Page 4 of 8 FirstFirst 12345678 LastLast
Results 31 to 40 of 71

Thread: Badly Infected

  1. #31
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi e28ct17,

    Did you need to edit the line after you used F10?

    Next, Right click on OTL.exe and chose Run as Administrator to run it
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    • Do Not copy the word CODE
    • please note the fix starts with the :

    Code:
    :Services
    
    dir /s c:\users\Janice\AppData\Roaming\Yfhym /c
    dir /s c:\users\Janice\AppData\Roaming\Inuro /c
    dir /s c:\users\Janice\AppData\Roaming\Adodn /c 
    dir /s c:\users\Janice\AppData\Roaming\Elday /c
    dir /s c:\users\Janice\AppData\Roaming\Urubn /c
    dir /s c:\users\Janice\AppData\Roaming\Goaci /c
    dir /s c:\users\Janice\AppData\Roaming\Ofgaub /c
    dir /s c:\users\Janice\AppData\Roaming\Sie /c
    Then click the Run Fix button at the top
    • Let the program run unhindered
    • Please save the resulting log to be posted in your next reply.
    Please post the OTL fix log.
    Member of UNITE and ASAP

  2. #32
    Member
    Join Date
    Jan 2012
    Posts
    36

    Default

    Yes, I edited the line.

    Here is the log from OTL

    ========== SERVICES/DRIVERS ==========
    Error: No service named dir /s c:\users\Janice\AppData\Roaming\Yfhym /c was found to stop!
    Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Yfhym /c not found.
    Error: No service named dir /s c:\users\Janice\AppData\Roaming\Inuro /c was found to stop!
    Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Inuro /c not found.
    Error: No service named dir /s c:\users\Janice\AppData\Roaming\Adodn /c was found to stop!
    Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Adodn /c not found.
    Error: No service named dir /s c:\users\Janice\AppData\Roaming\Elday /c was found to stop!
    Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Elday /c not found.
    Error: No service named dir /s c:\users\Janice\AppData\Roaming\Urubn /c was found to stop!
    Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Urubn /c not found.
    Error: No service named dir /s c:\users\Janice\AppData\Roaming\Goaci /c was found to stop!
    Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Goaci /c not found.
    Error: No service named dir /s c:\users\Janice\AppData\Roaming\Ofgaub /c was found to stop!
    Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Ofgaub /c not found.
    Error: No service named dir /s c:\users\Janice\AppData\Roaming\Sie /c was found to stop!
    Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Sie /c not found.

    OTL by OldTimer - Version 3.2.31.0 log created on 01252012_232834

  3. #33
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi e28ct17,

    Thanks for the info.

    Sorry I made a mistake in that las script. Please run OTL the same way with this script.

    Next, Right click on OTL.exe and chose Run as Administrator to run it
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    • Do Not copy the word CODE
    • please note the fix starts with the :

    Code:
    :Services
    
    :files
    dir /s c:\users\Janice\AppData\Roaming\Yfhym /c
    dir /s c:\users\Janice\AppData\Roaming\Inuro /c
    dir /s c:\users\Janice\AppData\Roaming\Adodn /c 
    dir /s c:\users\Janice\AppData\Roaming\Elday /c
    dir /s c:\users\Janice\AppData\Roaming\Urubn /c
    dir /s c:\users\Janice\AppData\Roaming\Goaci /c
    dir /s c:\users\Janice\AppData\Roaming\Ofgaub /c
    dir /s c:\users\Janice\AppData\Roaming\Sie /c
    Then click the Run Fix button at the top
    • Let the program run unhindered
    • Please save the resulting log to be posted in your next reply.
    Please post the OTL fix log.
    Member of UNITE and ASAP

  4. #34
    Member
    Join Date
    Jan 2012
    Posts
    36

    Default

    Things seem to be running a bit better, however is get re-directed on google.

    ========== SERVICES/DRIVERS ==========
    Error: No service named dir /s c:\users\Janice\AppData\Roaming\Yfhym /c was found to stop!
    Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Yfhym /c not found.
    Error: No service named dir /s c:\users\Janice\AppData\Roaming\Inuro /c was found to stop!
    Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Inuro /c not found.
    Error: No service named dir /s c:\users\Janice\AppData\Roaming\Adodn /c was found to stop!
    Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Adodn /c not found.
    Error: No service named dir /s c:\users\Janice\AppData\Roaming\Elday /c was found to stop!
    Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Elday /c not found.
    Error: No service named dir /s c:\users\Janice\AppData\Roaming\Urubn /c was found to stop!
    Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Urubn /c not found.
    Error: No service named dir /s c:\users\Janice\AppData\Roaming\Goaci /c was found to stop!
    Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Goaci /c not found.
    Error: No service named dir /s c:\users\Janice\AppData\Roaming\Ofgaub /c was found to stop!
    Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Ofgaub /c not found.
    Error: No service named dir /s c:\users\Janice\AppData\Roaming\Sie /c was found to stop!
    Service\Driver key dir /s c:\users\Janice\AppData\Roaming\Sie /c not found.

    OTL by OldTimer - Version 3.2.31.0 log created on 01262012_193118

  5. #35
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi e28ct17,

    Was this machine always Windows7 or was it upgraded from a different version of windows?

    Seems to be a bit of discrepancy in a couple of the logs. I'd like to confirm something before we procede. Could I get you to repeat some instructions for me?

    On the sick computer

    Please make this screenshot:

    Click Start > Control Panel > System and Security > Adminstrator Tools > Computer Mangement
    • When Computer Management opens double click on disk management
    • make sure the pane is expanded wide enough to show all partitions
    • Take a screenshot by pressing the alt and print screen keys at the same time
    • open an editor such as Paint
    • right click in the white panel and click paste
    • save the image as a .jpg or .png
    • name it new.jpg or new.png
    • attach it to your next reply
    Member of UNITE and ASAP

  6. #36
    Member
    Join Date
    Jan 2012
    Posts
    36

    Default

    The computer has only had Windows 7 installed....no other OS.

    I have attached the screen shot you requested

  7. #37
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi e28ct17,

    Let's see if we can get rid of the redirects. We will be using xPUD again. In all likelyhood you will need to use the F10 method again when restarting the computer after exiting xPUD. There will also be some addition instructions at the end to ensure we get all elements of this infection. Please read through this before starting. ask any questions you have for clarification.

    • Download tdl_fix.sh and save it to the flash drive you where using.
    • Make sure the flash drive is attached to the sick computer.
    • Boot into xPUD with the CD then click the File tab.
    • Press File
    • Expand mnt
    • Click on the folder under mnt that represents your USB drive (sdb1 ?)
    • You should see the tdl_fix.sh file in the main window.
    • Select Tool from the Menu
    • Choose Open Terminal
    • Type bash tdl_fix.sh then press Enter

      (note there is a space after bash and that is an underscore after tdl)
    • Read the warning then type y and press Enter to continue.
    • Type sda then press Enter when prompted.
    • You will be shown a list of partitions to choose marking active.
    • Type 1 then press Enter.
    • If you are presented with a warning about no bootloader files, type n then press Enter to choose another. If this happens, please post back for further instructions. Just leave the computer running if you wish and use your other one to post.
    • If you receive no warning about bootloader files but are presented with another view of the partition structure and asked if it looks correct, type y then press Enter.
    • The script will complete and prompt you to reboot the computer.
    • Close the Terminal window and restart back into Windows.


    When restarting the computer:
    • while the computer is rebooting press the F10 to bring up 'Edit Boot Options' screen. (if it's pressed too early you might get the bios screen instead. )
    • Refer to the screenshot you used earlier as a reference to what you should see (post 26)
    • If it says /minint or int/min after /NOEXECUTE=OPTIN,

      hit the Backspace key until that entry reads:

      /NOEXECUTE=OPTIN
    • hit enter


    Once the computer has booted into Windows:

    :
    • click start
    • type cmd into the search box
    • right click on cmd that appears at the top and click Run as adminstrator
    • type bcdedit /enum all >%userprofile%\desktop\log.log

      (note: there is a space after bcdedit, a space after enum and one after all)
    • hit enter
    When it's finished a notepad named log.log will be on the desktop.

    Post the contents of the tdl_fix.txt file that was created on your flash drive and the contents of log.log in your next reply.

    Please let me know how the computer is behaving.

    Extra Note - in the event the computer will not boot to windows or asks if you want to do a Factory Restore. Stop

    Boot the computer with the xPUD CD and run the tdl_fix.sh script again using the following command.

    bash tdl_fix.sh -restore

    Make sure to leave a space to either side of tdl_fix.sh in the command.
    This will prompt you to use the file tdl_mbr_sda.bin on drive sda.
    Ok the procedure then restart when complete.
    This is a backup of the original mbr and will restore it to it's current state.
    Member of UNITE and ASAP

  8. #38
    Member
    Join Date
    Jan 2012
    Posts
    36

    Default

    Yes, I received the warning that there was not a bootloader file. I pressed "n" as you instructed.

  9. #39
    Senior Member
    Join Date
    Sep 2010
    Posts
    631

    Default

    Hi e28ct17m

    Ok select 2 this time. There is a bit of a anomaly on this computer so hopefully this will be the one.
    Last edited by oldman960; 2012-01-28 at 09:28. Reason: typo
    Member of UNITE and ASAP

  10. #40
    Member
    Join Date
    Jan 2012
    Posts
    36

    Default

    When I went back to my computer the terminal window was gone. I tried to reboot and got the same message I got before

    [6.382827] sd 7:0:0:0: [sdg] Assuming drive cache: write through
    [6.382827] sd 7:0:0:0: [sdg] Assuming drive cache: write through
    [6.382827] sd 7:0:0:0: [sdg] Assuming drive cache: write through
    giving up.
    xinit: No such file or directory (errno 2): unable to connect to X server
    xinit: No such process (errno 3): Server error.
    xauth: (argu):1: bad display name "(none):0" in "remove" command
    sh: no job control in this shell
    sh-4.0#

    I then followed your previous instructions and took the disk out and rebooted and hit F10. I removed "int/min" and booted fine into windows. I put disk back into computer and rebooted. When xPUD booted I chose English and then got the above message again. Hope I didn't do too much on my own and mess up.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •