2011 - 08:27 AM

Attached is the most recent log. I also attached a screen shot, when I try to save to the desktop is disappears when I select another folder it say I dont have permission (see photo). Im the only user on this machine and have admin rights.

Im not entirely sure if the issue is related to Vista or IE. Downloaded files do not appear on the desktop, but when I re-download it says " the file exists and to replace?" When in explorer the files do not appear, for some reason the Desktop tree in explore is long and dont know if its normal for Vista, it showes Desktop\User\contact\Desktop\Documents.... and so on.

#14 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12325 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 22 December 2011 - 10:45 PM

Let's try repairing areas of Windows that sometimes get damaged by malware.

Download Windows Repair by Tweaking.com to your desktop.

  • Double-click tweaking.com_windows_repair_aio.zip and extract the Tweaking.com - Windows Repair folder to your desktop.
  • Now open this folder and double-click Repair_Windows.exe.
  • Click the Start Repairs tab on the far right.
  • Click Custom Mode so there is a bullet in it.
  • Click the Start button (bottom right)
    Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.
  • Click Unselect All
  • Put a checkmark in the following items:
    • Reset Registry Permissions
    • Reset File Permissions
    • Remove Policies Set By Infections
    • Repair Windows Updates
    • Set Windows Services To Default Startup
    Note: Leave everything else unchecked
  • Put a checkmark in Restart System When Finished
  • Now click the Start button (bottom right)

Kevin Zoll [Customer Support]
Emsisoft Team - www.emsisoft.com
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#15 nuttypoo

nuttypoo

    Member

  • Members
  • PipPip
  • 13 posts
  • OS:Windows Vista
  • AV:AdAwaare, SbyBot S&D, MalwareMytes
  • HIPS:Windows Standard
  • Other:None

Posted 23 December 2011 - 07:09 AM

Thanks, the last step actually got me a bit closer to a resolution. It actually works fine, but I have to right click and run IE as Admin. When I go to Users and select my account to run as Amdin it becomes greyed out. Do you have any thoughts ? Not a bog deal as I have a work around.

#16 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12325 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 24 December 2011 - 12:56 AM

IS UAC off or on?
Kevin Zoll [Customer Support]
Emsisoft Team - www.emsisoft.com
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#17 nuttypoo

nuttypoo

    Member

  • Members
  • PipPip
  • 13 posts
  • OS:Windows Vista
  • AV:AdAwaare, SbyBot S&D, MalwareMytes
  • HIPS:Windows Standard
  • Other:None

Posted 24 December 2011 - 02:14 AM

Its off, but if I check it, then click ok, it defaults back to off. When in "Users" Im noted as standard, if I check Admin it becomes greyed out and I cannot click. I know this is beyond the scope of my original problem, you've been very helpful and I appreciate it. I can investivate on my own at this point. I have read some articles on the MS Knowledge base and I think I have to run a Vista Repair disk.

Thanks again for all your help. Its appreciated.

#18 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12325 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 25 December 2011 - 02:33 AM

Malware could be at teh root of the problem. LEt's take another look.

Download avz4.zip from here
  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: Posted Image
  • Click Start to begin the update
Note: If you receive an error message, chose a different source, then click Start again
  • After the update, from the "File" menu, choose "Standard Scripts"
  • Put a check next to item 2: Advanced System Investigation
  • Click Execute selected scripts
  • At the next prompt, click the OK button
  • Let the scan run and click "OK" when the completion prompt pops up
  • Now Close out of the Standard Scripts window, and exit AVZ
  • Navigate to the avz4 folder and locate the folder LOG
  • Inside the LOG folder you will find virusinfo_syscheck.htm, virusinfo_syscheck.htm and virusinfo_syscheck.zip
  • Attach the Compressed file, virusinfo_syscheck.zip, to your next reply.

Kevin Zoll [Customer Support]
Emsisoft Team - www.emsisoft.com
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#19 nuttypoo

nuttypoo

    Member

  • Members
  • PipPip
  • 13 posts
  • OS:Windows Vista
  • AV:AdAwaare, SbyBot S&D, MalwareMytes
  • HIPS:Windows Standard
  • Other:None

Posted 27 December 2011 - 05:25 PM

Here is the latest log.

