back.0access please help!

**lex200** · 2011-11-20, 21:19

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\shez\favorites\avicx1forums.com view topic - getting ipod video to work on x1bt - think i've cracked it.url
c:\documents and settings\shez\my documents\my music\itunes\itunes media\books\ebook collection\step on a crack - james patterson.epub
c:\documents and settings\shez\my documents\my music\itunes\itunes media\books\ibooks\the mirror crack's from side to side - christie_ agatha.epub
scanner sequence 3.CP.11.PFLBUR
----- EOF -----

**ken545** · 2011-11-20, 21:58

Thanks for understanding. I hope this made you realize how dangerous illegal software is, I have been at this for many years and if you where sitting in my seat and was aware of the latest threats going around it would make your hair stand on end.

What you want to do is to disable Scotty (WinPatrol) by right clicking it on the System Tray and select disable

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:processes
killallprocesses

:OTL



:Services

:Reg

:Files
ipconfig /flushdns /c





:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.

**lex200** · 2011-11-20, 22:07

thanks for being patiant, im not aware of the lastest threats but this one has (made my hair fall out) been bad enough so i dont want to be going through this again.

otl has been quarantined by mcafee as artemis do u want me to unquarantine or download again

**ken545** · 2011-11-20, 22:17

Yes, you may have to disable McAfee prior to the download

Download OTL to your desktop.

**lex200** · 2011-11-20, 22:46

All processes killed
========== PROCESSES ==========
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\SHEZ\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\SHEZ\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->Java cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: SHEZ
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 3123497 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5941292 bytes
->Flash cache emptied: 470 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 9.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 11202011_213934

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

**ken545** · 2011-11-21, 00:18

A new clean hosts file has been written. WinPatrol is a nice program but to in your face for me, you can keep it but you dont have to keep it activated.

Do you have either the McAfee CD or the setup program for it that you downloaded along with the product key ?

**lex200** · 2011-11-21, 00:34

Yeah your right win patrol is a very good program, it's only been up in my face since infection other then that it was fine. Mcafee is an online installation and there is no product key it's all done vie user name and password. Mcafee seems to be fine now just running a scan at the moment. So far 1 detection potentially unwanted program 20% into scan can cancel if u want me to?

**ken545** · 2011-11-21, 01:34

Let it run and lets see what it finds

**lex200** · 2011-11-21, 01:51

It froze on me. The logs showed that it found combo fix. A ran a quick scan after come back clean. Wots next. The only problem I'm can see at the moment is the windows update not installing malicious software removal tool. Also would like to let you no that mcafee made me uninstall malwarebytes. A question relating to malwarebytes a few months ago I got two entry's come up not sure of the exact string but something to do with notify when firewall is off in security centre I put them in ignore list is that ok. I assumed they where false positives.

**ken545** · 2011-11-21, 02:17

Some Anti Virus programs do not play well with some of our tools, sometimes we have to work around that

What you may want to try is uninstalling McAfee via Add Remove Programs, then run there removal tool to remove all remnants of there program, then go back on line and download and reinstall it and see if it helps.

Mcafee Removal Tool
http://majorgeeks.com/McAfee_Consume...ool_d5420.html
http://service.mcafee.com/FAQDocument.aspx?id=TS100507

You can also try posting in there forum for help
https://community.mcafee.com/community/home

Your infection may have changed your security setting and malwarebytes found and wanted to fix them, go ahead and redownload Malwarebytes, check for updates and run the Quick scan removing all it finds.

Then you can try posting here for your windows update problem, you can link them to this thread if you wish as all us forums work together so they can see what we have done.
http://forums.whatthetech.com/index.php?showforum=119

Lets clean up the tools we have used to clean your system.

Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups

Malwarebytes is the free version and yours to keep and will not be removed

Keeping your Java updated is very important to the security of your system, info here on how to update
http://forums.spybot.info/showpost.p...80&postcount=2

How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
WhattheTech
Grinler BleepingComputer
GeeksTo Go
Dslreports

Safe Surfn
Ken

Thread: back.0access please help!

Thread Tools

Display

Posting Permissions