Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Notebook infected with System Tool and other malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Notebook infected with System Tool and other malware

Unread postby xixo_12 » April 12th, 2011, 11:42 pm

Hi,

I'm waiting ;)
Let me know if any problem arise.. :)
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia
Advertisement
Register to Remove

Re: Notebook infected with System Tool and other malware

Unread postby trestinc » April 13th, 2011, 2:00 am

So I'm at the Kaspersky stage. I click accept and let it run the update or whatever.

I then get a "Message from webpage.

"Update has failed The program could not be started Please close the window of Kaspersky Online Scanner 7.0 and start the program again from teh web site of Kaspersky Lab.

Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please makre sure that the Internet connection is established. [ERROR: Licencse has expired]"

It go to the same URL you provided and still get this after clicking accept and waiting shortly.
trestinc
Regular Member
 
Posts: 67
Joined: March 31st, 2011, 7:04 pm

Re: Notebook infected with System Tool and other malware

Unread postby trestinc » April 13th, 2011, 2:03 am

I have tried scanning twice already.
trestinc
Regular Member
 
Posts: 67
Joined: March 31st, 2011, 7:04 pm

Re: Notebook infected with System Tool and other malware

Unread postby trestinc » April 13th, 2011, 2:04 am

Also used internet explorer for both tries.
trestinc
Regular Member
 
Posts: 67
Joined: March 31st, 2011, 7:04 pm

Re: Notebook infected with System Tool and other malware

Unread postby xixo_12 » April 13th, 2011, 2:15 am

Hi,
No worries,
Try this. Sometimes it will happen.

ESET Online Scanner
Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Notebook infected with System Tool and other malware

Unread postby trestinc » April 13th, 2011, 9:56 am

Prior to this scan, I shut down and windows had to end this program: persistwndname

Is that nornmal?


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=51ada81625218c44b999744a3ef75cd4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-13 08:22:13
# local_time=2011-04-13 04:22:13 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=111656
# found=35
# cleaned=0
# scan_time=6633
C:\Documents and Settings\NetworkService\Application Data\E50896F890922196E4A03534DE119750\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\NetworkService\Application Data\E50896F890922196E4A03534DE119750\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\1\2ead1441-575a10d6 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\14\31e9954e-1231ad82 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\25\65f89e59-25da1d44 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\30\2085d9de-4ab5ebe5 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\5KDAbXmi.exe.vir a variant of Win32/Kryptik.KKD trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\5KDAbXmi.exe_.vir a variant of Win32/Kryptik.KKD trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Work\Application Data\E50896F890922196E4A03534DE119750\enemies-names.txt.vir Win32/Adware.AntimalwareDoctor.AE.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\Work\Application Data\E50896F890922196E4A03534DE119750\local.ini.vir Win32/Adware.AntimalwareDoctor.AE.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\ororiyijikere.dll.vir a variant of Win32/Kryptik.MOI trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP480\A0093025.exe a variant of Win32/Kryptik.JYR trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP480\A0093030.exe a variant of Win32/Kryptik.JYR trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP481\A0095030.exe a variant of Win32/Kryptik.JYR trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP481\A0098223.exe a variant of Win32/Kryptik.JYR trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP481\A0104511.exe a variant of Win32/Kryptik.MEO trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP481\A0105542.dll a variant of Win32/Adware.Bandoo.AA application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP481\A0105543.dll a variant of Win32/Adware.Bandoo.AA application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP481\A0105545.exe a variant of Win32/Adware.Bandoo.AA application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP481\A0105546.exe a variant of Win32/Adware.Bandoo.AA application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP481\A0105547.exe a variant of Win32/Adware.Bandoo.AA application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP481\A0105548.exe a variant of Win32/Adware.Bandoo.AA application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP481\A0105555.exe a variant of Win32/Adware.Bandoo.AA application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP481\A0105558.dll a variant of Win32/Adware.Bandoo.AA application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP481\A0105559.dll a variant of Win32/Adware.Bandoo.AA application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP481\A0105560.dll a variant of Win32/Adware.Bandoo.AA application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP481\A0105561.dll a variant of Win32/Adware.Bandoo.AA application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP481\A0105567.dll Win32/Adware.Bandoo application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP481\A0105568.dll Win32/Adware.Bandoo application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP481\A0105578.exe a variant of Win32/Kryptik.MID trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP483\A0109969.exe a variant of Win32/Kryptik.KKD trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP483\A0109975.exe Win32/Adware.XPAntiSpyware.AB application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP483\A0109983.exe a variant of Win32/Kryptik.KKD trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP485\A0110722.ini Win32/Adware.AntimalwareDoctor.AE.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{70FD1DB3-E30F-48EC-ABEA-2DE81F03A8C6}\RP485\A0110725.dll a variant of Win32/Kryptik.MOI trojan (unable to clean) 00000000000000000000000000000000 I
trestinc
Regular Member
 
