Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
I've scanned over and over the infection is still here and its driving me MAD!! Please help here is the file I know that is on my computer along with others
Trojan-GameThief.Win32.Nilage.ezr
located c:\windows\system32\config.exe
used spyware a&d
malware bytes
avg free
symantec free by the militarynothing has cleaned my computer I've lost my world of warcraft due to this horrible keylogger I need some help please
Hi,
Can you please post your AVZ log:1) To create the logfile, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.
2) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.
3) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as AdministratorYou should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.
begin ExecuteStdScr(3); RebootWindows(true); end.Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called virusinfo_syscure.zip inside. Upload that file to rapidshare.com and paste the link here.
--------------------------------------------
To Private Message me Click Here
0 
http://rapidshare.com/files/2349264...
here is the link i just would like to also add that i have scanned the computer using windows defender i believe this is another infected filec:\windows\system32\kb123386.exe
0
Run this script in AVZ same way as before. Your computer will reboot.
begin SetAVZGuardStatus(True); SearchRootkit(true, true); TerminateProcessByName('C:\Windows\system32\lpad32.dll'); QuarantineFile('C:\Windows\system32\lpad32.dll',''); QuarantineFile('C:\Windows\system32\KB123386.EXE',''); DeleteFile('C:\Windows\system32\KB123386.EXE'); DeleteFile('C:\Windows\system32\lpad32.dll'); BC_ImportAll; ExecuteSysClean; BC_Activate; RebootWindows(true); end.After your reboot follow these steps:
Attach a Combofix log, please review and follow these instructions carefully.
Download it here -> ComboFix
Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.
Now, please make sure no other programs are running, close all other windows and pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) until after the scanning and removal process has taken place.
Please double click on the file you downloaded. Follow the onscreen prompts to start the scan. Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.
You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.
Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post.
--------------------------------------------
To Private Message me Click Here
0
Link fixed try again.
--------------------------------------------
To Private Message me Click Here
0
here is the file from the combofix scan
http://rapidshare.com/files/2352169...
Thank you so much for your time and help
0
Run this script in AVZ you PC will reboot:
begin SetAVZGuardStatus(True); SearchRootkit(true, true); QuarantineFile('c:\windows\system32\cas.bat',''); DeleteFile('c:\windows\system32\cas.bat'); QuarantineFile('c:\windows\SA41289D5.tmp',''); DeleteFile('c:\windows\SA41289D5.tmp'); QuarantineFile('c:\users\Brandon\AppData\Local\Temp\catchme.dll',''); DeleteFile('c:\users\Brandon\AppData\Local\Temp\catchme.dll'); BC_ImportAll; ExecuteSysClean; BC_Activate; RebootWindows(true); end.After Your PC reboots. Rerun Combofix from Response number 3 and repost combofix log.
--------------------------------------------
To Private Message me Click Here
0
Please follow these steps in order:
1) Run this script in AVZ:
begin CreateQurantineArchive('c:\quarantine.zip'); end.2) A file called quarantine.zip should be created in C:\. Then please zip up C:\qoobox\quarantine and upload both it and C:\quarantine.zip to a filehost such as http://rapidshare.com/ Then, Private Message me the Download link to the uploaded file.
3) Lastly, uninstall Combofix by: pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) > Start > run > type combofix /u > ok. Or Start > run > type 234 /u > ok.
4) Also, if you use Windows System restore, turn it off > reboot.
Download and run Kaspersky AVP tool:
http://devbuilds.kaspersky-labs.com...
Once you download and start the tool select all the objects/places to be scanned and hit Scan. Fix what it detects and at the end of the scan post screen shot/log of detected items that is fixed and which it could not fix.
Then turn system restore back on, if you wish; this to remove malware from system volume information files. How to turn it off/on: http://support.kaspersky.com/faq/?q... Let me know if your antivirus still detects anything and is unable to get rid of it.
5) Install, update and run full scan with Malwarebytes' Anti-Malware. Attach malwarebyte full scan log, but Please Don't fix anything yet, until the log is reviewed. You can also use superantispyware from superantispyware.com.
--------------------------------------------
To Private Message me Click Here
0
Please continue with step 5. After you finish step 5 report back if your original problem is solved or not. Thanks
--------------------------------------------
To Private Message me Click Here
0
im not getting anything with malware, spybot, and the av i have installed so im thinking we fixed the problem thanks for your help
0
just noticed another problem with my notebook after running the fix software and rebooting an then double checking everything with the av, malware and spybot i no longer have a cd rom drive in my computer and when i put in a cd rom its not detecting it ??
0
Go to Control Panel --> Add/Remove hardware and see if it found any new hardware.
--------------------------------------------
To Private Message me Click Here
0
did you get my last pm about it is saying that it detects the drive however there is the error symbol on it and once you uninstall and reinstall it is saying the problem is with the registry or a damaged file
0
Did you get my message asking you go post screen shot of it and aslo go to Administrative tools --> Computer Management --> Device Manager --> Select the hardware thats not working --> right click properties --> select Details tab and post screen shot of it.
--------------------------------------------
To Private Message me Click Here
0
nope i never got that message but here it is now i think some how we didnt get each other's last message
0
Click on detail tab and take screenshot again.
--------------------------------------------
To Private Message me Click Here
0
From that Tab select "Hardware Ids" Take another screen shot.
--------------------------------------------
To Private Message me Click Here
0
Try this first before we try Manual Regedit. Uninstall CD drive from device manager (right clikc in device manager uninstall Completely) completely including drivers. Then go to http://onecare.live.com/site/en-Us/... & http://onecare.live.com/site/en-Us/... Run those scans. After that go to add/remove new hardware and reinstall the CD drive. Also its advisable to do the scan with AVP to remove leftover files.
--------------------------------------------
To Private Message me Click Here
0
as im letting these programs run is it safe to try to run any programs on my computer without having any more problems i.e world of warcraft i dont have a keylogger or anything right ??
0
Run kaspersky and Eset online antivirus scanners to be sure.
--------------------------------------------
To Private Message me Click Here
0
which are those the same you posted before can u post links so i make sure i run the right ones thank you again for your help
0
1) http://www.eset.com/onlinescan/
2) http://usa.kaspersky.com/products_s...
--------------------------------------------
To Private Message me Click Here
0
I have discovered that the quickest and easiest fix for the dvd rom drive missing is @ this link I do want to thank you again for all your help
0
No problem Please scan with Response Number 25 then scan with superantispyware. This is to remove leftovers from keylogger. Post results of scan to rapidhsare.com.
--------------------------------------------
To Private Message me Click Here
0
didnt get anything showing up with the first link and for some reason kasperspy was giving me problems and then when trying to download superantispyware it gave me an error message too not sure if its the internet here in iraq for downloading or what because they have weird restrictions and downloading limits out here
0
What kind of problem with kaspersky and error message with superantispyware you got?
--------------------------------------------
To Private Message me Click Here
0
i dont remember what kaspersky was saying but the other one was an error about an h:/ drive or something not found i think im good the computer is acting alot better and i've tried out one of my wow accounts nothing bad so far keep our fingers crossed
0  |
 My Computer Online Scan -...
|
system restore wont let m...
|
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
