Downloaded Winifighter - Can't Get it Out

Computing.Net > Forums > Security and Virus > Downloaded Winifighter - Can't Get it Out

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Downloaded Winifighter - Can't Get it Out

Name: Opeth_Death
Date: July 6, 2009 at 09:17:39 Pacific
OS: Windows XP SP2
CPU/Ram: AMD athlon(tm) XP 1800 + 1.5 Ghz, 736 MB of RAM
Product: Hp (hewlett-packard) Compaq presario s3200nx desktop pc
Subcategory: Viruses

Comment:

I downloaded the Winifighter program thinking it would help my computer, but now I can't seem to get it out. I know it's malicious software and I'm wondering if anyone knows what programs I can get or what I can do to help fix my computer.

Sponsored Link

Ads by Google

Response Number 1

Name: jdk (by neoark)
Date: July 6, 2009 at 09:32:38 Pacific

Reply:

Follow these Steps in order numbered. Don't proceed to next step unless you have successfully completed previous step:

1) Run this script in AVZ like before, your computer will reboot:

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
 QuarantineFile('C:\RECYCLER\S-1-5-21-3595739802-5392873326-703096348-8528\rundll32.exe','');
 QuarantineFile('C:\Program Files\WiniFighter Software\WiniFighter\WiniFighter.exe','');
 QuarantineFile('C:\WINDOWS\system32\setup2.exe','');
 QuarantineFile('C:\WINDOWS\TEMP\tempo-798234.tmp','');
 QuarantineFile('C:\WINDOWS\system32\drivers\viaudios.sys','');
 QuarantineFile('c:\docume~1\d\locals~1\temp\setup2.exe','');
 QuarantineFile('c:\docume~1\d\locals~1\temp\387.exe','');
 DeleteFile('c:\docume~1\d\locals~1\temp\387.exe');
 DeleteFile('c:\docume~1\d\locals~1\temp\setup2.exe');
 DeleteFile('C:\WINDOWS\TEMP\tempo-798234.tmp');
 DeleteFile('C:\WINDOWS\system32\setup2.exe');
 DeleteFile('C:\Program Files\WiniFighter Software\WiniFighter\WiniFighter.exe');
 DeleteFile('C:\RECYCLER\S-1-5-21-3595739802-5392873326-703096348-8528\rundll32.exe');
 DeleteFile('c:\windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

2) After reboot execute following script in AVZ:

begin
CreateQurantineArchive('C:\quarantine1.zip');    
end.

A file called quarantine1.zip should be created in C:\. Upload that file to rapidshare.com and Private message me download link.

If I'm helping you and I don't reply within 24 hours send me a PM.

Response Number 2

Name: Opeth_Death
Date: July 6, 2009 at 17:39:34 Pacific

Reply:

Whenever I try to use combofix, it tells me i dont have permission a few times, then gives me an error that says the contents of the file have been compromised and i should download a fresh copy. ive done this several times now and it still does the same thing. any tips? before i redid the steps, i made a file that went through successfully. I could send you that, but im not completely sure itd be all of what you want.

Response Number 3

Name: jdk (by neoark)
Date: July 6, 2009 at 17:54:37 Pacific

Reply:

Ok follow:
Download and run Kaspersky AVP tool: http://devbuilds.kaspersky-labs.com...
Once you download and start the tool:
# Check below options:

    * Select all the objects/places to be scanned. 
    * Settings > Customize > Heuristic analyzer > Enable deep rootkit search

# Click Scan
# Fix what it detects
# Zip/Rar Scan log/Summary and upload it to rapidshare.com. Post download link in your next message.
Illustrated tutorial: http://img32.imageshack.us/img32/76...
If I'm helping you and I don't reply within 24 hours send me a PM.

Response Number 4

Name: Opeth_Death
Date: July 6, 2009 at 18:12:50 Pacific

Reply:

The download page doesnt open for me, is it the anti-virus 2009?

Response Number 5

Name: jdk (by neoark)
Date: July 6, 2009 at 18:31:31 Pacific

Reply:

Try: ftp://212.47.219.89/devbuilds/AVPTool/index.html if you can't run it in normal mode try it in safe mode.
If I'm helping you and I don't reply within 24 hours send me a PM.

viaudio.sys KPT illustrator download viaudio	swatdata2.res download c:\recycler usbntmap.sys download
See More

Response Number 6

Name: Opeth_Death
Date: July 7, 2009 at 10:12:41 Pacific

Reply:

My computer freezes after awhile and its been freezing while I've been scanning. Should I try this in safe mode?

Response Number 7

Name: jdk (by neoark)
Date: July 7, 2009 at 10:15:52 Pacific

Reply:

Run it in safe mode.
If I'm helping you and I don't reply within 24 hours send me a PM.

Response Number 8

Name: ignys
Date: July 8, 2009 at 02:55:57 Pacific

Reply:

Hi,
yes, you should run your computer is safe mode and scan it with a reliable anti-spyware software. Alternatively, you may use this manual removal guide: http://www.2-viruses.com/remove-win...

Response Number 9

Name: Opeth_Death
Date: July 9, 2009 at 00:27:26 Pacific

Reply:

To neoark:
I ran it in safe mode and it came up with one result, which was deleted. I tried to re-download combofix and it gave me the same error though. I think it may not be detecting it because the version(the program kept telling me to update it). I'm not quite sure what to do right now, but I have a combofix file from before, when i tried to follow your instructions to someone else, before I made this.
To ignys:
Thanks, I'll resort to that if I get get help from neoark any longer, I'm very daft when it comes to System32, however, and im not sure I should be going around deleting what I think may be wrong. I have no idea what the difference is. Some file names in my System32 are very suspicious, however. One practically spells out "not a virus" but with some letters incorrect and numbers in between. There are several.

Response Number 10

Name: jdk (by neoark)
Date: July 9, 2009 at 06:31:37 Pacific

Reply:

Run these two:
1) Install, update database and run full scan with Malwarebytes' Anti-Malware. Attach malwarebyte full scan log, fix anything detected.
2) Run full Scan with SuperAntispyware : http://www.superantispyware.com/dow... . Fix what it detects and post summary scan log.
If I'm helping you and I don't reply within 24 hours send me a PM.

Sponsored Link

Ads by Google

BOO Sinowal.C

application error

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Downloaded Winifighter - Can't Get it Out

I got spyware and I can't remove it

Summary

www.computing.net/answers/security/i-got-spyware-and-i-cant-remove-it/12062.html

downloader esepor can't get rid of

Summary

www.computing.net/answers/security/downloader-esepor-cant-get-rid-of-/13255.html

Can't get rid of winupgro.exe

Summary

www.computing.net/answers/security/cant-get-rid-of-winupgroexe/24143.html

From the Geek Dictionary
hacking - To use coding to brake into or change something (eg, Money in a game) (...

Ask a Question!

Weekly Poll
Did you go shopping on Black Friday?

Poll Finishes In 5 Days.
Discuss in The Lounge
Poll History

Recent Posts
sound problems

Front panel audio connections

DOS Batch program questions

loading windows 2000 on ibm 390e 2626

How to Make Batch File Replay Automatically

All Awaiting Reply

Tom's News
Man Pleads Guilty Selling Fake Chips to Navy

Threatening Rap on YouTube Lands Two in Jail

New Final Fantasy XIII Trailer is 5 Minutes Long

Guy Quits Job With Error Message

Verizon Takes on Sprint's 3G Network (And Wins)

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE