Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Anybody help please?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Anybody help please?

Unread postby pc plodder » March 11th, 2009, 2:50 pm

Hi John

Many many thanks for your help with this problem, The P.C seems to be running a lot better now thanks to all your instructions and tools you told me to use.

I will slowly digest what you have written about the extra bits and pieces for keeping my system clean etc. I will certainly join the complaints forum although what i'd like to do to the people responsible may not be suitable for the general members to read!!!!!

John, should i now uninstal combofix, atf cleaner, malewarebytes or should i leave them on my P.C?

Point taken about internet explorer. I do have firefox installed on the P.C and shall endevour to use it from now on.

Thanks again for all your help. Without people like yourself, myself and many others i suspect would be in grave trouble with P.C problems.

Thanks again

Regards
Steve
pc plodder
Regular Member
 
Posts: 17
Joined: February 28th, 2009, 4:56 am
Advertisement
Register to Remove

Re: Anybody help please?

Unread postby John B. » March 11th, 2009, 3:01 pm

Hi Steve,

I will slowly digest what you have written about the extra bits and pieces for keeping my system clean etc.

Alright, the topic will be moved to another forum but the URL/address will stay the same so you may want to bookmark this topic.

I will certainly join the complaints forum although what i'd like to do to the people responsible may not be suitable for the general members to read!!!!!

Everybody who comes there feels the same ;) Please keep it nice.

John, should i now uninstal combofix, atf cleaner, malewarebytes or should i leave them on my P.C?

The first blue header in my last post called 'uninstall tools' will take care of dangerous tools like ComboFix. In the 'General cleanup' link I have given there is also a little about ATF Cleaner, so you can keep it for regular cleanup of temporary files if you want to. MalwareBytes' Anti-Malware is a nice program to keep for a regular scan. It finds a lot and is very user-friendly.

Please let me know that you have read this and ask any questions you still have.

Regards,
John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: Anybody help please?

Unread postby pc plodder » March 11th, 2009, 7:23 pm

Hi John

Yes, confirm i have read the last post.

I have no more questions regarding the topic.

Once again thanks for all your help.

I think now you can mark this case as resolved.

Thank you

Regards
Steve
P.S I have not had one instance since you cleaned my P.C of it refusing to restart so it must have been to do with maleware that you removed.
pc plodder
Regular Member
 
Posts: 17
Joined: February 28th, 2009, 4:56 am

Re: Anybody help please?

Unread postby pc plodder » March 12th, 2009, 6:44 am

John

I have a problem in that i can't uninstall combofix. I typed it in the run command as you said and it says "can't find combofix". Any ideas?

The icon has disappeared from the desktop and a search reveals nothing found.

I ran the OTCleanit as you advised It rebooted the p.c but atf cleaner and malewarebytes were still there. I have manually deleted them and done a search to check if they were still on the system but it appears they have been deleted sucessfully.

Your observations please.

Steve
pc plodder
Regular Member
 
Posts: 17
Joined: February 28th, 2009, 4:56 am

Re: Anybody help please?

Unread postby John B. » March 12th, 2009, 12:42 pm

Hi Steve,

I have a problem in that i can't uninstall combofix. I typed it in the run command as you said and it says "can't find combofix". Any ideas?

I guess you ran OTCleanUp first, which deletes the ComboFix.exe which was on your desktop and now you cannot remove the rest of ComboFix anymore because the main thing is already gone.

Please download ComboFix from one of these locations:
Link 1
Link 2
Link 3

Then save it to your desktop. This is very important. Now run ComboFix /u from the Run box. Afterwards you will probably need to remove the ComboFix.exe on your desktop manually. Just right-click and delete it.

Please let me know you have read this and also ask anymore questions.

Regards,
John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: Anybody help please?

Unread postby pc plodder » March 13th, 2009, 3:45 am

Hi John

I've done what you said to the letter. It keeps putting a warning box up "cannot find ComboFix/u" Any ideas what the problem is? The combofix icon is on the desktop (i haven't installed it just downloaded it)

Regards
Steve
pc plodder
Regular Member
 
Posts: 17
Joined: February 28th, 2009, 4:56 am

Re: Anybody help please?

Unread postby John B. » March 14th, 2009, 4:41 am

There needs to be a space between 'x /' of 'ComboFix /u', so it is like this 'ComboFix<space>/u'.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: Anybody help please?

Unread postby pc plodder » March 15th, 2009, 6:04 am

Hi John

Yes tried that....same response.

Is there anything else i should be doing to get rid of it like unticking the show hidden fikles etc as you told me to do in an nearlier post when we were running the scans.

