-
Run File Lister in normal windows please
-
OK, ran FileLister in normal windows. C:\Files.txt has nothing in it. Also, the Files.txt that FileLister opens up while running had nothing in it.
-
Hi again,
I was poking around, and noticed that both Malwarebytes and SUPERAntiSpyware were out of date, and allowed both to update. (Not sure how badly out of date their malware detection information was, I did install Malwarebytes last weekend.)
I ran a quick scan with Malwarebytes, and it found nothing. However, SUPERAntiSpyware's scan found the following:
-Adware.TrackingCookie [ 14 items ]
-Adware.Vundo/Variant-EC [ 1 items ]
-Adware.Vundo/Variant-Senorita [ 1 items ]
-Adware.Vundo/Variant-Variant-Yx [ 3 items ]
The scan is still open, I haven't told it to remove anything, because I didn't want to do anything that might interfere with your next recommendation.
Also, one last thing. I tested Internet Explorer, and it is still redirecting. (Firefox is still working fine.) I should have tested it before, but like I mentioned, I rarely use it, and don't really trust it even when I'm not infected.
Thanks!
-
We need to try and run GMER again, cant give you a clean bill of health until I see the report. This time we are going to disable the CD drivers and you also have to disable your Anti Virus
Disable Antivirus Software Info
Link
Drag GMER to the trash and we are going to start over
GMER with Defogger
Please download DeFogger to your desktop.
Double click DeFogger to run the tool.
- The application window will appear
- Click the Disable button to disable your CD Emulation drivers
- Click Yes to continue
- A 'Finished!' message will appear
- Click OK
- DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until otherwise instructed.
Next:
Download the GMER Rootkit Scanner. Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
- Double click GMER.exe.
- If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
- In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Click the image to enlarge it
- Then click the Scan button & wait for it to finish.
- Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
- Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.
To re-enable your Emulation drivers, double click DeFogger to run the tool.
- The application window will appear
- Click the Re-enable button to re-enable your CD Emulation drivers
- Click Yes to continue
- A 'Finished!' message will appear
- Click OK
- DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.
Your Emulation drivers are now re-enabled.
-
Quick question. I'm trying to disable Spybot's TeaTimer per the linked instructions, but I can't find the TeaTimer entry in the System Startup section... Can I disable it via msconfig or something (provided I can find it)?
-
No problem, disable the TeaTimer this way
Disable the TeaTimer, leave it disabled, do not turn it back on until we're done or it will prevent fixes from taking
- Run Spybot-S&D in Advanced Mode.
- If it is not already set to do this Go to the Mode menu select "Advanced Mode"
- On the left hand side, Click on Tools
- Then click on the Resident Icon in the List
- Uncheck "Resident TeaTimer" and OK any prompts.
- Restart your computer.<--You need to do this for it to take effect
-
Uh oh... GMER didn't crash, but my PC rebooted abruptly... Is it supposed to do that? I didn't touch anything...
-
Look for the log on your desktop
-
Unfortunately, I don't see any log!
The only thing I see is the defogger_disable log, and that was only requested if an error occurred running defogger. I did notice that defogger did NOT reboot as described when it finished running... Perhaps a lengthy delay in doing so? Man, and GMER was running just fine too. (I need a banging-head-against-wall emoticon.)
Should I try running GMER again, or do I need to go through the defogger process? Or?
-
Let's try gmer again, if it won't run we can try something else
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules