Tech Support Forum banner
Cancel
Create thread New Forums
Status
Not open for further replies.

Nasty Virus has almost ruined my PC

Jump to Latest
1.5K views 12 replies 2 participants last post by  1972vet  
T
#1 · (Edited)
Alright, I went through the "NEW INSTRUCTIONS" post and ran DDS, but it simply says that the "batch file cannot be found".

Next I tried to run GMER.exe and the hour glass shows up for a moment, but dissapears.

I have run 3 different spyware removal programs, Spyware DOC, Spybot, and Ad-Aware, and they find a few viruses, but after it says they are fixed the trojan horse returns in the next scan. Two of the Trojans it says it has found are "Kwoo.A" and "Trojan.cws". And for some reason "command prompt windows" keep popping up all the time.

I have tried for a good 3 months to fix this myself, but to no avail, is it possible to fix this problem? I am no longer worried about my DATA, it is backed up for the most part.

Thanks for any advice you can give me.

UPDATE- I tried renaming GMER to BMER and as soon as I opened it my computer restarted itself.
 
1
#2 ·
Greetings Thane101 and Welcome to the Forums,

Download Combofix from Here or Here...You must rename it before saving it. Name it ComFx and Save it to your desktop.

IMPORTANT !!!
Place ComFx.exe on your Desktop...Please be advise that your on board protective software may interfere with combofix.

You can usually disable your AntiVirus and AntiSpyware applications via a right click menu on the icon located in the System Tray.

You can get help on disabling your protection programs here

  • Double click on ComFx.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.

NOTE:
If the Recovery Console does NOT install, click on No and DO NOT CONTINUE...if this happens, stop here and post back to let me know about this.

If the Recovery Console is successfully installed, please click on Yes, to continue scanning for malware.

  • Your desktop may go blank. This is normal. It will return when ComboFix is done.
  • ComboFix may reboot your machine. This is also normal and very common. If it does not reboot your machine, please go ahead and reboot manually to re-enable your Antivirus and AntiSpyware applications.
  • When it completes, it will produce a log for you.

Please post the contents of THAT log back here on your next reply. Thanks!

Note:
Do not mouseclick combofix's window while it's running...doing so may cause it to stall.
 
T
#3 · (Edited)
Thank you so much for your reply. After renaming the file and saving it to my desktop, I ran ComFx and I clicked on download the recovery console. First it asked me to connect to the internet (which I did), but after that I got a message saying it was unable to download the files. I did not continue with the scan and exited the program.

Also, my computer won't let me access certain webpages, so I am downloading files on a different computer and I transfer them to my infected computer with a thumb drive.
 
1
#4 ·
Let's see if we can install the Recovery Console a different way...use your other non-infected computer if needed.

Please do the following:
Go to Microsoft's website...
Select the download that's appropriate for your Operating System

Image


Download the file & save it as it's originally named, next to ComboFix.exe (ComFx)

Image


Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Drag the setup package onto ComboFix.exe and drop it.
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  • At the next prompt, click 'Yes' to run the full ComboFix scan.

    Image
  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt on the next reply.
Thanks!
 
1
#6 · (Edited)
Right-click anywhere in a blank area of the desktop and scroll to the option Arrange Icons By. I suspect "Align to Grid" is checked...however, if anything there has a check next to it (except for "Show Desktop Icons"), just scroll to that item and click to remove the check. Now, try to drag the file again and do not release it until it is directly over the ComFx icon. Let me know if you are still having trouble with this...otherwise, please post the requested log. Thanks!
 
1
#8 ·
In the infected system, make sure the boot sequence menu is set to boot from the CD-ROM drive...then follow the instructions below. When finished with them, you will return to this non-working system with a bootable CD that will scan the system for malicious software.

Please download Avira Antivir Rescue System.

Insert a blank CD into your CD-ROM drive, double-click on the rescue system package...then click the Burn CD button. When completed, remove the CD and insert it into the non-working operating system. Reboot the computer.

Allow the scan to complete and post back your results. Thanks!
 
T
#11 ·
I'm not quite sure how to post these results, there is no way of typing it all out (its way too long) and there is no way to copy and paste this information anywhere since I don't have access to my desktop.

I can give you the total tally which is

Records-7370
Suspect file-0
Warnings-280
 
1
#13 ·
Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Tech Support Forum
posts
4.8M
members
966K
Since
2002
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Hard Drive & SSD Support PC Gaming Support