Jerry822

Trace.File.Tropical Sea Life Scenic Reflections Screen Saver (A) Need Help!

Recommended Posts

I can't delete or quarantine this file with Emsisoft and need help to remove it.

 

Thanks for the help.

 

 

Emisisoft: 8.0.0.10

Antispyware: Norton 360, Spyware Blaster Version 5.0

Share this post


Link to post
Share on other sites

Download AdwCleaner and save it on your desktop.

  • Close all open programs and Internet browsers (you may want to print our or write down these instructions first).
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open n Notepad after the restart (this is the log of what was removed), which you can save on your desktop.
  • Attach that log file to a reply by clicking the More Reply Options button to the lower-right of where you type in your reply.
  • If you lose that log file for any reason, you can find it at C:\AdwCleaner[s1] on your computer.
Download Junkware Removal Tool and save it on your desktop.
  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Attach the JRT log file to a reply by clicking the More Reply Options button to the lower-right of where you type in your reply.
Download ComboFix from Link

Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

!!! IMPORTANT !!! Save ComboFix to your Desktop

NOTE: ComboFix is an advanced utility, and is not like traditional automated tools. It will delete anything that it knows is bad without asking for confirmation, it will save backup copies in it's quarantine automatically, it will restart your computer, and it will produce a log that allows me to analyze and determine if there is anything left over. This log will not contain any personal information, or information about any of your documents, pictures, music, videos, etc. It only compiles information on which applications/drivers/etc were installed within the last 30 days, any applications that have certain properties that could be used for malicious purposes, and most of the load points on your system that can be abused by malicious software. If there is a false positive, and something gets deleted that should not, then I can write a script for ComboFix that will tell it to restore specific items that it deleted.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    See HERE for help

  • Double click on Combo-Fix & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**NOTE: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

NOTE:

1. Do not mouseclick combofix's window while it's running. That may cause it to stall!

2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

3. If you get a message that states "illegal operation attempted on a registry key that has been marked for deletion" restart your computer.

Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

  • ComboFix (C:\combofix.txt)
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Share this post


Link to post
Share on other sites

I have run the adwcleaner.exe and attached the log file below. I'm now going to run the Combo-Fix.exe and will reply and attach the log when completed.

 

Thanks for the help.

Share this post


Link to post
Share on other sites

I have now finished with the Combofix and after running these programs, I then ran Emsisoft Deep Scan and this Trace File still shows up in the scan. I tried to delete and quarantine it and it still failed. What is the next step?

 

Thanks again for the help.

Share this post


Link to post
Share on other sites

I did some digging around and I went into Safe Mode and checked Explorer looking for this file that Emsisoft was pointing to in this location Windows\System32\sstunst3.exe. It didn't show up so I went to Windows\sysWOW64\sstunst3.exe and found this file and removed it. Then I booted into Windows and ran Emsisoft with Deep Scan and it didn't find any files at all. So it looks like this fixed the problem. I will keep checking things and testing out all of the software that these programs might have affected in removing various software.

Thanks again for all of your help and time.

Share this post


Link to post
Share on other sites

Since ComboFix did find and remove some malicious items on the system, I would like to confirm that the system is clean.

Run a fresh scan with OTL, attach the new OTL log to your reply.

Share this post


Link to post
Share on other sites

I have run more deep scans with Emsisoft and things look good. I have also tested programs that had some things deleted by the programs that were run for infected file removal. And I have not found any problems at this time. Here is the OTL that you had asked for.

Thanks

Share this post


Link to post
Share on other sites

There is some cleanup that needs to be done.

Run OTL.exe

  • Copy & paste the entire contents of OTLfix.txt (ATTACHED BELOW) into the Custom Scans/Fixes box located at the bottom of OTL.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)
Let me know of any problems you may have encountered with the above instructions and also let my know how things are running.

Share this post


Link to post
Share on other sites

I copied the OTLfix.txt information into the OTL Custom Scans/Fixes box at the bottom of the OTL. Then I clicked on the Run Fix and the script ran and then rebooted. But after the reboot I went to Login into Windows and it came back with "The RPC server is unavailable". I tried this several times with the same response. The only option that it gave me was to put in a USB drive with the Password Reset Wizard on it of which I don't have that wizard. Now I didn't try to go into Save Mode, so I don't know if I can get into that or not. But fortunately I had two backup Raid 0 drives that were backedup about 10 days ago. So I swapped out the drives and updated these drives and so now here I am. So at this time I can't login into Windows with the other two drives.

How do I resolve this RPC server issue?

Share this post


Link to post
Share on other sites

Do the following:
Press WIN+R
type: msconfig in the open box
Click OK
Under General, select Normal startup
Click OK

Shutdown the system.

After the system powers down, restart the system.

 

That should fix the RPC server issue.

Share this post


Link to post
Share on other sites

I tried the Win + R and it didn't do anything. I tried it at the logon screen and at various points in the boot up with no results. So I fortunately had the F8 key enabled in the Legacy mode on Windows 8, so that I could go into Repair. Then in Repair I went into Advanced and then into Restore and restored an Image from yesterday. After booting I was able to login and get into windows completely. So at this time I'm going to go through and test the programs that were initially affected by the programs deleting files. And after I prove everything out, I'm going to just leave it alone at this time. The file that was causing the original problem is removed, so that fixed that problem.

Thanks again for the help.

Share this post


Link to post
Share on other sites

Thread Closed

Reason:
Resolved

The procedures contained in this thread are for this user and this user only.  Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair.  Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.