My response #3(normal mode) is the same for safe mode.

0

same message comes up..."choose program to run avz.exe"

0

Refer to: http://www.computing.net/answers/wi... & http://www.dougknox.com/xp/file_ass... restore your .exe file association. If I'm helping you and I don't reply within 24 hours send me a PM.

0

Great idea to get the .exe back. got the program AVZ running and did the scan - got the log file. was unable to start 2nd program. System Security pop ups returned also. However, i'm stuck there. I can't get the virusinfo_syscure file off the infected computer. When I right click and selcet "send to D:" nothing happens. It wont transfer to burn. Also I cant open my other burn program becasye System Securtiy wont let me open any programs. Any suggestions? I so glad with the progress we've made. Thank you so much, KJA

0

Download and run Kaspersky AVP tool: http://devbuilds.kaspersky-labs.com... Once you download and start the tool: # Check below options: * Select all the objects/places to be scanned. * Settings > Customize > Heuristic analyzer > Enable deep rootkit search # Click Scan # Fix what it detects # Zip/Rar Scan log/Summary and upload it to rapidshare.com. Post download link in your next message. Illustrated tutorial: http://img32.imageshack.us/img32/76... If I'm helping you and I don't reply within 24 hours send me a PM.

0

finally got it... 1. Download Link: Click here to download file http://rapidshare.com/files/2524465... MD5: 550704F4A3AF373C383E30AA1B5F56FC I had to extract the zip file to get the files to move... hope this is what you need.. Thank you sooo much, KJA123

0

Please post scan log for Response Number 11 and redo Response Number 2 (changed) - post required logs. If I'm helping you and I don't reply within 24 hours send me a PM.

0

When the Virus Removal is done should I select "Neutralize All"? Also, for the OTC program I was only able to get one of the files - an error message came up something about access denied? I'll try again tomorrow. KJA123

0

Yes "Neutralize All" Disinfect if it can't then delete the file. Its ok for OTC what happened with AVZ? If I'm helping you and I don't reply within 24 hours send me a PM.

0

1. Download Link: Click here to download file http://rapidshare.com/files/2528748... MD5: AC3F6CBB72EF0D33BC9343E021F5D50B Had to be done in safe mode...system security in its orginal format prevented anything being done in normal mode.

0

1. Download Link: Click here to download file http://rapidshare.com/files/2528751... MD5: 8B47A9F613F19689FBF86CCB7657C2ED OTL file hope some of this helps...thank you for your patience.

0

OTL was done before virus scan - 93 viruses detected!!!!

0

Wrong file. Re-read Response Number 2 and do it in safe mode. If I'm helping you and I don't reply within 24 hours send me a PM.

0

those are the files inside virusinfo_syscure.zip i had to extract them to transfer them to the USB flash drive i added the "2" to end because I had files with same name

0

see #16

0

^^^^^ Response number is on top. I meant Response Number 2 of this post. If I'm helping you and I don't reply within 24 hours send me a PM.

0

confused #2 says: "After the reboot the LOG subfolder is created in the folder with AVZ, with a file called virusinfo_syscure.zip inside. Upload that file to rapidshare.com and paste the link here." To load the file onto rapidshare I had to extract it...it that the problem? Here are the links to the 2 files within the ZIP 1. Download Link: Click here to download file http://rapidshare.com/files/2528788... MD5: 973959D0CF896DC6DC569142B1070874 1. Download Link: Click here to download file http://rapidshare.com/files/2528792... MD5: 66FBD38E3BA5CF4075A066FC174F60A4

0

Please upload the whole zip as it is. If I'm helping you and I don't reply within 24 hours send me a PM.

0

1. Download Link: Click here to download file http://rapidshare.com/files/2528792... MD5: 66FBD38E3BA5CF4075A066FC174F60A4 there ya go...was a little tricky

0

so stupid...heres the right one 1. Download Link: Click here to download file http://rapidshare.com/files/2528817... ml MD5: 1E4CFEAE055F2D06B237EB89FF766AE9

0

Sorry i can't help you until you read and follow direction carefully/exactly. If I'm helping you and I don't reply within 24 hours send me a PM.

0

I'm really sorry, I'm new at this stuff. Is #26 not a link to the zip file you asked for?

0

No its not Re-read #2 again it will tell you exatly what logs you need upload. If I'm helping you and I don't reply within 24 hours send me a PM.

