Jump to content

Malware removal

boga

By boga,
in Help, my PC is infected!

 Share

Recommended Posts

ShadowPuterDude

ShadowPuterDude

Posted
Posted

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude or Lynx to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread

Link to comment
Share on other sites
Lynx

Lynx

Posted
Posted

Hi Tony, welcome to the forum.

Just a note for a future: you can attach all files to one post.

You can edit your existing post and attach additional file as well if needed

When editing choose <<Use Full Editor>> and the Attach button will appear, then add another attachment

My regards

P.S. you added the post while I was replying

I'm afraid the I see you file will not send because it is too large. Have you any suggestions please?

If file is too big - create compressed archive (ZIP or RAR) and attach it

Link to comment
Share on other sites
boga

boga

Posted
  • Author
Posted

Hi Tony, welcome to the forum.

Just a note for a future: you can attach all files to one post.

You can edit your existing post and attach additional file as well if needed

When editing choose <<Use Full Editor>> and the Attach button will appear, then add another attachment

My regards

P.S. you added the post while I was replying

If file is too big - create compressed archive (ZIP or RAR) and attach it

Hope this is OK!

Thank You

Link to comment
Share on other sites
ShadowPuterDude

ShadowPuterDude

Posted
Posted

Download ComboFix from one of these locations:

Link 1

Link 2

Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:

1. Do not mouseclick combofix's window while it's running. That may cause it to stall!

2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

-----------------------------------------------------------

Post fresh logs for:

  • ComboFix (C:\combofix.txt)
  • a-squared Free
  • ISeeYouXP

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Link to comment
Share on other sites
ShadowPuterDude

ShadowPuterDude

Posted
Posted

The installed version of Java on this computer is out-dated. Install Java Runtime Environment (JRE) 6u16 available from Sun Microsystems.

-----------------------------------------------------------

Using Add or Remove Programs in the Control Panel; uninstall the following:

Java 2 Runtime Environment, SE v1.4.2_03

Java 6 Update 15

Java 6 Update 2

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Java SE Runtime Environment 6 Update 1

-----------------------------------------------------------

Allow a-squared to delete the following:

c:\documents and settings\marjorie\start menu\programs\antiviruspro_2010\ 	detected: Trace.Directory.AntivirusPro2010!A2
Value: HKEY_CLASSES_ROOT\AppID\TVUAx.DLL --> AppID 	detected: Trace.Registry.dl.tvunetworks.com!A2
Value: HKEY_CLASSES_ROOT\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} --> AppID 	detected: Trace.Registry.dl.tvunetworks.com!A2
Value: HKEY_CLASSES_ROOT\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}\InprocServer32 --> ThreadingModel 	detected: Trace.Registry.dl.tvunetworks.com!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\TVUAx.DLL --> AppID 	detected: Trace.Registry.dl.tvunetworks.com!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} --> AppID 	detected: Trace.Registry.dl.tvunetworks.com!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3EA4FA88-E0BE-419A-A732-9B79B87A6ED0}\InprocServer32 --> ThreadingModel 	detected: Trace.Registry.dl.tvunetworks.com!A2
C:\i386\GTDownDE_87.ocx 	detected: Riskware.AdWare.Win32.Gdown!IK

-----------------------------------------------------------

Attach a fresh a-squared log.

Link to comment
Share on other sites
boga

boga

Posted
  • Author
Posted

This is the latest scan.Have only deleted the items you advised in last communication.There was a problem installing Java 6u16 but it looks as if the error message is not uncommon so I will attend to this later this am.

Thanks

Tony/Boga

Link to comment
Share on other sites
ShadowPuterDude

ShadowPuterDude

Posted
Posted

Your logs look fine.

Unless you are having problems from Malware it is time to do the final steps.

If you used ComboFix, uninstall ComboFix:

  • Click START then RUN and enter the below into the run box and then click OK. (Use only the command of the same name as your copy of combofix.)
  • AvoidTDSS /u or combofix /u
    Note: The space before /u, must be there.
    This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
  • Delete the C:\AvoidTDSS or C:\ComboFix folder from combofix.
    Delete everything in C:\!KillBox

Delete the following from your Desktop (If they exist)

Avenger.exe

Avenger.txt

Avenger.zip

DisableAutoRuns.reg

FixMe.reg

FixReg.reg

ISeeYouXP.exe

ISeeYouXP.lnk

ISeeYouXP.txt

Anything else I had you use

Delete the following: (If they exist)

C:\Avenger.txt

C:\Avenger

C:\ComboFix.txt

C:\ComboFix

C:\SDFix

C:\Qoobox

You can delete and uninstall any programs I had you download, that you do not wish to keep on the system.

Empty the Recycle Bin

Run ATF Cleaner

In the ISeeYouXP folder double-click HideIT.bat.

Turn off System restore to flush all your restore points then turn system restore back on.

To manually turn off System Restore, follow these steps:

1. Click Start, right-click My Computer, and then click Properties.

2. Click the System Restore tab.

3. Click to select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.

4 Click Yes when you receive the prompt to the turn off System Restore.

To turn on System Restore, follow these steps:

1. Click Start, right-click My Computer, and then click Properties.

2. Click the System Restore tab.

3. Click to clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.

Delete C:\ISeeYouXP

Run Windows Update and update your Windows Operating System.

Run the Secunia Online Software Inspector, this will inspect your system for software that is out-of-date and in need of updating. Update anything program/application detected as being out-dated.

That should take care of everything.

Safe Surfing!

Link to comment
Share on other sites
ShadowPuterDude

ShadowPuterDude

Posted
Posted

Thread Closed

Reason: Resolved

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

Products & Services

Ransomware/Malware Removal

Partners

Resources

Company

© 2003-2022 Emsisoft - 05/23/2022 - Legal Notice - Terms - Bug Bounty - System Status - Privacy Policy

×
×
  • Create New...