Thanks.

#20 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12325 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 28 December 2011 - 02:11 AM

Close all windows then double click on AVZ.exe
  • Click File > Custom scripts
  • Copy & paste the contents of the following codebox in the box in the program
    begin
    SetAVZGuardStatus(True);
    SearchRootkit(true, true);
     DeleteFile('C:\Windows\Syst');
    ClearHostsFile;
    ExecuteSysClean;
    RebootWindows(true);
    end.
  • Note: When you run the script, your PC will be restarted
  • Click Run
  • Restart your PC if it doesn't do it automatically.
Attach a fresh AVZ log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
Kevin Zoll [Customer Support]
Emsisoft Team - www.emsisoft.com
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#21 nuttypoo

nuttypoo

    Member

  • Members
  • PipPip
  • 13 posts
  • OS:Windows Vista
  • AV:AdAwaare, SbyBot S&D, MalwareMytes
  • HIPS:Windows Standard
  • Other:None

Posted 28 December 2011 - 04:41 AM

Hello, after running the previous my computer would not start, it ran system repair several times on start up, after a few times I chose system restore which got it started again.

#22 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12325 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 28 December 2011 - 06:47 PM

OK, let's change tactics.

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.

    Posted Image
  • Click Change parameters

    Posted Image
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK

    Posted Image
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    Posted Image
  • When it finishes, you will either see a report that no threats were found like below:
    Posted Image

    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    Posted Image
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
      Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    Posted Image
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Attach this log to your next reply.

Kevin Zoll [Customer Support]
Emsisoft Team - www.emsisoft.com
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#23 nuttypoo

nuttypoo

    Member

  • Members
  • PipPip
  • 13 posts
  • OS:Windows Vista
  • AV:AdAwaare, SbyBot S&D, MalwareMytes
  • HIPS:Windows Standard
  • Other:None

Posted 28 December 2011 - 09:32 PM

Attahed is the log. The scan returned no issues.

Thanks,

#24 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12325 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 29 December 2011 - 12:47 AM

How are things running?
Kevin Zoll [Customer Support]
Emsisoft Team - www.emsisoft.com
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#25 nuttypoo

nuttypoo

    Member

  • Members
  • PipPip
  • 13 posts
  • OS:Windows Vista
  • AV:AdAwaare, SbyBot S&D, MalwareMytes
  • HIPS:Windows Standard
  • Other:None

Posted 29 December 2011 - 01:45 AM

Sorry for the lack of additional detail on the prior post.

The operating system will not grant admin rights - most admin boxes are greyed out or revert back to original, the user access control box is not checked but I still have the "permission needed to run" pop up on all applications. Also I have to right click on IE and run as admin, for full function.

Thanks again.

#26 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12325 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 29 December 2011 - 01:47 AM

Download Windows Repair by Tweaking.com to your desktop.

  • Double-click tweaking.com_windows_repair_aio.zip and extract the Tweaking.com - Windows Repair folder to your desktop.
  • Now open this folder and double-click Repair_Windows.exe.
  • Click the Start Repairs tab on the far right.
  • Click Custom Mode so there is a bullet in it.
  • Click the Start button (bottom right)
    Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.
  • Click Unselect All
  • Put a checkmark in the following items:
    • Reset Registry Permissions
    • Reset File Permissions
    • Remove Policies Set By Infections
    • Repair Windows Updates
    • Set Windows Services To Default Startup
    Note: Leave everything else unchecked
  • Put a checkmark in Restart System When Finished
  • Now click the Start button (bottom right)

Kevin Zoll [Customer Support]
Emsisoft Team - www.emsisoft.com
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#27 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 12325 posts
  • LocationDepauville, NY, USA
  • OS:Windows Vista
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor
  • Other:WinPatrol Plus

Posted 01 January 2012 - 01:51 AM

Thread Closed

Reason:
Lack of Response

PM either ShadowPuterDude, or JeanInMontana to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.
Kevin Zoll [Customer Support]
Emsisoft Team - www.emsisoft.com
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Messege (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users