0

http://rapidshare.com/files/2528901... html I ran the scan again. Maybe i typed in the script wrong last time? I just figured out how to copy and paste it (couldn't open Word perviously - used notepad/altered format) Do you want OTC files? - your response #15. If this is still the wrong one I'm sorry, please dont give up on me. if it is worng could it be b/c I'm not logged in as administator? is it because the link ends in html?

0

Follow these Steps in order numbered. Don't proceed to next step unless you have successfully completed previous step: 1) Run this script in AVZ like before, your computer will reboot: begin SetAVZGuardStatus(True); SearchRootkit(true, true); DelBHO('{736b5468-bdad-41be-92d0-22ae2ddf7bcb}'); DelBHO('{D76AB2A1-00F3-42BD-F434-00BBC39C8953}'); DelBHO('{8567EDFA-408C-43e9-B929-4C25C04F5003}'); QuarantineFile('C:\WINDOWS\system32\iehelper.dll',''); QuarantineFile('C:\WINDOWS\system32\svchosts.dll',''); QuarantineFile('C:\WINDOWS\system32\gsf83iujid.dll',''); QuarantineFile('C:\windows\ld11.exe',''); QuarantineFile('C:\WINDOWS\system32\rhfgv.exe',''); QuarantineFile('C:\Documents and Settings\All Users\Application Data\14667504\14667504.exe',''); QuarantineFile('C:\WINDOWS\sysguard.exe',''); QuarantineFile('C:\WINDOWS\9129837.exe',''); QuarantineFile('C:\DOCUME~1\Dane\LOCALS~1\Temp\ms1246495962.exe',''); QuarantineFile('C:\DOCUME~1\Dane\LOCALS~1\Temp\38446812151mxx.dll',''); QuarantineFile('c:\windows\system32\sdra64.exe',''); DeleteFile('c:\windows\system32\sdra64.exe'); DeleteFile('C:\DOCUME~1\Dane\LOCALS~1\Temp\38446812151mxx.dll'); DeleteFile('C:\DOCUME~1\Dane\LOCALS~1\Temp\ms1246495962.exe'); DeleteFile('C:\WINDOWS\9129837.exe'); DeleteFile('C:\WINDOWS\sysguard.exe'); DeleteFile('C:\Documents and Settings\All Users\Application Data\14667504\14667504.exe'); DeleteFile('C:\WINDOWS\system32\rhfgv.exe'); DeleteFile('C:\windows\ld11.exe'); DeleteFile('C:\WINDOWS\system32\gsf83iujid.dll'); DeleteFile('C:\WINDOWS\system32\svchosts.dll'); DeleteFile('C:\WINDOWS\system32\iehelper.dll'); ExecuteRepair(1); ExecuteRepair(5); ExecuteRepair(6); ExecuteRepair(10); ExecuteRepair(11); ExecuteRepair(17); BC_ImportAll; ExecuteSysClean; BC_Activate; SetAVZPMStatus(true); RebootWindows(true); end. 2) After reboot execute following script in AVZ: begin CreateQurantineArchive('C:\quarantine1.zip'); end. A file called quarantine1.zip should be created in C:\. Upload that file to rapidshare.com and Private message me download link. 2) Install, update database and run full scan with Malwarebytes' Anti-Malware. Attach malwarebyte full scan log, fix anything detected. 3) House cleaning. Run full Scan with SuperAntispyware : http://www.superantispyware.com/dow... . Fix what it detects and post summary scan log. If I'm helping you and I don't reply within 24 hours send me a PM.

0

in trying to install malwarebytes the following error message came up.... "Run-time error '372' Failed to load control vbalGrid' from vbalsgrid6.ocx. Your version of vbalsgrid.ocx may be outdated. MAke sure you are using the version of the control that was provided with your application" I've googled this problem did not find a solid solution. Any suggestions? Thanks again for your help! I really appreciate it!

0

Skip malwarebytes for now. Try: SuperAntispyware If I'm helping you and I don't reply within 24 hours send me a PM.

0

Error Message: Windows Installer: The system administrator has set policies to prevent this installation. Should I logon admin account? is this thing like a super virus?

0

Redo "Response Number 2" whole of it again including OTL. Yes login as administrator and try to install it. If I'm helping you and I don't reply within 24 hours send me a PM.

