Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 30

Thread: Test your skill and impress me with this one...

  1. #11
    Junior Member
    Join Date
    Sep 2011
    Posts
    14

    Default

    Okay - I did the flash disinfector, attempted to run DDS, it didn't seem to do anything - unless it was doing something, there was a line of pound signs at the bottom and they were blinking.

    tried to run rkill and the computer shut off. haven't gotten to gmer yet. it seems like it's over heating, but it stays on as long as I'm not doing any activity on it.

  2. #12
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello meglamb

    there was a line of pound signs at the bottom and they were blinking
    That does'nt sound right at all. Can you tell me if you are still receiving the "this file is infected" message when you try to run DDS?


    This infection changes settings on your computer so that when you launch an executable, it will instead launch the infection rather than the desired program.

    To fix this we must first download a Registry file that will fix these changes.


    Please work your way through the following steps in the order that they appear:


    1. FixNCR


      • From a clean computer, please download the following file and save it to a removable media such as a CD/DVD, external Drive, or USB flash drive.
      • Once that file is downloaded and saved on a removable device, insert the removable device into the infected computer and open the folder the drive letter associated with it.
      • You should now see the FixNCR.reg file that you had downloaded onto it.
      • Double click on the FixNCR.reg file to fix the Registry on your infected computer.
      • You should now be able to run your normal executable programs and can proceed to the next step.


    2. rKill


      • Once you have run FixNCR, I would like you to run rKill again (just as you did before).


    3. DDS


      • After rKill has been run, please try to scan with DDS again. If DDS is able to complete its scan and you can save the log, move on to the GMER scan.



      If DDS is unable to complete its scan, forget about GMER and try the following scanner instead:

    4. Download and run OTL by Oldtimer


      • Please download OTL by Oldtimer by clicking here and save the file (called OTL.com) to your desktop.
      • Close all open windows on your computer then Double click on the OTL.com icon to run the program.
      • Check the boxes beside "LOP Check" and "Purity Check".
      • Under Custom Scan paste this in:


      netsvcs
      %SYSTEMDRIVE%\*.*
      %systemroot%\Fonts\*.com
      %systemroot%\Fonts\*.dll
      %systemroot%\Fonts\*.ini
      %systemroot%\Fonts\*.ini2
      %systemroot%\Fonts\*.exe
      %systemroot%\system32\spool\prtprocs\w32x86\*.*
      %systemroot%\REPAIR\*.bak1
      %systemroot%\REPAIR\*.ini
      %systemroot%\system32\*.jpg
      %systemroot%\*.jpg
      %systemroot%\*.png
      %systemroot%\*.scr
      %systemroot%\*._sy
      %APPDATA%\Adobe\Update\*.*
      %ALLUSERSPROFILE%\Favorites\*.*
      %APPDATA%\Microsoft\*.*
      %PROGRAMFILES%\*.*
      %APPDATA%\Update\*.*
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\System32\config\*.sav
      %PROGRAMFILES%\bak. /s
      %systemroot%\system32\bak. /s
      %ALLUSERSPROFILE%\Start Menu\*.līk /x
      %systemroot%\system32\config\systemprofile\*.dat /x
      %systemroot%\*.config
      %systemroot%\system32\*.db
      %PROGRAMFILES%\Internet Explorer\*.dat
      %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
      %USERPROFILE%\Deskuop\*.exe
      %PROGRAMFILES%\Common Files\*.*
      %systemroot%\*.src
      %systemroot%\install\*.*
      %systemroot%\system32\DLL\*.*
      %systemroot%\system32\HelpFiles\*.*
      %systemroot%\system32\rundll\*.*
      %systemroot%\winn32\*.*
      %systemroot%\Java\*.*
      %systemroot%\system32\test\*.*
      %systemroot%\system32\Rundll32\*.*
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
      /md5start
      iexplore.*
      explorer.*
      winlogon.*
      dll
      zx.dll
      hlp.dat
      /md5stop


      • Click the "Run Scan" button. Do not change any settings unless specifically told to do so. The scan will not take long.


      • When the scan completes, it will open two notepad windows: OTL.Txt and Extras.Txt.
      • Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please Copy and Paste the contents of both files in your next reply. You may need two posts to fit them both in.


      If DDS is able to complete its scan please post the log in your next reply (likewise with GMER). If you are still having trouble with DDS please try OTL and let me know how it goes.

    Proud Graduate of the WTT Classroom

  3. #13
    Junior Member
    Join Date
    Sep 2011
    Posts
    14

    Default

    when I double clicked DDS, the black box popped up, nothing happened, so I hit enter, and after I hit enter, a row of pound signs appeared and the cursor kept blinking.

    I put rkill.scr on the laptop and clicked it and the computer shut off.

    I'm sorry this must be incredibly frustrating for you both because I don't know dick about computers, and because nothing seems to be working because the computer turns off.

  4. #14
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello meglamb

    I'm sorry this must be incredibly frustrating for you
    You're doing fine Meg, and there is no need to apologise. Sometimes malware is easy to clean, sometime it is'nt. I'm not giving up just yet

    Did you try to run OTL?

    If you tried and it did not run for you, let me know and we'll move on to a different approach.
    Proud Graduate of the WTT Classroom

  5. #15
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello meglamb

    Lets give the following a try:

    Please re-name DDS/OTL to either explorer.exe or iexplore.exe and see if they will run when re-named
    Proud Graduate of the WTT Classroom

  6. #16
    Junior Member
    Join Date
    Sep 2011
    Posts
    14

    Default

    Okay! I've got a scan, but I've got an issue - my USB ports don't work on the infected computer, and I cannot get it to connect to the internet, even if I jam a hardwire into it - so how do I get the scan to you?

  7. #17
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello meglamb

    First of all, you did a really great job getting that scan I know it was'nt easy - very well done indeed

    so how do I get the scan to you?
    This is what we have to deal with next.

    Without active USB ports we are unable to use a flash drive for the transfer. Are you able to burn the log file to disk and then use a different machine to paste it here?
    Proud Graduate of the WTT Classroom

  8. #18
    Junior Member
    Join Date
    Sep 2011
    Posts
    14

    Default

    welp! I got the scan by booting the computer from a disk, so I don't think I can take the disk out and put another one in to burn it can I?

    I know for a fact that a cd burning program won't open from my normal desktop.

  9. #19
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello meglamb

    I got the scan by booting the computer from a disk
    You did not mention this to me before. Are you telling me that you are now unable to boot the machine at all without the use of the boot disk?
    Proud Graduate of the WTT Classroom

  10. #20
    Junior Member
    Join Date
    Sep 2011
    Posts
    14

    Default

    nope, I can boot it without a disk, but from a disk is the only way that I could run that scan. I suppose I could try exchange the scan file from safemode, but I looked for the scan on my normal desktop and could not locate it. naw mean?

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •