log of eset scan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP2\A0002492.exe probably a variant of Win32/Agent.EDQCSRE trojan
log of eset scan
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP2\A0002492.exe probably a variant of Win32/Agent.EDQCSRE trojan
about the keyboard icon, this the language icon of windows which usually stays next to the system tray.
if i reload the recovery DVD, I'll have to reinstall the whole system I think..
Hi,
What ESET found was in your System Restore program, lets flush it all out and create a new restore point
System Restore is a component of Microsoft's Windows Me, Windows XP, Windows Vista and Windows 7 operating systems that allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of malfunctioning or failure. Old restore points can be a source of re-infection.
Please follow the steps below to create a clean restore point:
- Click Start > Run > copy and paste the following into the run box:
%SystemRoot%\System32\restore\rstrui.exe- Press OK. Choose Create a Restore Point then click Next.
- Name it (something you'll remember) and click Create.
- When the confirmation screen shows the restore point has been created click Close.
Then remove all previous Restore Points
- Click Start > Run > copy and paste the following into the run box:
cleanmgr- Choose to scan drive C:\ (if C:\ is your main drive).
- At the top, click on More Options tab. Click the Clean up... button in the System Restore box.
- Click on the Yes button.
- When finished, click on Cancel button to exit.
We need to uninstall previous versions of Java and install the latest one, this will help making your computer more secure
Please download JavaRa to your desktop and unzip it to its own folder
- Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
- Accept any prompts.
- Open JavaRa.exe again and select Search For Updates.
- Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
1. Click Start > Settings > Control Panel.
2. Double-click the Java Plug-in icon in the control panel.
3. Click the Cache tab.
4. Click Clear A confirmation dialog box appears.
5. Click Yes to confirm.
6. Click Apply.
As far as you Icon for your Keyboard, why dont you post here in there windows forum, we all work together so you can link them to this thread if you wish so they can see what we have done.
http://forums.whatthetech.com/index.php?showforum=119
Combofix <---Is not a general cleaning tool, just run it with supervision or you can damage your system
- Click START then RUN
- Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups
- How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.- Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
- WhattheTech
- Grinler BleepingComputer
- GeeksTo Go
- Dslreports
Safe Surfn
Ken
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
I did exactly what you told me to do.
Technically, the virus is gone. I'll monitor the behavior of the computer the next hours to be sure.
OTL did not remove everything. for example, aswmbr.exe, ATF-cleaner.exe, RKHunhookerLE.exe, are still on the desktop. I think I'll just delete them.
ESET installed some component, so do I have to do another scan and when he asks me what to do I check the uninstall component after scan box, in order to uninstall ESET on the computer?
I remembered that I used defogger to disable some thing, but I don't remember what. do I have to reinstall defogger in order to unable whatever he disabled?
about the keyboard icon, I don't know how but it is back in place, here a small pic to let you see what I meant
To avoid these type of root-kit, do I have to have a real-time anti-spyware?
I am getting rid of McAfee, I want to install avira or avast, what is the best between these two? what will you recommend?
Thank You very much ken545!!!!!!
One more thing can you please have a look at this scan from RogueKiller
before I use to have a host file (some 125....) now this is Yp1. is it bad?
RogueKiller V4.3.7 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussi...Remontees.html
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: NICOU [Admin rights]
Mode: Scan -- Date : 05/09/2011 17:17:09
Bad processes: 0
Registry Entries: 0
HOSTS File:
ÿþ1
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
the previous log from 3 days ago
RogueKiller V4.3.7 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussi...Remontees.html
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: NICOU [Admin rights]
Mode: Scan -- Date : 05/06/2011 17:09:01
Bad processes: 0
Registry Entries: 0
HOSTS File:
Finished : << RKreport[1].txt >>
RKreport[1].txt
Well, when we ran the OTL fix we reset your hosts file back to Microsoft defaults, so thats fine
As far as Anti Virus software, whatever your comfortable with and like, what one scan finds another may not, there is no silver bullet. But you should only have one so if you install one of the other ones you posted about you need to uninstall McAfee
You can uninstall ESET via Add Remove Programs in the Control Panel
To re-enable your Emulation drivers, double click DeFogger to run the tool.
- The application window will appear
- Click the Re-enable button to re-enable your CD Emulation drivers
- Click Yes to continue
- A 'Finished!' message will appear
- Click OK
- DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.
Your Emulation drivers are now re-enabled.
The rest you can just drag to the trash
Anymore questions please post back
Last edited by ken545; 2011-05-10 at 01:07.
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
ok you answered all the questions except that one:
"I remembered that I used defogger to disable some thing, but I don't remember what. do I have to reinstall defogger in order to unable whatever he disabled?"
other that that so far, everything runs smooth and I'll install one antivirus only.
We crossed post, the enable defogger is in my prior post
Glad all is well
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
So the emulation driver is enable, thank you.
i ran spybot and again, click.giftload. I am so afraid I took no action.
I am still sick? I mean the computer, beside that, no redirect so far and no excessive process of svchost
here is the log (it is so long that i can't paste it here but this is the result)
--- Search result list ---
Click.GiftLoad: [SBI $89783858] User settings (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe
Do this
Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.
If you saved the file correctly it should look like thisREGEDIT4
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION]
"svchost.exe"=-
Run Spybot again and it should be gone
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.