0

1. Download Link: Click here to download file http://rapidshare.com/files/2530952... html MD5: 77F2A856E3A64C0FAAD29C054EBF48D9 2. Download Link: Click here to download file http://rapidshare.com/files/2530952... MD5: CFF780E8D7B42AD78E1DB31FB0FDB5DA 3. Download Link: Click here to download file http://rapidshare.com/files/2530952... MD5: 1273FA76304EE0E1E9BEE842F8B1AA90 OTLListIt did not come up, OTL.txt did. I hope thats ok. OTL error message after scan: "access vlo at C0528BB7 in module OTL.exe read of address 00e98178" Also, I let me computer start in normal mode after recent avz scan and error messages came up upon startup for the following programs: Window Defender Cisco Clean Agent Odyessy Client Microsoft Visual C++ Thanks!

0

Follow these Steps in order numbered. Don't proceed to next step unless you have successfully completed previous step: 1) Run this script in AVZ like before, your computer will reboot: begin SetAVZGuardStatus(True); SearchRootkit(true, true); StopService('lich'); DeleteService('lich'); QuarantineFile('C:\WINDOWS\system32\lich.exe',''); DeleteFile('C:\WINDOWS\system32\lich.exe'); BC_ImportDeletedList; ExecuteSysClean; BC_Activate; RebootWindows(true); end. 2) Attach a Combofix log, please review and follow these instructions carefully. Download it here -> http://download.bleepingcomputer.co... Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it. Now, please make sure no other programs are running, close all other windows and pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) until after the scanning and removal process has taken place. Please double click on the file you downloaded. Follow the onscreen prompts to start the scan. Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal. You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed. Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please upload that file to rapidshare.com and paste the link here. 3) Please zip up C:\qoobox\quarantine and upload it, to a filehost such as http://rapidshare.com/ Then, Private Message me the Download links to the uploaded files. If I'm helping you and I don't reply within 24 hours send me a PM.

0

according to bleepingcomp direction i need to access the system tray to turn off the anitvirus software...my start menu/system tray are not displayed as a result of the virus. What are my other options?

0

Continue if you can't disable it its ok. If I'm helping you and I don't reply within 24 hours send me a PM.

0

error message came up: This machine does not have 'microsoft windows recovery console' installed without it, combofi shall not attempt the fixing of some serious infections click yes to have combofix download/install it NOTE: this requires active internet connection. ----I dont have an active internet connection on the infected computer. What should i do - select 'no'?

0

Either you can select yes it will open a website download it on another computer and transfer it via usb and install it or select no. But i recommend you have recovery console. If I'm helping you and I don't reply within 24 hours send me a PM.

0

I clicked yes, I confirmed that this is a XP home comp and then nothing happened. I am assuming IE was cutoff by the virus. where can I download the console?

0

Refer to: http://www.bleepingcomputer.com/com... If for any reason you can't install recovery console then continue without it. If I'm helping you and I don't reply within 24 hours send me a PM.

0

btw i had to go without it...sent you the private message with links

0

Uninstall Combofix by: pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) > Start > run > type combofix /u > ok. Then go to windows update and apply all the security patches. Then try to redo Response Number 31 step 2 and 3. If I'm helping you and I don't reply within 24 hours send me a PM.

0

uninstalled combofix where is winows update? I went to automatic updates in the control panel, but there is no option for install security updates...

0

Download Security Check by screen317 from here or here. Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt. Please post the contents of that document. If I'm helping you and I don't reply within 24 hours send me a PM.

0

went ahead and tried to install malwarebytes...same error '372' same error as before wit SuperAnti..."prevented by admin,"

0

http://rapidshare.com/files/2531581... an error came up while "preparing" : line -1: error: vafiable must ve of type "Object" still made this reporty

0

How is your system running? If I'm helping you and I don't reply within 24 hours send me a PM.

0

in safe mode...is that what you mean?

0

No normal mode is your original problem solved? If I'm helping you and I don't reply within 24 hours send me a PM.

0

i just rebooted into normal mode. I still have no start menu/task bar I cant access the internet the errors from #36 are also there all original problems are still there

0

Do you have your windows installation CD it seems malware corrupted your system files. If you do Go to the Run box on the Start Menu and type in: sfc /scannow If I'm helping you and I don't reply within 24 hours send me a PM.

0

no, i dont have the cd what else can i do? is there another way to reformat?

0

Complete "Response Number 11". Then ask in windows forum may be someone can help your fix your registry/system files. Most of the malware is cleared from your system. If I'm helping you and I don't reply within 24 hours send me a PM.

0

i got the windows xp home edition sp3 cd from a friend... could you walk me thorugh this a bit? should i delete the existing partition? I don't care about loosing files...i just want my comp to work please let me know again, i appreciate all you've done

0

First run complete scan with http://onecare.live.com/site/en-Us/... . If I'm helping you and I don't reply within 24 hours send me a PM.

0