PDA

View Full Version : Unable to launch spybot



marycamacho
2011-03-29, 19:28
Tashi in Spybot forum has given me permission to go ahead and post on Malware site.
I have Windows XP and use Firefox search engine. I have been infected with trojan XP Total Security. Any help much appreciated Have attempted to follow your notes "before you post". However cannot launch ERUNT. Like Spybot and Avira have downlowded them and then cannot launch. I am asked whether I am sure I want to launch and I click yes but nothing at all happens. This of course means I can't follow your back up instructions. Any ideas please?

shelf life
2011-03-30, 23:54
Read the directions for using combofix, on another machine if necessary. Download combofix to your desktop and boot into safe mode. To reach safe mode you would tap the f8 key during a computer restart, chose the first option form the list: safe mode, log in your usually account. Once at the safe mode desktop run combofix in safe mode and post the log. Back in 'normal' mode try running Spybot and Avast.
Guide to using Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

marycamacho
2011-03-31, 00:23
thank you will try this and get back when I have managed to get a friend to down load combofix for me. Many thanks in the meantime

marycamacho
2011-04-04, 21:37
Shelf life - just to say that I am still waiting for a friend to down load Combofix and will be in touch when I have tried it. Many thanks

shelf life
2011-04-05, 00:13
ok, no problem. If you have read the guide for using it then go ahead and try downloading combofix right on to the compromised machine. If you cant run it in "normal" mode you can try booting into safe mode to run combofix.
To reach safe mode you would tap the f8 key during a computer restart, chose the first option from the list; safe mode. Log into your normal account, once at the safemode desktop try running combofix.
If it wont run either way then post back.

marycamacho
2011-04-06, 22:14
I have not made any progress, my friend is very reluctant to download Combofix to her pc because of warning message and the fear of compromising her pc. I understand that.
I have tried to download combofix whilst in safemode no success. Equally when in normal mode cannot get past when asking it to run it tells me "application not found". Programmes I previously had on my pc Start Up menu eg Firefox, Microsoft Office, Powerpoint, My Documents etc will not now start up and I get message "application not found" when I click on them.
In the meantime the original constantly appearing XP Total Security trojan no longer appears on my screen, it appears to have gone spontaneously!! Although I imagine all the problems I am having are as a consequence of it.
I am sorry to be such a "newbie" non techi person. If this is all too much please let me know and I will have to find a physical source of help, I have been given the contact details of a fairly local person. Many thanks for your patience so far.

shelf life
2011-04-07, 00:39
download Combofix to her pc because of warning message and the fear of compromising her pc

What warning message? Its not malware. Its perfectly safe to download.



combofix whilst in safemode no success
You would have to chose "safe mode with networking" rather than just "safe mode"


it appears to have gone spontaneously!!
I doubt it.

Its no problem for me to continue, however you probably want your machine back quickly. If you want to continue or take it somewhere its up to you. This is free of course and I guarantee a shop will use the free same tools I do delete them and turn around charge you for it.

You can try these tools also while in normal mode or safe mode;

Download to your desktop using the links below
Double-click on the Rkill.com desktop icon to run the tool.

* If using Vista, right-click on it and Run As Administrator.

* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. After its finished try running Combofix again.

* If not, delete the file, then download and use the one provided in Link 2 and after try running combofix again.

* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs and you can run combofix

1) rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
2) rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
3) rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
4) iExplore.exe (http://download.bleepingcomputer.com/grinler/iExplore.exe)
5) userinit.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)

attached is a screenshot of the combofix website guide page, that what your friend should be seeing

marycamacho
2011-04-12, 15:28
Shelf Life Many thanks for your assistance. I gave up the challenge and sent my pc to the doctor. It is fine now.
thank you again.

shelf life
2011-04-12, 20:06
Ok thanks for the update.

Some tips to help you remain malware free;

10 Tips for Prevention and Avoidance of Malware:

There is no reason why your computer can not stay malware free.

No software can think for you. Help yourself. In no special order:


1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update (http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us) frequently or use the Windows auto-update feature. (http://www.microsoft.com/windows/downloads/windowsupdate/automaticupdate.mspx) Staying updated is also essential for web based applications, browser plugins and addons like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Use the auto-update features available in most software. Not sure if you are using the latest version of software? Check their version status and get the updates here. (http://secunia.com/vulnerability_scanning/online/)

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs (http://www.malwarevault.com/signs.html)that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. Do you trust the source? See also E-mail phishing Tricks (http://www.fraud.org/tips/internet/phishing.htm).

5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.

8) Install and understand the *limitations* of a software firewall.

9) A slide show how to for securing Internet Explorer 8.0 (http://threatpost.com/en_us/slideshow/How%20to%20configure%20Internet%20Explorer%20for%20secure%20surfing) for safer surfing. How to harden FireFox. (http://threatpost.com/en_us/slideshow/How-to-configure-Mozilla-Firefox-for-secure-surfing?utm_source=Second+Sidebar&utm_medium=Featured+Slideshows&utm_campaign=Configure+Mozilla+Firefox) for safer surfing.

10) Warez, cracks etc are very popular for carrying malware payloads.If you download/install files via p2p networks you will encounter malware. A file can be named anything be nothing but malware or have malware bundled in it. Can you really trust the source of the file?

More info/tips with pictures, links below

Happy Safe Surfing.