Kevin Zoll

Emsisoft Employee
  • Content Count

    18822
  • Joined

  • Last visited

  • Days Won

    177

Posts posted by Kevin Zoll


  1. Thread Closed

    Reason: Lack of Response

    PM either ShadowPuterDude or Lynx to have this thread reopened.

    The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

    All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread


  2. I just completed a scan and this piece of malware cant be removed. Any help is greatly appreciated. I am not very clued up on malware etc so your help would be great. Thanks

    Like i said im not too sure on what to do so instead of going through that post, i would appreciate some actual help, we aren't all geniuses on here

    Your "actual help" starts with the instructions linked to in my original reply. No one and I mean no one working in this industry can diagnose a problem with out first running diagnostics. Since I'm not sitting in front of your computer, I can't run those diagnostics; you have to run them, and then provide the logs.

  3. Thread Closed

    Reason: Lack of Response

    PM either ShadowPuterDude or Lynx to have this thread reopened.

    The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

    All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread


  4. Thread Closed

    Reason: Lack of Response

    PM either ShadowPuterDude or Lynx to have this thread reopened.

    The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

    All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread


  5. Thread Closed

    Reason: Resolved

    The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

    All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread


  6. Open notepad

    Copy and Paste the below lines of code to notepad:

    @echo off
    copy C:\Windows\System32\logevent.dll C:\cngaudit.dll

    Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your Desktop.

    Double-click on fixes.bat to execute it.

    -----------------------------------------------------------

    Download Avenger from -->> HERE <<-- and unzip to your desktop.

    • Run Avenger
    • Read the prompt that appears, and press OK
    • Copy & paste the following text in Input script Box:
      Files to move:
      C:\cngaudit.dll | C:\Windows\System32\cngaudit.dll

      Then click "Execute".

    • You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot.
      Note: It is possible that Avenger will reboot your system TWICE.
    • Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Please paste that log here in your next post.

    -----------------------------------------------------------

    Go to start > run and copy and paste the following command in the field:

    "%userprofile%\desktop\win32kdiag.exe" -f -r

    This should restore permissions on locked files and remove mountpoints.

    -----------------------------------------------------------

    Post fresh logs for:

    • Avenger (C:\avenger.txt)
    • a-squared Free
    • ISeeYouXP

    Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!


  7. Download ComboFix from one of these locations:

    Link 1

    Link 2

    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
      See HERE for help
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    RcAuto1.gif

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png

    Click on Yes, to continue scanning for malware.

    When finished, ComboFix will produce a log.

    Note:

    1. Do not mouseclick combofix's window while it's running. That may cause it to stall!

    2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

    -----------------------------------------------------------

    Post fresh logs for:

    • ComboFix (C:\combofix.txt)
    • a-squared Free
    • ISeeYouXP

    Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!


  8. Thread Closed

    Reason: Lack of Response

    PM either ShadowPuterDude or Lynx to have this thread reopened.

    The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

    All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread


  9. Thread Closed

    Reason: Lack of Response

    PM either ShadowPuterDude or Lynx to have this thread reopened.

    The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

    All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread


  10. Thread Closed

    Reason: Lack of Response

    PM either ShadowPuterDude or Lynx to have this thread reopened.

    The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

    All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread


  11. Thread Closed

    Reason: Resolved

    The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

    All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread


  12. Thread Closed

    Reason: Lack of Response

    PM either ShadowPuterDude or Lynx to have this thread reopened.

    The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

    All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread


  13. Thread Closed

    Reason: Resolved

    The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

    All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread


  14. Download ComboFix from one of these locations:

    Link 1

    Link 2

    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
      See HERE for help
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    RcAuto1.gif

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png

    Click on Yes, to continue scanning for malware.

    When finished, ComboFix will produce a log.

    Note:

    1. Do not mouseclick combofix's window while it's running. That may cause it to stall!

    2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

    -----------------------------------------------------------

    Attach fresh logs for:

    • ComboFix (C:\combofix.txt)
    • a-squared Free
    • ISeeYouXP

    Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!