Posts: 67
Joined: March 31st, 2011, 7:04 pm

Re: Notebook infected with System Tool and other malware

Unread postby xixo_12 » April 13th, 2011, 10:53 am

Hi,

It's related to graphic driver.
Quite a lot issue over the net.
http://vip.asus.com/forum/view.aspx?boa ... uage=en-us

Any questions before final instructions?
Suppose it's clean enough :)
Good for you :thumbright:
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Notebook infected with System Tool and other malware

Unread postby trestinc » April 13th, 2011, 11:51 am

No questions. What's the last instruction? :o
trestinc
Regular Member
 
Posts: 67
Joined: March 31st, 2011, 7:04 pm

Re: Notebook infected with System Tool and other malware

Unread postby xixo_12 » April 13th, 2011, 6:40 pm

Good! :cheers:
Your system now is clean.
Let's do some cleaning and management.

First,
Uninstall Combofix
  • Click on Start >> Run...
  • Now type in ComboFix /Uninstall into the and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
    Image

Next,
You can proceed to delete remaining tools that involved in this process (if any).

Additional Information :

SpywareBlaster.
  • SpywareBlaster help your Internet Explorer more strong as it will help to block known malicious ActiveX
  • A tutorial on installing & using this product can be found HERE

Antivirus.
  • Antivirus help you to give the maximum protection for the system.
  • You are advice to have only ONE antivirus running on the system.
  • Please keep it update regurlarly.

Malwarebytes' Anti-Malware.

WinPatrol.
  • Unwanted things always occur behind your knowledge. Let's this software take the snapshot of it.
  • For more information and installation can be found HERE

Windows/Program Update.
Please make sure to have your Windows Automatic Update turn ON or you can do it manually.
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
  • Go to Start > All Programs > Windows Update
To update Office
  • Open up any Office program.
  • Go to Help > Check for Updates

You always can refer at both website to check either any updates are needed for your system.

Information.

Safe surfing! :)
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Notebook infected with System Tool and other malware

Unread postby trestinc » April 13th, 2011, 10:51 pm

Thanks a lot for the help xixo_12, I really appreciate it. It was great of you to stick around for 7 pages of posts and weird problems I encountered. Love the informative advices throughout and at the end of this post.

Didn't think a forum post could help me fix my notebook but it did and I'm glad I found the malwareremoval forum and you.

Take care!
trestinc
Regular Member
 
Posts: 67
Joined: March 31st, 2011, 7:04 pm

Re: Notebook infected with System Tool and other malware

Unread postby trestinc » April 13th, 2011, 11:01 pm

Hmmm. One more thing, what is wrong when it says "No bootable partition in table."

I have been trying to boot from the other OS recently and the people who made the OS recommend creating a USB Boot thing like what you recommended me to do earlier. Pretty much, I'm booting the same OS from the USB to access the files there.
trestinc
Regular Member
 
Posts: 67
Joined: March 31st, 2011, 7:04 pm

Re: Notebook infected with System Tool and other malware

Unread postby xixo_12 » April 14th, 2011, 5:16 am

Hi,

You're welcome, and we're pleased to help you :)

Do you remember we did through a lot of problem previously regarding MBR?
We're giving support on windows platform, hence, I'm try my best to save your current window by fixed the MBR. This would be the effect.

Another thing you could try by change the boot sequence to HDD as first boot device. ;)

If you no other problem, I would ask this topic to be close. :)
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Notebook infected with System Tool and other malware

Unread postby trestinc » April 14th, 2011, 1:27 pm

Thanks again.
:compress:
Yes you can close this thread.
trestinc
Regular Member
 
Posts: 67
Joined: March 31st, 2011, 7:04 pm

Re: Notebook infected with System Tool and other malware

Unread postby Carolyn » April 14th, 2011, 6:15 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 481 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware