Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

weird virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: weird virus

Unread postby yarders » July 25th, 2009, 7:15 pm

My computer does a check disk automaticaly every stratup I'll get to the stuff tomorow


On iPhone
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am
Advertisement
Register to Remove

Re: weird virus

Unread postby yarders » July 26th, 2009, 12:31 pm

Files\Folders moved on Reboot...
C:\Windows\System32\DRIVERS\eamon.sys moved successfully.
C:\Windows\System32\DRIVERS\ehdrv.sys moved successfully.
C:\Windows\System32\DRIVERS\epfwwfpr.sys moved successfully.

Registry entries deleted on Reboot...
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby yarders » July 26th, 2009, 3:17 pm

bluescreene in internet scan
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby Dakeyras » July 26th, 2009, 5:01 pm

Hi :)

Was that the complete OTL log as in all that it contained?

OK not good at all this. Yet again another system crash when just running a online Anti-Virus scan.

In the meantime please check for any updates for your installed Anti-Virus AVG and run a complete scan please, then post the log.

To get the results of the latest AVG scan:

  • Right click the AVG icon in your taskbar.
    • Click Launch AVG Test Centre
    • Click Results
      • Click the latest scan results
      • Click Virus Results (if present) or click Spyware Results (if present)
    • Click Program
      • Click Export list to file
    • Name it AVG log.txt
      • Save as type: All files (*.*) to your Desktop.
    • Exit AVG
  • Open AVG log.txt and Copy/Paste the results in your next reply.

I will go over all the logs again to try and see if anything I have missed. Plus have a rethink about the next course of action and will get back to your good self. Please be patient, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: weird virus

Unread postby yarders » July 27th, 2009, 7:03 am

"Scan ""Scheduled scan"" was finished."
"No infection was found during this scan"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"20 July 2009, 15:03:39"
"Scan finished:";"20 July 2009, 15:49:12 (45 minute(s) 32 second(s))"
"Total object scanned:";"514335"
"User who launched the scan:";"Jonny"



thats it but i dont believe it is true since the internet scan had foun like 5 problems before the crash
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby Dakeyras » July 27th, 2009, 11:00 am

Hi :)

thats it but i dont believe it is true since the internet scan had foun like 5 problems before the crash
It is entirely possible what is being flagged by the online scans is what is currently residing in the ComboFix Quarantine folder and or in the System Restore points. Which we can address in due course but do not pose a threat at this time.

Either way a further investigation is warranted.

Repair File Extensions:

Download System Repair Engineer

Scroll down to System Repair Engineer 2.7.1.1261 and click on the Local Download button to do so.

  • Extract it to Desktop and right-click SREng.exe and select Run as Administrator.
  • Select System Repair from the left pane.
  • Click on File Association
  • Select all entries that has an Error status click [Repair]
  • Refer to this image for an example:

    Image
  • Close SREng now.

F-Secure Blacklight:

Please download Blacklight from here.

or

Link to it from the ftp site: ftp://ftp.f-secure.com/anti-virus/tools/fsbl.exe
and save it to C:\ with a name of fsbl.exe and or save it to the desktop then move the file to C:\

Open an Elevated Command Prompt as follows:

  • Open the Start Menu
  • In the white line (Start Search) area, type cmd
  • Press CTRL+SHIFT+ENTER.
  • Click on Continue in the UAC prompt

Next:-

  • Type the follwing line onto the command prompt:
    C:\fsbl.exe /expert
  • Hit Enter
  • This will launch BlackLight
  • Select I accept the agreement
  • Click Next
  • Click Scan
  • Wait for the scan to finish
  • Click on Next
  • Click Exit
  • A logfile will have been created in the C:\ drive
  • It will be named fsbl-xxxxxxxxxxxxxx.log where xxxxxxxxxxxxxx is the date and time of the scan
  • Use notepad to open that log
  • Post the contents of that log as a reply to this topic.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: weird virus

Unread postby yarders » July 28th, 2009, 1:38 pm

07/28/09 18:09:46 [Info]: BlackLight Engine 2.2.1092 initialized
07/28/09 18:09:46 [Info]: OS: 6.0 build 6000 ()
07/28/09 18:09:46 [Note]: 7019 4
07/28/09 18:09:46 [Note]: 7005 0
07/28/09 18:12:33 [Note]: 7006 0
07/28/09 18:12:33 [Note]: 7027 0
07/28/09 18:12:33 [Note]: 7035 0
07/28/09 18:12:33 [Note]: 7026 0
07/28/09 18:12:33 [Note]: 7026 0
07/28/09 18:12:35 [Note]: FSRAW library version 1.7.1024
07/28/09 18:19:26 [Note]: 4015 1420
07/28/09 18:19:26 [Note]: 4027 1420 65536
07/28/09 18:19:26 [Note]: 4020 511 65536
07/28/09 18:19:26 [Note]: 4018 511 65536
07/28/09 18:19:46 [Note]: 4015 1469
07/28/09 18:19:46 [Note]: 4027 1469 65536
07/28/09 18:19:46 [Note]: 4020 1420 65536
07/28/09 18:19:46 [Note]: 4018 1420 65536
07/28/09 18:19:51 [Note]: 4015 1967
07/28/09 18:19:51 [Note]: 4027 1967 65536
07/28/09 18:19:51 [Note]: 4020 1420 65536
07/28/09 18:19:51 [Note]: 4018 1420 65536
07/28/09 18:37:10 [Note]: 7007 0
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby Dakeyras » July 28th, 2009, 6:20 pm

Hi :)

OK no reason why the below online scan should not complete. I have been over all the logs again and nothing else to explain the persistent online scan failures.

