jeffce

Malware Removal Team
  • Content Count

    179
  • Joined

  • Last visited

Everything posted by jeffce

  1. Hi, Were you running the game from a CD by chance? If that is the case, you had an infected cdrom.sys earlier but that has been replaced and that may have been causing the problems. You had a major infection on your system that we have mostly removed. When you get the logs for Malwarebytes and ESET online scanner be sure to attach those logs.
  2. Hi, No leave that one. That is the up-to-date version.
  3. Hi, Great job! Please do the following: Go to Start >> Control Panel >> Programs and Features This will open your Programs And Features. A list of installed programs will populate Remove the following programs (if still present): Java™ 6 Update 3 ---------- Clear Java Cache See this page for instructions on how to clear java's cache. Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) Under Temporary Internet Files, click the Delete Files button. There are three options in the window to clear the cache - Leave ALL 3 Checked Downloaded Applets Downloaded Applications Other Files [*]Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. [*]Click OK to leave the Java Control Panel. ---------- Malwarebytes I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log and attach it to your next reply. ---------- ESET Online Scanner Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts. Turn off the real time scanner of any existing antivirus program while performing the online scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activex control to install Click Start Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked. Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked. Click Scan Wait for the scan to finish When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..." Save that text file on your desktop. Attach the contents of that log as a reply to this topic. Close the ESET online scan, and let me know how things are now. ---------- In your next reply please attach the logs created by Malwarebytes and ESET online scanner.
  4. Hi, Looks like ComboFix hit that hard. ---------- Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below: Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix may request an update; please allow it. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal. When finished, it shall produce a log for you. Attach the contents of the log in your next reply. CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall. ----------
  5. Hi and welcome! **WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again. Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection. If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help. ---------- Download Combofix from the link below, and save it to your desktop. Link **Note: It is important that it is saved directly to your desktop** If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer. -------------------------------------------------------------------- IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here -------------------------------------------------------------------- Right-Click and Run as Administrator on ComboFix.exe & follow the prompts. When finished, it will produce a report for you. Please attach the C:\ComboFix.txt for further review. ----------
  6. Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you still require assistance, please start here and one of our experts will be happy to assist you with analyzing your malware logs.
  7. Hi, Go ahead and continue past the warning that ComboFix is showing you. When the log is created go ahead and attach it.
  8. I have not seen the ZeroAccess rootkit jump systems but just be sure not to transfer any files to that system until we are finished.
  9. I think that you should go ahead and run ComboFix using the instructions that I provided and we can get a better look at your system. I would go ahead and change passwords on your email and banking accounts to be on the safe side.
  10. Welcome to Emsisoft If you need help with malware removal please visit the page here and then attach the requested logs.
  11. Hi and welcome! **WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again. Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection. If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help. ---------- Please read through these instructions to familarize yourself with what to expect when this tool runs Download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please attach the C:\ComboFix.txt in your next reply. Notes: 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser. 3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. 4. If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer. ----------