jeffce

Malware Removal Team
  • Content Count

    179
  • Joined

  • Last visited

Everything posted by jeffce

  1. Hi and welcome!! Please download TDSSKiller Double click TDSSKiller.exe When the window opens, click on Change Parameters Under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System” click OK Press Start Scan Do Not Attempt To Fix Anything Now. We just need to look over the report and be sure we are removing the correct items. Attach the log in your next reply A copy of the log will be saved automatically to the root of the drive (typically C:\) ----------
  2. Hi, Go ahead and boot to Safe Mode and then attempt the same instructions that I gave you earlier for ComboFix.
  3. Hi and welcome!! Please download DDS from either of these links LINK 1 LINK 2 and save it to your desktop. Disable any script blocking protection Right-click and Run as Administrator dds to run the tool. When done, two DDS.txt's will open. Save both reports to your desktop. --------------------------------------------------- Please attach the contents of the following in your next reply: DDS.txt Attach.txt ----------
  4. Yes go ahead and disable ZoneAlarm for now but don't worry about anything in IE. Attach the ComboFix log when complete.
  5. Hi, I see that avast is still showing in your DDS log? Did you remove that after you ran DDS?I would not use AVG instead of Malwarebytes (or at all). AVG is an antivirus program and Malwarebytes is an antimalware program...they actually do different things. With PCTools having a hosts protection I would just stick with that (I don't use any at all). Truthfully I only run one antivirus (with firewall) and Malwarebytes. ---------- Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below: Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix may request an update; please allow it. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. When finished, it shall produce a log for you. Attach the contents of the log in your next reply. CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall. ----------
  6. Hi, Please go to: VirusTotal On the page you'll find a "Choose File" button. Click on the Choose File button. In the Choose File to Upload window which opens, copy and paste this into the File Name box. C:\EDIABAS\Bin\IFHSrv32.exe Next, click the Open button. Then click the "Scan It!" button just below. This will scan the file. Please be patient. If you get a message saying File has already been analyzed: click Reanalyze file now Once scanned, copy and paste the link to the results page in your next reply. ----------
  7. Due to lack of feedback, this topic will now be closed. If you are the original poster and you still require help, please start a new thread. -------------------
  8. Hi, I notice that you have both Avast and PCTools running at the same time. Having more than one antivirus program running at the same time can seriously degrade the performance of your system. Please uninstall either Avast or PCTools (which ever you prefer) using either the provided uninstall feature that is part of the antivirus program or through Add/Remove Programs (for Vista and Win 7 users to go to Programs and Features in the Control Panel). As a rule of thumb one should run one firewall, one antivirus program in memory, and one antispyware utility in memory. It's fine to have other security tools available on an as-needed or on-demand basis, but when multiple tools simultaneously perform the same function, you're asking for trouble. You also have two firewalls on your system being ran by PCTools and ZoneAlarm. With configuration I would actually recommend the following but you can decide what is best.... if it were my system I would run only Avast and use the Windows 7 firewall and remove the rest. Once you get that finished please run a new scan with DDS and attach the new log created.
  9. Hi, Good job! Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below: Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix may request an update; please allow it. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. When finished, it shall produce a log for you. Attach the contents of the log in your next reply. CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall. ---------- Attach the new ComboFix log and also let me know how your system is running.
  10. Please read through these instructions to familarize yourself with what to expect when this tool runs Download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Notes: 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser. 3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. 4. If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer. ----------
  11. Go ahead and continue with the download of DDS past the ZoneAlarm warnings. The link is fine. As for the rest we can come back to that...
  12. Ok....let's get another look.... Please download DDS from either of these links LINK 1 LINK 2 and save it to your desktop. Disable any script blocking protection Right-click and Run as Administrator dds to run the tool. When done, two DDS.txt's will open. Save both reports to your desktop. --------------------------------------------------- Please attach the following in your next reply: DDS.txt Attach.txt ----------
  13. Hi, Ok thanks for letting me know. Please read through these instructions to familarize yourself with what to expect when this tool runs Download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please attach the C:\ComboFix.txt in your next reply. Notes: 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser. 3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. 4. If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer. ----------
  14. This is just what PCTools is blocking. It is not showing an active infection on your system but that the web site is possibly bad. Yes you can go ahead and uninstall Yontoo from Control Panel >> Programs and Features Other than that, I think that you should be good to go if there are no more problems. When you let me know we can clean up our tools.
  15. How is your system running now? I didn't see anything in the PCTools log that was of particular concern.
  16. Hi, Thanks for getting me those. Are you aware your system is set up to run on a proxy server?
  17. Yes please run that again with the same set of instructions as before.
  18. Hi and welcome... No it should not take the others that long to complete. If you could...let me know how your system is behaving. Attach the logs when they are complete.
  19. Hi, Looks pretty good. How is your system running? Run OTL.exe Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL :Services :Files C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage2.zip C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll :Commands [purity] [resethosts] [emptytemp] [clearallrestorepoints] [start explorer] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done Then run a new scan and attach a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
  20. Hi, I don't believe there is a rootkit problem. I want to get one more scan to validate this though... Please download MBRCheck.exe to your desktop. Be sure to disable your security programs Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt) A window will open on your desktop if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice. If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop. Please attach the contents of that file. ---------- I see that you have some entries that need to be removed in Google Chrome. The fastest and easiest way to do this is to just uninstall Google Chrome by going to Start >> Control Panel >> Programs and Features and then uninstall Google Chrome. Once completely uninstalled, you can download and install a fresh copy from here. ---------- Please download and run ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator. ---------- Run OTL.exe Copy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done Then run a new scan and attach a new OTL log ( don't check the boxes beside LOP Check or Purity this time ) ----------
  21. Done. Attach the aswMBR when you get it.