Results 1 to 4 of 4
  1. #1
    Member
    Join Date
    Apr 2005
    Posts
    32
    Points
    2

    Default I do believe I have a virus.

    Hello Help2Go!

    Before I begin, I do know I should have a HJT, SAS, and a MBAM log to really get help, however thanks to the infection--whatever it is-- I cannot get those tools to run properly at all. I will do my best to get those logs asap, but until then, I would like some help getting around the little buggers tricks.

    I realize I should have been much more vigilant about my security, but since I wasn't I thought I would just yank the HDD, back up my bookmarks and other non-vital files then reinstall windows(I was overdue for a fresh start anyway). However, I quickly found that the user folder was seemingly empty, and any attempt to access it was met with a {directory} is inaccessible, access denied message. The thing is, I am very certain that the folder is alive and well, I just need a way to get passed whatever it did to hide my stuff, unfortunately I have no idea how to go about doing that.

    Any help you can provide until I am able to run the suite of diagnostics is much appreciated!

    TheMister.
    And where does the newborn go from here? The net is vast and infinite.--Major Motoko Kusanagi from Ghost in the Shell
    [Spike has destroyed a malfunctioning antique Betamax tape player]
    Spike: Most things get better when I kick them...

  2. The Following User Says Thank You to themister For This Useful Post:


  3. #2
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello themister,

    Please try and run the following tools. If you have to run them in Safemode.


    Now reboot into Safe Mode.
    This can be done tapping the F8 key as soon as you start your computer
    You will be brought to a menu where you can choose to boot into safe mode.
    Make sure you choose the option without networking support.
    Please see here for additional details.

    1.
    • 1. Please download OTL from one of the following mirrors:
    • This is THE Mirror
      2. Save it to your desktop.
      3. Double click on the icon on your desktop.
      4. Under the Custom Scan box paste this in
      Code:
      c:\windows\*. /SL
      c:\windows\*. /RP 
      netsvcs
      activex
      drivers32
      %ALLUSERSPROFILE%\Application Data\*.
      %ALLUSERSPROFILE%\Application Data\*.exe /s
      %APPDATA%\*.
      %APPDATA%\*.exe /s
      %SYSTEMDRIVE%\*.exe
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\System32\config\*.sav 
      %systemroot%\system32\drivers\*.sys /90
      5. Push the Quick Scan button.
      6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


    2.
    • Download RogueKiller on the desktop
    • Close all the running processes
    • Under Vista/Seven, right click -> Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • When prompted, Click Scan
    • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  4. The Following User Says Thank You to fireman4it For This Useful Post:


  5. #3
    Member
    Join Date
    Apr 2005
    Posts
    32
    Points
    2

    Default

    Thank you for your prompt help, however I have found a solution to my issue, albeit a crude one. I took the risk of booting the drive again and taking the files that way. I think I managed not to take any infected files in the transfer, so I simply formated the drive and reinstalled windows.

    Unfortunately, this means that I have to ask that this thread be closed as I need to make a new one for a problem that has followed me to the new install, namely random redirects from google and yahoo search.

    Again, many thanks for your help!
    And where does the newborn go from here? The net is vast and infinite.--Major Motoko Kusanagi from Ghost in the Shell
    [Spike has destroyed a malfunctioning antique Betamax tape player]
    Spike: Most things get better when I kick them...

  6. The Following User Says Thank You to themister For This Useful Post:


  7. #4
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    This thread will now be closed since the issue seems to be resolved.

    If you need this topic reopened, please send me a PM and I will reopen it for you.

    If you should have a new issue, please start a new topic.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-