Unable to remove virus
-
My fren lappie got this "Personal Antivirus" virus. It still exists despite running combofix. I am guessing that it is logded with other files somewhere (Eg, it seems to keep his avg running that i had to uninstall it, in order to run combofix)
Anyway, here's the combofix log, any ideas???
http://www.mediafire.com/?zqmwoywhnml
THANKS!! -
Give me one moment, will come back with a fix for you.
-
Upload this file to Virus Total - c:\windows\system32\msxmlm.dll
Just copy and paste the whole file path will do into the text box in Virus Total website, no need to search for it.
Then post back the results...
-
Because this virus will auto block IE pages to show some warning that u are entering a suspicous site, and then ask u to click on the (virus) link again. So, he couldn't finish uploading the file ... ...
Edit:
My fren seemed to uploaded the file .... n this is what he told me ...
" virus still present, file has already been analysed, but still show no options and datas leh "
what kind of results were u expecting ??? -
www.malwarebytes.org/mbam.php
-
Originally posted by ditzy:
www.malwarebytes.org/mbam.php
Have liao ... n then ?
-
jux download this it will remove tat zlob and its files
http://www.spywareremove.com/download/SpyHunter-Scanner101598p2s2.exe
-
Originally posted by Wireless-:
jux download this it will remove tat zlob and its files
http://www.spywareremove.com/download/SpyHunter-Scanner101598p2s2.exe
Failed to run ... -
Originally posted by gd4u:
Failed to run ...Use mine I recommended, download, install, update, then run the full scan. Its free to scan and remove, pay only if u want the extras. This one has proven to be the most effective in my experience with computer crap.
-
hmm, done, but failed....
-
Scewed.
-
Hi gd4u
Sounds like a more updated, if you will, version of Personal Antivirus in terms of evasion of detection and removal...
1.
You mentioned that you have MalwareBytes...
Launch Malwarebytes either by running C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe or double-click the Malwarebytes' Anti-Malware shortcut on your Desktop.
Configuring Malwarebytes
• Click on the tab Settings.
• Make sure only these boxes are checked:
Terminate Internet Explorer
Automatically save and display logfile after removal
Always scan memory objects
Always scan registry objects
Always scan filesystem
Always scan extra and heuristics objects
Updating Malwarebytes
• Click on the tab Update.
• Press the button Check for Updates
• Wait for Malwarebytes to be fully updated.
Scanning Time
• Click on the tab Scanner.
• Check Perform full scan and click on Scan
• Wait for the scan to complete, and then click on Show Results.
• Make sure all items are checked, then click on Remove Selected.
**If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If you are asked to restart the computer, please do so immediately.
Post A Log
• A text box will pop up after the removal process is over. Post the contents of the text here.
• If no text box pops up, launch Malwarebytes, and click on the tab Logs.
• The logs will appear as mbam-log-*date-*time.txt. Select the latest one, and then click on Open.
• Post the log here.
2.
• Please download RSIT from here: http://images.malwareremoval.com/random/RSIT.exe
• Please download the HijackThis zip file from here: http://www.trendsecure.com/portal/en-US/_download/HiJackThis.zip and unzip HijackThis.exe into the same folder as RSIT.exe. We will need it later.
• Run RSIT.exe and follow the prompts.
• When the scan is finished, two notepad windows will pop up; log.txt and info.txt. They are also located at C: sit.
• Post log.txt and info.txt here.
Things I'll need in your next post:
1. What problems you have left (e.g. symptoms...)
2. Malwarebytes log
3. RSIT log
Best Regards :D -
MWB log
http://www.mediafire.com/?mymm01wykyg
MWB removed one problem. This log is outdated. Basically, he removed the funweb thing which states:
Files Infected:
c:\program files\msn messenger iched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
Info log
http://www.mediafire.com/?futjun0jzhd
log.txt
http://www.mediafire.com/?fxlmzvztm2zProblems: IE still shows the virus blocking IE pages ...
-
Read through how to use Combo Fix @
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
then..
1- download the ComboFix @
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
2- Or ask some one to dL ..then put in thumb drive or burnt into Cd-Rw..
99% will cure the junk
set back is after u run this combo fixed..
those function that have autorun WILL NOT work..
u have to manual select open and run...
ie.. if u put in thumbdrive / CD...
ur pc will detect.. but will not autorun at all..
-
Originally posted by spycampers:
set back is after u run this combo fixed..
those function that have autorun WILL NOT work..
u have to manual select open and run...
ie.. if u put in thumbdrive / CD...
ur pc will detect.. but will not autorun at all..
set back??? Anyway, i ran combofix at the very start... U mean there was an error in my operationf combofix ???
-
HEY DUDES ...
THANKS FOR EVERYTHING AND ALL THE HELP NEEDED ...
I guess, we forgot there is this dumb function called system restore ...
hehehx
Btw, this was what happened after the file was uploaded to virustotal ...
http://www.mediafire.com/?nyym2kzkzjy -
Originally posted by gd4u:
Because this virus will auto block IE pages to show some warning that u are entering a suspicous site, and then ask u to click on the (virus) link again. So, he couldn't finish uploading the file ... ...
Edit:
My fren seemed to uploaded the file .... n this is what he told me ...
" virus still present, file has already been analysed, but still show no options and datas leh "
what kind of results were u expecting ???If the file is clean, will need to send it to anti-malware developers for analysis. If the file is bad, remove, at the same, send to them for analysis so that they can develop a signature for it.
Follow all the instructions here - http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/305963-new-instructions-read-before-posting-malware-removal-help.html
Then post back the links to the logs.
-
lol mayi ... thanks ... but read the latest post ... ...
Or u still want the logs ??? -
Still want logs... latest logs reflect the system better...
-
What about the Gmer part?