Though it appears the various malware infections we have been dealing seem to have been eradicated judging by the logs and other scans we have run.

Some critical system setting may have been damaged by malware and or by the punkbuster application I have just been unable to detect. Plus the overall state of the operating system as prior mentioned was not ideal at all.

If this scan fails only one option I'm afraid:

1 - Carry out a reformat and reinstallation of the Windows operating system as only so much I can achieve online without actual physical access to the computer. More so because of the damage that may still remain to both the registry and operating system as a whole.

So with the above in mind I do hope you created any backups required when I advised to do so some time back.

F-Secure Online Scan:

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: Remember open your browser by right-clicking on its icon and select Run as Administrator to perform this scan.

  • Go here to run an online scan from F-Secure
  • Click on Start scanning
  • This will open a new window
        In Interner Explorer:
      • It will require an activex control, please install it
      • Click Accept
        In Firefox:
      • It will require an Add-on to be installed, please install it
      • Order to install the Add-on Firefox needs to be restarted, please do so
  • Click Full System Scan
  • It will now download the scanner this may take a while please be patient
  • It will then start scanning wait for the scan to finish
  • Click Automatic cleaning (recommended)
  • Wait for it finish the cleaning process
  • Click show report
  • This will open up a window with the results of the scan copy and paste those results as a reply to this topic
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: weird virus

Unread postby yarders » July 29th, 2009, 7:59 am

bluescreened :(


what woul happen if i got windows 7
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby Dakeyras » July 29th, 2009, 8:52 am

Hi :)
yarders wrote:bluescreened :(

what woul happen if i got windows 7
Not good at all eh :(

I would not advice upgrading to Windows 7 at this time as it is still in the Beta phase and not actually released as far as I am aware.

OK Vista does have some repair features on the installation DVD but none of them are suitable I'm afraid and will not make any difference as the backup(s) are most likely compromised and we will be back to square one again.

I'm sorry to say I have gone as far as I can with assisting you and I have no other option but to advise you carry out is a reformat and reinstallation of the Windows operating system.

Below is some advice on what to install afterwards.

Reformat and Reinstallation Advice:

  • Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
    Here are some free Anti Virus programs which I recommend to use:
    • Antivir PersonalEditionClassic
      • Free anti-virus software for Windows.
      • Detects and removes more than 50,000 viruses. Free support.
    • avast! 4 Home Edition
        • Anti-virus program for Windows.
        • The home edition is freeware for noncommercial users.
    • Update your Anti Virus Software - It is imperative that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
    • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.
      Here are some free Firewalls which I recommend to use:
      (Use only one, and disable your Windows Firewall)
    Note: Only ever have installed/use one Anti-Virus application and Software Firewall. Otherwise a system conflict will occur and this also lessens overall online protection!
  • Keep your system updated-Microsoft releases patches for Windows and other products regularly:
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialise and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Malwarebytes' Anti-Malware - Download it from here
    The tutorial on how to use MBAM is located here
  • Install WinPatrol - Download it from here
    You can find information about how WinPatrol works here
  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
    Download it from here
    The tutorial on how to use Spyware Blaster is located here
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for your computer becoming infected again will reduce dramatically.

Any questions feel free to ask, if not stay safe!
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: weird virus

Unread postby yarders » July 29th, 2009, 11:12 am

is it not possible to live with the virus it doesnt seem to affect my computer too much
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby Dakeyras » July 29th, 2009, 12:19 pm

Hi :)

is it not possible to live with the virus it doesnt seem to affect my computer too much
I highly advise against it and still strongly recommend that you perform a reformat and reinstallation of the Windows operating system.

At this time there is absolutely nothing else I can advise. I have spent a considerable amount of my free time trying my best to assist your good self and it has got to the point there is only once recommendation in good conscience I can give. Which I have done so.

Uninstall ComboFix:

  • Click on Start(Vista orb)>> Run...(or the Windows key and R togethor) to bring up the Run box.
  • Now type in Combofix /u and click OK.
  • Note the space between the X and the U, it needs to be there.
  • Image

Clean up with OTM:

  • Right-click OTM and select Run as Administrator to start the program.
  • Close all other programs apart from OTM as this step will require a reboot
  • On the OTM main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Let myself know if you have any further questions about backups if not done so as of yet and or about performing a reformat and reinstallation of the Windows operating system, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: weird virus

Unread postby yarders » August 1st, 2009, 12:09 pm

can the virus get worse?
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby Dakeyras » August 1st, 2009, 2:12 pm

Hi :)

yarders wrote:can the virus get worse?
I do not not how many times I have to explain but I will do so again for the last time and though it may be what you do not wish to read it is the best possible advice at this time.

I have been unable to successfully verify that all malware has been eradicated and the operating system is corrupted and the only course of action I now deem appropriate is and strongly advise so, a reformat and reinstallation of the Windows operating system.

If this was one of my own machines I would not hesitate to do so. I will ask for this topic to be closed as there is nothing else I can advise apart from what I have already upon numerous occasions, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: weird virus

Unread postby yarders » August 1st, 2009, 4:37 pm

im sorry thanks for all the help and time you put into helping me i wont reinstall vista though since i want to keep everything i have
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware