Tech Support Forum - View Single Post - unable to install, computer is a sitting duck

Sempurna · 07-01-2007, 09:28 PM

Hi Jim,

Welcome to Tech Support Forum,

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

OK, let’s do this first.

We need to disable your Windows Defender real-time protection as it may interfere with the fixes that we need to make.

To disable Windows Defender:

Open Windows Defender.
Click on Tools -> General Settings.
Scroll down and uncheck "Turn on real-time protection (recommended)".
After you uncheck this, click on the "Save" button and close Windows Defender.

NEXT:

Please download ComboFix by sUBs:

NOTE: In the event you already have ComboFix, this is a new version that I need you to download.

Save it to your desktop.
Double-click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Please do NOT mouse-click ComboFix's window while it is running. That may cause it to stall. Also, please do NOT adjust your time format while ComboFix is running.

NEXT:

Please download Dr.Web CureIt and save it to your desktop:

Double-click the cureit.exe file, select "Start", and allow it to run the "Express Scan".
This will scan the files currently running in memory and when something is found, click the "Yes" button when it asks you if you want to cure it. This is only a short scan.
It could be possible it displays a pop up to buy Dr.Web, or to buy at a 50% discount. Just close that pop up.
Once the short scan has finished, back at the main window, mark the drives that you want to scan.
Select all drives; a red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
If the file "process.exe" was found - uncheck it. This is because this file is related with some of our cleaning tools and the tools need it. Most scanners do flag this file as a bad tool, but there's nothing wrong with it.
Then, click "Yes to all" if Dr.Web CureIt asks if you want to cure/move any infected files, and it will after this automatically fix what is found.
Please do NOT cure/move/delete any files that were detected as suspicious or probably infected. These are just indications of possible infections and are not definitive infections.
After the scan, go to the "View" menu -> "Report list".
Then go to the "File" menu -> "Save report list".
Save the report to your desktop. The report will be called DrWeb.csv.
Close Dr.Web CureIt.
If you receive the prompt "No operations performed with some objects in list. Exit program?", click "Yes".
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

After reboot, please post the contents of the DrWeb.csv log in your next reply.

NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:

The log from the ComboFix scan.
The log from the Dr.Web CureIt scan.
A new HijackThis log.

(You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software).

Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted.

~~~

07-01-2007, 09:28 PM	#3 (permalink)
Sempurna Analyst, Security Team Join Date: Sep 2006 Posts: 1,302 OS: Windows XP SP2	Re: unable to install, computer is a sitting duck Hi Jim, Welcome to Tech Support Forum, I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help. OK, let’s do this first. We need to disable your Windows Defender real-time protection as it may interfere with the fixes that we need to make. To disable Windows Defender: Open Windows Defender. Click on Tools -> General Settings. Scroll down and uncheck "Turn on real-time protection (recommended)". After you uncheck this, click on the "Save" button and close Windows Defender. NEXT: Please download ComboFix by sUBs: NOTE: In the event you already have ComboFix, this is a new version that I need you to download. Save it to your desktop. Double-click combofix.exe and follow the prompts. When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply. CAUTION: Please do NOT mouse-click ComboFix's window while it is running. That may cause it to stall. Also, please do NOT adjust your time format while ComboFix is running. NEXT: Please download Dr.Web CureIt and save it to your desktop: Double-click the cureit.exe file, select "Start", and allow it to run the "Express Scan". This will scan the files currently running in memory and when something is found, click the "Yes" button when it asks you if you want to cure it. This is only a short scan. It could be possible it displays a pop up to buy Dr.Web, or to buy at a 50% discount. Just close that pop up. Once the short scan has finished, back at the main window, mark the drives that you want to scan. Select all drives; a red dot shows which drives have been chosen. Click the green arrow at the right, and the scan will start. If the file "process.exe" was found - uncheck it. This is because this file is related with some of our cleaning tools and the tools need it. Most scanners do flag this file as a bad tool, but there's nothing wrong with it. Then, click "Yes to all" if Dr.Web CureIt asks if you want to cure/move any infected files, and it will after this automatically fix what is found. Please do NOT cure/move/delete any files that were detected as suspicious or probably infected. These are just indications of possible infections and are not definitive infections. After the scan, go to the "View" menu -> "Report list". Then go to the "File" menu -> "Save report list". Save the report to your desktop. The report will be called DrWeb.csv. Close Dr.Web CureIt. If you receive the prompt "No operations performed with some objects in list. Exit program?", click "Yes". Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot. After reboot, please post the contents of the DrWeb.csv log in your next reply. NEXT: Please REBOOT your computer normally into Windows and post these logs in your next reply: The log from the ComboFix scan. The log from the Dr.Web CureIt scan. A new HijackThis log. (You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software). Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted. ~~~ __________________ Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum