Tech Support Forum - View Single Post

**amateur** · 06-23-2009, 08:41 AM

Hello and welcome to TSF.

Please note that most of the time the fixes require more than one round to properly eradicate. Stay with me until you're given the "all clear", even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions in the order they are presented, and please do no self-fixing or running of scanners unless requested by me or another helper at this forum.

You still have some remnants of Symantec. Please use the instructions on this page to completely uninstall your Norton Products.

(note: this removes ALL Norton 2004/2005/2006/2007 products from your computer, and also uninstalls Norton Ghost 10.0/9.0/2003)

=========================

Download ResetTeaTimer

and Save it to your Desktop.
Double-click ResetTeaTimer.zip
Double-click ResetTeaTimer.bat and click Run to remove all entries set by TeaTimer.
A DOS window will open and close again, this is normal.

------------------------------------------------------

While Spybot's TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent tools from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your logs are clean.

Open Spybot Search & Destroy.
In the Mode menu click "Advanced mode" if not already selected.
Choose "Yes" at the Warning prompt.
Expand the "Tools" menu.
Click "Resident".
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
If TeaTimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
In the File menu click "Exit" to exit Spybot Search & Destroy.

=============================

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

You need to disable your AVAST Antivirus before running ComboFix, as it will prevent it from running.

Right Click on the Avast icon in the system tray
Click on Program Settings...
Click on Troubleshooting
Place a tick next to Disable avast! self-defense module
Click OK
At the prompt that appears, click Yes
Right Click on the Avast icon in the system tray and click Stop On-Access protection
At the prompt that appears, click Yes
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

# Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
-----------------------------------
Note: Please make sure that your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this.

===========================

Next, please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Double-click GooredFix.exe to run it.
Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).

Note: Do not run Option #2 yet.

===========================

Please reply back with the Combofix.txt and the GooredLog.txt.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

06-23-2009, 08:41 AM	#3 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 7,473 OS: XP SP3	Re: Suspected Malware Hello and welcome to TSF. Please note that most of the time the fixes require more than one round to properly eradicate. Stay with me until you're given the "all clear", even if symptoms diminish. Lack of symptoms does not always mean the job is complete. Kindly follow my instructions in the order they are presented, and please do no self-fixing or running of scanners unless requested by me or another helper at this forum. You still have some remnants of Symantec. Please use the instructions on this page to completely uninstall your Norton Products. (note: this removes ALL Norton 2004/2005/2006/2007 products from your computer, and also uninstalls Norton Ghost 10.0/9.0/2003) ========================= Download ResetTeaTimer and Save it to your Desktop. Double-click ResetTeaTimer.zip Double-click ResetTeaTimer.bat and click Run to remove all entries set by TeaTimer. A DOS window will open and close again, this is normal. ------------------------------------------------------ While Spybot's TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent tools from fixing certain things. Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your logs are clean. Open Spybot Search & Destroy. In the Mode menu click "Advanced mode" if not already selected. Choose "Yes" at the Warning prompt. Expand the "Tools" menu. Click "Resident". Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box. If TeaTimer gives you a warning that changes were made, click the "Allow Change" box when prompted. In the File menu click "Exit" to exit Spybot Search & Destroy. ============================= Please download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. You need to disable your AVAST Antivirus before running ComboFix, as it will prevent it from running. Right Click on the Avast icon in the system tray Click on Program Settings... Click on Troubleshooting Place a tick next to Disable avast! self-defense module Click OK At the prompt that appears, click Yes Right Click on the Avast icon in the system tray and click Stop On-Access protection At the prompt that appears, click Yes Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. # Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. ----------------------------------- Note: Please make sure that your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done this. =========================== Next, please download GooredFix from one of the locations below and save it to your Desktop Download Mirror #1 Download Mirror #2 Double-click GooredFix.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). Note: Do not run Option #2 yet. =========================== Please reply back with the Combofix.txt and the GooredLog.txt. Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed. __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE** since 2006