Regards
Steve
pc plodder
Regular Member
 
Posts: 17
Joined: February 28th, 2009, 4:56 am

Re: Anybody help please?

Unread postby John B. » March 15th, 2009, 9:59 am

Hi Steve,

Yes tried that....same response.

Alright, to make completely sure that you are doing it right please do this:
  • Make sure a version of ComboFix.exe is on your desktop.
  • Click Start
  • Go to Run
  • Now literary copy (Ctrl + C) the text below into the box (Ctrl + V) and press Enter:
    Code: Select all
    ComboFix /u
That should do all that has to be done (like hiding system files and removing old system restore points). If it still does not work, please do this:
  • Make sure that you have put back all the settings that I told you to change when viewing hidden files and system files
  • Reset your System Restore and create a new point like this:
    • Go to Start > All Programs > Accessories > System Tools > System Restore
    • Select Create a restore point and click OK
    • Next, go to Start > Run and type in cleanmgr
    • Select the More options tab
    • Choose the option to clean up system restore and click OK.

Regards,
John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: Anybody help please?

Unread postby pc plodder » March 16th, 2009, 10:32 am

John

Did all you asked.

Copying did not work, still there still the same message.

Did all the other things and all folder options are back to normal and i have only the one restore point that i created today.

I did another malware scan after i'd copleted all the tasks you gave me and i post the log below.

All my virus files are up to date with eset and spywareblaster files are up to date.

Maybe this stuff was hiding in a restore point that i deleted??

I also looked fot that twext file which came up on the scan but can't find in.

Log below. Your observasions please.

Malwarebytes' Anti-Malware 1.34
Database version: 1854
Windows 5.1.2600 Service Pack 3

16/03/2009 12:32:52
mbam-log-2009-03-16 (12-32-44).txt

Scan type: Full Scan (C:\|)
Objects scanned: 179185
Time elapsed: 24 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows.0\system32\twext.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: system32\twext.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS.0\system32\userinit.exe,C:\WINDOWS.0\system32\twext.exe,) Good: (userinit.exe) -> No action taken.

Folders Infected:
C:\WINDOWS.0\system32\twain_32 (Backdoor.Bot) -> No action taken.

Files Infected:
C:\WINDOWS.0\system32\twain_32\local.ds (Backdoor.Bot) -> No action taken.
C:\WINDOWS.0\system32\twain_32\user.ds (Backdoor.Bot) -> No action taken.
C:\WINDOWS.0\system32\twain_32\user.ds.cla (Backdoor.Bot) -> No action taken.
C:\WINDOWS.0\system32\twext.exe (Backdoor.Bot) -> No action taken.

BTW i have deleted all as they were checkmarked.
pc plodder
Regular Member
 
Posts: 17
Joined: February 28th, 2009, 4:56 am

Re: Anybody help please?

Unread postby John B. » March 16th, 2009, 10:56 am

Hi Steve,

Copying did not work, still there still the same message.

Did all the other things and all folder options are back to normal and i have only the one restore point that i created today.

I did another malware scan after i'd copleted all the tasks you gave me and i post the log below.

All my virus files are up to date with eset and spywareblaster files are up to date.

Alright.

Maybe this stuff was hiding in a restore point that i deleted??

I also looked fot that twext file which came up on the scan but can't find in.

Log below. Your observasions please.

Malwarebytes' Anti-Malware 1.34
Database version: 1854
Windows 5.1.2600 Service Pack 3

16/03/2009 12:32:52
mbam-log-2009-03-16 (12-32-44).txt

Scan type: Full Scan (C:\|)
Objects scanned: 179185
Time elapsed: 24 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows.0\system32\twext.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: system32\twext.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS.0\system32\userinit.exe,C:\WINDOWS.0\system32\twext.exe,) Good: (userinit.exe) -> No action taken.

Folders Infected:
C:\WINDOWS.0\system32\twain_32 (Backdoor.Bot) -> No action taken.

Files Infected:
C:\WINDOWS.0\system32\twain_32\local.ds (Backdoor.Bot) -> No action taken.
C:\WINDOWS.0\system32\twain_32\user.ds (Backdoor.Bot) -> No action taken.
C:\WINDOWS.0\system32\twain_32\user.ds.cla (Backdoor.Bot) -> No action taken.
C:\WINDOWS.0\system32\twext.exe (Backdoor.Bot) -> No action taken.

BTW i have deleted all as they were checkmarked.
John

Did all you asked.

Copying did not work, still there still the same message.

Did all the other things and all folder options are back to normal and i have only the one restore point that i created today.

I did another malware scan after i'd copleted all the tasks you gave me and i post the log below.

All my virus files are up to date with eset and spywareblaster files are up to date.

Maybe this stuff was hiding in a restore point that i deleted??

I also looked fot that twext file which came up on the scan but can't find in.

Log below. Your observasions please.

Malwarebytes' Anti-Malware 1.34
Database version: 1854
Windows 5.1.2600 Service Pack 3

16/03/2009 12:32:52
mbam-log-2009-03-16 (12-32-44).txt

Scan type: Full Scan (C:\|)
Objects scanned: 179185
Time elapsed: 24 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows.0\system32\twext.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: system32\twext.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS.0\system32\userinit.exe,C:\WINDOWS.0\system32\twext.exe,) Good: (userinit.exe) -> No action taken.

Folders Infected:
C:\WINDOWS.0\system32\twain_32 (Backdoor.Bot) -> No action taken.

Files Infected:
C:\WINDOWS.0\system32\twain_32\local.ds (Backdoor.Bot) -> No action taken.
C:\WINDOWS.0\system32\twain_32\user.ds (Backdoor.Bot) -> No action taken.
C:\WINDOWS.0\system32\twain_32\user.ds.cla (Backdoor.Bot) -> No action taken.
C:\WINDOWS.0\system32\twext.exe (Backdoor.Bot) -> No action taken.

BTW i have deleted all as they were checkmarked.

It does not say that you deleted them. Please make sure you did. Then reboot your computer a couple of times and run another scan. It is really strange that it came back and I want to be sure your computer is completely clean.

This is a dual boot computer, right? Do you ever use the other operating system/partition?

Regards,
John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: Anybody help please?

Unread postby pc plodder » March 16th, 2009, 7:43 pm

Hi John

Sorry, didn't explain fully in my last post. Saved the log before i deleted all the checked items.
It did say after i'd done that to restart my P.C as some of the stuff couldn't be cleaned exept by a restart. Restarted the P.C did a virus scan with eset, scan with superantispyware then did another scan with malwarebytes and all came back with no infections, so it looks like the system is clean.

Sorry for my ignorance but i don't know what you mean by dual boot. The only thing i can think of is that when i boot the P.C up i get a black screen that stays on for about 3 seconds and shows windows twice and recovery consule then it carries on booting up as normal. Must say that screen has only appeared since i installed the recovery consul as advise by one of the peices of software (think it may have been Combofix) that you had me run in the beginning.

I've heard the term partitian before and know it's something to do with the hard drive, other than that i just boot the P.C up and use it. The file system is NTFS if that's any use.

Regards
Steve
pc plodder
Regular Member
 
Posts: 17
Joined: February 28th, 2009, 4:56 am

Re: Anybody help please?

Unread postby John B. » March 17th, 2009, 11:53 am

Hi Steve,

Sorry, didn't explain fully in my last post. Saved the log before i deleted all the checked items.
It did say after i'd done that to restart my P.C as some of the stuff couldn't be cleaned exept by a restart. Restarted the P.C did a virus scan with eset, scan with superantispyware then did another scan with malwarebytes and all came back with no infections, so it looks like the system is clean.

Alright, should be good then.

Sorry for my ignorance but i don't know what you mean by dual boot. The only thing i can think of is that when i boot the P.C up i get a black screen that stays on for about 3 seconds and shows windows twice and recovery consule then it carries on booting up as normal. Must say that screen has only appeared since i installed the recovery consul as advise by one of the peices of software (think it may have been Combofix) that you had me run in the beginning.

It is not about that screen (which is so you can use the Recovery Console if ever your system would become unable to boot). It is about the two Windows versions showing up. It means that once Windows was installed and then it was installed another time but then on C:\Windows.0 instead of regularly C:\Windows. But if you never use that old version it does not matter.

Please let me know when you read this and if the topic can be closed.

Regards,
John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Re: Anybody help please?

Unread postby pc plodder » March 17th, 2009, 1:43 pm

Hi John

All understood.

BTW I ran all the scans again today (p.m) and again it's clean so job done i think.

Once again thanks for all your help, if it hadn't been for your assistance i would still have been stumling around in the dark.

Thanks once again
Regards
Steve
pc plodder
Regular Member
 
Posts: 17
Joined: February 28th, 2009, 4:56 am

Re: Anybody help please?

Unread postby NonSuch » March 17th, 2009, 7:20 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27304
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 66 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware