Got rid of Braviax, now have Brastk.exe

[Fatboy_97]

Well got as far as windows\erdnt>dir and this is what came up:

Directory of C:\WINDOWS\ERDNT

10/28/08 08:43p d------- 0 .
10/28/08 08:43p d------- 0 ..
10/28/08 08:43p d------- 0 10-28-2008
3 file(s) 0 bytes
59765456896 bytes free

So of course typing cd 10-28-08 came up with:
"The system cannot find the file or directory specified."

You ever have to put in as much time on one of these fixes as you have with this one? Thanks so much for your patience.

[Blender]

Sorry my bad ..
Only mistake made here was typing in the directory wrong.
I should have seen that (duh on me) even after looking in my own erdnt folder.

Once in the ERDNT directory & you see the list after typing in dir

Now type these commands hitting enter after each. Give ERDNT.Con time to finish its job before exiting recovery console.

cd 10-28-2008
ERDNT.CON
exit

don't worry. We'll get there.

[Fatboy_97]

We got one step closer, but only one........ Here we go:

C:\WINDOWS\ERDNT>cd 10-28-2008

C:\WINDOWS\ERDNT\10-28-2008>ERDNT.CON
The command is not recognized Type HELP for a list of supported commands.

I tried all caps, all lowercase, and a mixture of both for erdnt.con, but to no avail. Got the same response.

[Blender]

OK... My bad again. Lack of coffee moment.
I guess I cant remember as much stuff by heart as I thought.

Instead of ERDNT.con command do this:

BATCH ERDNT.con

The rest is all the same. It does not matter if you type in upper or lower case.

cd erdnt
cd 10-28-2008
batch erdnt.con
exit

[Fatboy_97]

Got sign on after doing cd batch erdnt.con!

Can't use anything after signing on!

Internet Explorer, Firefox, Spybot, or anything with an .exe extension.
Trying these just gives the warning:

"This file does not have a program associated with it for performing this action. Create an association in the Folder Options control panel."


Baby steps, just try to think baby steps.

[Blender]

Kewl!!

We're logged in == progress

Ok --- you get TeaTimer disabled and reset? Leave it off till I say. OK?

Make sure you can see all your file extensions.
Open your control panel & then "folder options"
Hit the "view" tab
Under "hidden files & folders" UNcheck "hide file extensions for known file types"
Apply & OK.

Download this tool to your desktop.
http://www.techsupportforum.com/sect...ckard/daft.exe
Right click "daft.exe" and choose "rename"
Call it daft.com
Once done it should look like a generic white/blue icon.
Double click it, OK the disclaimer & choose "scan"
Save log file & post the log here.

Make no changes yet please.

Also --- that TeaTimer log you posted.
Can you zip up & send me the whole log?
If not possible -- I imagine it is huge so you can upload it here please (even if just the text):

http://www.bleepingcomputer.com/subm...php?channel=19

Put URL from this thread in space provided so I know who the log came from.
It will likely be alot easier for me to read than trying to in the posts.

Also -- your XP CD.. What service pack is it bundled with?

Thanks

[Fatboy_97]

As for the TeaTimer I can't get it or IE or anything else to open even after UNchecking the hide file extension line in folder options. Still getting the same message as in previous post.

[Blender]

OK. So .com files give same message?

Does explorer start? Meaning you get the desktop loaded, see your icons, task bar and so on?

C:\program files\Spybot - Search & Destroy <-- go to this folder & rename TeaTimer.exe to TeaTimer.OLD

That is just to prevent it from running once we fix file associations.
We'll rename it back when we are done fixin stuff.

Now -- may need to use another machione since IE don't work..

Go to this site:

http://www.symantec.com/security_res...050614-0532-99

Right click on the "UnHookExec.inf" file and choose "save target as"
Save it to whatever media you are using to transfer stuff to busted computer.
copy it to broken computer.
Right click it & choose install
It should only take a few seconds then be done.

You should be able to run exes and such now.

If not -- reboot.
If you can please post new set of OTViewIt logs and do the teatimer disable/reset instructions.
If above is successful -- make ERUNT backup please.

I have to go for a bit & will come back later to check on you.

Thanks

[Fatboy_97]

Well I tried............ I got the "daft.txt" log, had it loaded in a reply thread, went to get some other info you requested & the damn thing just logged off! (On a side note I have been communicating with you on a laptop; just switching the connection cable to the "infected" computer when you instruct me to.)

So after logging back on a few times & having it log itself off, I switched the cable back here & now it doesn't log off?

Frustration is mounting!!!

[Blender]

You have some method to transfer logs?
What was listed in the daft log? You can run it again and see what is listed.
I wanna see if we got all the extensions fixed.

Some of the infections is likely what keeps logging you on/off.

Did you get TeaTimer renamed OK? Obviously can run exes and stuff now?
And you made new ERUNT backup?

Can you get to safe mode with network support & run OTViewIt so you can post logs? (less junkaroo should run in safe mode making system a bit more stable)
However -- don't be online long in safe mode cus no AV or firewall to help protect you against more junk.
Just be on long enough to get those logs done/posted and get offline with that machine.

As soon as you have it connected to the net it is either downloading more junk or spamming or something so you don't want it online unless posting logs/downloading stuff we need.

Thanks