PDA

View Full Version : system fix



Snapper
2011-12-04, 02:47
Hello, long time user of Spybot (Love and recogmend it), first post. I have a malware virus. it presents its self as a scan for P.C. errors the name is System fix. it starts up and runs a "scan" and then tells you there is some really major things wrong with your computer. I ran Spybot a couple of times but it doesnt detect it. Tried to run dds.scr so I could post my DDS but it wont run says there is no program associated with it. So here I am, sorry not much to go on, but does anybody have any ideas?

Satchfan
2011-12-05, 10:52
Hello Snapper and welcome to Safer Networking.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

please follow all instructions in the order posted
please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
if you don't understand something, please don't hesitate to ask for clarification before proceeding
the fixes are specific to your problem and should only be used for this issue on this machine.
please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

==================================================

Run RogueKiller

Note: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run roguekiller again

Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) to your desktop.

close all running programs
for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
when prompted, type 1 and press Enter
the RKreport.txt will be generated next to the executable, (on the desktop).
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

Remember: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run roguekiller again

Satchfan

Snapper
2011-12-06, 04:17
Hello Satchfan, thank you so much for the help!
last night I restarted my computer and as it was booting I entered safe mode from there I was able to run system restore and it worked the computer is running great. I wasnt able to run system restore with windows because it thought the malware was virus protection. Should I still do what you suggested or do you think I got rid of it with the restore?
Again Thanks for the help!!
Snapper

Satchfan
2011-12-06, 09:55
Hi Snapper

System Restore might have cured the symptoms but it is unlikely that it has cleared up the infection.

Instead of the previous instructions , we’ll do a couple of other scans


Download and run OTL

download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
when the window appears, underneath Output at the top change it to Minimal Output.
check the boxes beside LOP Check and Purity Check.
under Custom Scan paste this in


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

You may need two posts to fit them both in.

===================================================

Run aswMBR

download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop.
double click the aswMBR.exe to run it
if asked, accept the AVAST virus definition download
click the "Scan" button to start scan
on completion of the scan click Save log, save it to your desktop and post in your next reply.
Logs to include with next post:

OTL.Txt
Extras.Txt
aswMBR log

Thanks

Satchfan

Satchfan
2011-12-09, 11:57
Hello Snapper

It has been several days since I posted instructions to help with your computer problem.

Please let me know if you still need help.

Thanks

Satchfan