-
Member
-
Security Expert
-
Member
-
Security Expert
OK... My bad again. Lack of coffee moment.
I guess I cant remember as much stuff by heart as I thought.
Instead of ERDNT.con command do this:
BATCH ERDNT.con
The rest is all the same. It does not matter if you type in upper or lower case.
cd erdnt
cd 10-28-2008
batch erdnt.con
exit
-
Member
-
Security Expert
Kewl!!
We're logged in == progress
Ok --- you get TeaTimer disabled and reset? Leave it off till I say. OK?
Make sure you can see all your file extensions.
Open your control panel & then "folder options"
Hit the "view" tab
Under "hidden files & folders" UNcheck "hide file extensions for known file types"
Apply & OK.
Download this tool to your desktop.
http://www.techsupportforum.com/sect...ckard/daft.exe
Right click "daft.exe" and choose "rename"
Call it daft.com
Once done it should look like a generic white/blue icon.
Double click it, OK the disclaimer & choose "scan"
Save log file & post the log here.
Make no changes yet please.
Also --- that TeaTimer log you posted.
Can you zip up & send me the whole log?
If not possible -- I imagine it is huge so you can upload it here please (even if just the text):
http://www.bleepingcomputer.com/subm...php?channel=19
Put URL from this thread in space provided so I know who the log came from.
It will likely be alot easier for me to read than trying to in the posts.
Also -- your XP CD.. What service pack is it bundled with?
Thanks
-
Member
As for the TeaTimer I can't get it or IE or anything else to open even after UNchecking the hide file extension line in folder options. Still getting the same message as in previous post.
-
Security Expert
OK. So .com files give same message?
Does explorer start? Meaning you get the desktop loaded, see your icons, task bar and so on?
C:\program files\Spybot - Search & Destroy <-- go to this folder & rename TeaTimer.exe to TeaTimer.OLD
That is just to prevent it from running once we fix file associations.
We'll rename it back when we are done fixin stuff.
Now -- may need to use another machione since IE don't work..
Go to this site:
http://www.symantec.com/security_res...050614-0532-99
Right click on the "UnHookExec.inf" file and choose "save target as"
Save it to whatever media you are using to transfer stuff to busted computer.
copy it to broken computer.
Right click it & choose install
It should only take a few seconds then be done.
You should be able to run exes and such now.
If not -- reboot.
If you can please post new set of OTViewIt logs and do the teatimer disable/reset instructions.
If above is successful -- make ERUNT backup please.
I have to go for a bit & will come back later to check on you.
Thanks
-
Member
-
Security Expert
You have some method to transfer logs?
What was listed in the daft log? You can run it again and see what is listed.
I wanna see if we got all the extensions fixed.
Some of the infections is likely what keeps logging you on/off.
Did you get TeaTimer renamed OK? Obviously can run exes and stuff now?
And you made new ERUNT backup?
Can you get to safe mode with network support & run OTViewIt so you can post logs? (less junkaroo should run in safe mode making system a bit more stable)
However -- don't be online long in safe mode cus no AV or firewall to help protect you against more junk.
Just be on long enough to get those logs done/posted and get offline with that machine.
As soon as you have it connected to the net it is either downloading more junk or spamming or something so you don't want it online unless posting logs/downloading stuff we need.
Thanks
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules