Jump to content


Photo
- - - - -

Help my PC is infected


  • This topic is locked This topic is locked
7 replies to this topic

#1 Amberhol

Amberhol

    New Member

  • Members
  • Pip
  • 4 posts
  • OS:Windows 7
  • AV:AVG and Emsisoft full version
  • HIPS:Emsisoft

Posted 26 June 2012 - 02:46 AM

I cannot get the emergency emsisoft kit to unzip. It gives me error code 0x80004005.. I do already have emsisoft anti-malware installed. Im going to attatch the quarantine report. It keeps telling me it found all of these trojans and it removes them but on reboot they are always back. The OLT report is as follows:

<INLINE LOGS REMOVED>

Please Help!!!

Amber

Edited by ShadowPuterDude, 26 June 2012 - 03:14 AM.
Inline logs removed


#2 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 13453 posts
  • LocationDepauville, NY, USA
  • OS:Windows 7 x64
  • AV:Emsisoft Anti-Malware
  • HIPS:Windows Firewall
  • Other:WinPatrol Plus

Posted 26 June 2012 - 03:15 AM

All logs are to be attached. Do not copy & paste any logs to your posts, unless specifically told to do otherwise.

Download ComboFix from one of these locations:

Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

Link 1
Link 2

* IMPORTANT !!! Save Combo-Fix to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:
1. Do not mouseclick combofix's window while it's running. That may cause it to stall!
2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)
  • ComboFix (C:\combofix.txt)
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#3 Amberhol

Amberhol

    New Member

  • Members
  • Pip
  • 4 posts
  • OS:Windows 7
  • AV:AVG and Emsisoft full version
  • HIPS:Emsisoft

Posted 26 June 2012 - 03:41 AM

I can download and install this combofix. I renamed it. It will run all the way through but it does not ask me anything about a recovery console and it produces no logs. :/

#4 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 13453 posts
  • LocationDepauville, NY, USA
  • OS:Windows 7 x64
  • AV:Emsisoft Anti-Malware
  • HIPS:Windows Firewall
  • Other:WinPatrol Plus

Posted 26 June 2012 - 03:48 AM

I can download and install this combofix. I renamed it. It will run all the way through but it does not ask me anything about a recovery console

That would be because you are running Windows 7 and not XP. Which the instructions I posted clearly state **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

and it produces no logs. :/

Look for the log at C:\ComboFix.
Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#5 Amberhol

Amberhol

    New Member

  • Members
  • Pip
  • 4 posts
  • OS:Windows 7
  • AV:AVG and Emsisoft full version
  • HIPS:Emsisoft

Posted 26 June 2012 - 04:16 AM

I renamed Combofix as instructed. To poopie2 cause thats how I feel about this trojan! :) I am not finding any logs anywhere. Also it malfunctions when trying to verify iexplorer. It asks whether i want to ignore or abort , skip is not an option. I did go in and look for the log at C:/Combofix. it finds nothing. Im at a loss as to what to do.

#6 Amberhol

Amberhol

    New Member

  • Members
  • Pip
  • 4 posts
  • OS:Windows 7
  • AV:AVG and Emsisoft full version
  • HIPS:Emsisoft

Posted 26 June 2012 - 04:17 AM

Also there are lots of options under poopie2 but no logs that I am finding.

#7 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 13453 posts
  • LocationDepauville, NY, USA
  • OS:Windows 7 x64
  • AV:Emsisoft Anti-Malware
  • HIPS:Windows Firewall
  • Other:WinPatrol Plus

Posted 26 June 2012 - 02:42 PM

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.

    Posted Image
  • Click Change parameters

    Posted Image
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK

    Posted Image
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    Posted Image
  • When it finishes, you will either see a report that no threats were found like below:
    Posted Image

    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    Posted Image
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
      Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    Posted Image
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Attach this log to your next reply.

Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall

#8 Kevin Zoll

Kevin Zoll

    Malware Removal Support

  • Emsisoft Employee
  • 13453 posts
  • LocationDepauville, NY, USA
  • OS:Windows 7 x64
  • AV:Emsisoft Anti-Malware
  • HIPS:Windows Firewall
  • Other:WinPatrol Plus

Posted 29 June 2012 - 03:32 PM

Thread Closed

Reason:
Lack of Response

PM either ShadowPuterDude, Elise, or GT500 to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.
Kevin Zoll [Malware Removal Support]
Emsisoft Team - www.emsisoft.com

I am online Monday - Friday each week from 1900-2100 Central European Time/1300-1500 Eastern Time (US).
 
If you are seeking Malware Removal support keep it in the forums.  It is not permissible to contact support staff by Private Message (PM), IM (Skype, MSN, AOL, Yahoo, etc.) or Email.

Purchase Emsisoft Anti-Malware and Online Armor Firewall




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users