Search Engine Redirect Virus w/ Google

Windows-XP-activation-fix.jpg



draft_lens2267816module12389736photo_12255123262.JPG


Please refer to the two screenshots above, the window in the second screenshot is displayed after clicking Yes in the alert box shown in the first screenshot.

Does the contents of the alert box and the window in the screenshots match exactly what you see or are there any differences?
 
Regarding your Windows Product key: Where is it? Did you stick it inside the computer case or do you store it elsewhere?

You may want to print out these instructions.

Enter the Recovery Console:

  • Start your computer, press the up arrow key on the keyboard as soon as the black screen is displayed during the boot asking you to select which operating system to start. This will keep the computer from booting into Windows XP.
  • Use the up and down arrow keys to select the Microsoft Windows Recovery Console option and then press the Enter key. A numbered list of start options will be displayed and you will be asked to enter the number associated with the installation you would like to start.
  • Type the number associated with the c:\WINDOWS option (normally 1).
  • At the c:\WINDOWS prompt type the command shown in the box below, press the Enter key to execute the command.
    Code: 
    dir /s /p \Qoobox\Quarantine\c\windows\system32
    You will have to use your other computer to post back which files Combofix has quarantined. Stop after 10 files if there's a lot.
    If there are more than ten and we do not find the culprit it could be that we will have to check more entries.
  • Press Ctrl+C on your keyboard, then type exit and press the Enter key. The computer will reboot.
  • Press the up arrow key on the keyboard as soon as the black screen is displayed during the boot asking you to select which operating system to start. This will keep the computer from booting into Windows XP.
  • Press the power button on your computer to power down.
 
Try the following command:
dir /s /p c:\Qoobox\Quarantine\c\windows\system32
Note that there are 3 spaces in the command.
 
Try the following command, make sure you spell it correctly:
type C:\Qoobox\ComboFix-quarantined-files.txt
If successful post back 10 entries in that file starting from the bottom.
 
jayescee316 said:
I did a Google search on the command:

dir /s /p c:\Qoobox\Quarantine\c\windows\system32

They changed the "/p" into a "/b"
Click to expand...

There seems to be no "/p"-parameter in the recovery console. This is the command I prefer you to try:
dir c:\Qoobox\Quarantine\c\windows\system32
Post back with 10 files from the bottom.
 
Here's what it shows when I type in "c:\Qoobox\Quarantine\c\windows\system32"

01/9/12 03:08p d------- 0 .
01/9/12 03:08p d------- 0 ..
08/04/04 05:00a -a------ 502272 winlogon.bak.vir
08/17/11 05:27p -a------ 502272 winlogon.exe.vir
4 file(s) 1004544 bytes
152074321920 bytes free
 
Are there more files listed by the following command?
type C:\Qoobox\ComboFix-quarantined-files.txt

Also, don't forget to answer my questions about the Windows product key:
Where is it? Did you stick it inside the computer case or do you store it elsewhere?
Click to expand...
 
When I typed in C:\Qoobox\ComboFix-quarantined-files.txt it said, "The command is not recognized Type HELP for a list of supported commands."

I was never given a Windows product key since the computer was custom built.
 
You must log in or register to reply here.
Back
Top