Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browsers will not open

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Browsers will not open

Unread postby z147 » December 17th, 2011, 12:14 pm

Could you download successfully the FixNCR.reg and TDSSKiller.exe files from a non-infected computer to CD or external drive? Yes
If yes... Could you see both files on CD or external drive? Yes
Note: The FixNCR is not an executable file - it is a registry file, that should be double clicked or right clicked and merged with the registry.
Could you copied successfully both files to the infected computer's DESKTOP. !!! DESKTOP as the target location is very important !!! Yes

Should I try NCR Fix again without making a full backup or restore point?
z147
Regular Member
 
Posts: 47
Joined: July 2nd, 2011, 12:13 pm
Advertisement
Register to Remove

Re: Browsers will not open

Unread postby pgmigg » December 18th, 2011, 10:36 am

Hello z147,

It is nice, that all answers are 'Yes'!
Now we will try to restore your computer to functional healthy state as it was before your troubles started...

Step 0.
Restore from early Restore Point
  1. Restart your computer, and then press and hold F8 during the initial startup to start your computer in Safe Mode with a Command prompt.
  2. Use the arrow keys to select the Safe Mode with a Command prompt option.
  3. If you are prompted to select an operating system, use the arrow keys to select the appropriate operating system for your computer, and then press ENTER.
  4. Log on as an administrator or with an account that has administrator credentials.
  5. At the command prompt, type
    %systemroot%\system32\restore\rstrui.exe
    Then press ENTER.
  6. Follow the instructions that appear on the screen to restore your computer to a functional state:
    1. On the 'Welcome to System Restore' screen, please select Restore my computer at the early time and then click Next button.
    2. On the 'Select a Restore Point' page, click on a bold date on the calendar pryer to the day of the problem stated. There may also be a restore point for an earlier time on the same day. Try to use a restore point as close as possible to a time just before the problem started. If the problem persists, an earlier restore point can be used. Then click Next.
    3. On the 'Confirm Restore Point Selection' page, click Next. System Restore restores the previous Windows XP configuration.
    4. On the 'Restoration Complete' screen press OK and computer will restart to the normal mode.

Do you still have your problems?

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Browsers will not open

Unread postby z147 » December 18th, 2011, 12:45 pm

pgmigg,

what problems are you referring to? I had many and don't want to test anything you don't want me to. Please instruct me on what you'd like me to do or test. I did the System Restore and then shut down the computer waiting for further comment from you. The
one thing I can say is that when the latest fake security program first poped up a few days ago my desktop background was gone. It's now back. I'll wait to hear from you before even connecting to the web or opening any programs.

z147
z147
Regular Member
 
Posts: 47
Joined: July 2nd, 2011, 12:13 pm

Re: Browsers will not open

Unread postby pgmigg » December 19th, 2011, 11:40 am

Hello z147,
what problems are you referring to?

I meant everything you described in your initial post and later when you noted about fake XP Home Security 2012 and Security Sphere 2012.
I did the System Restore and then shut down the computer waiting for further comment from you.

It is a great news that you could successfully finish restore to some previous point.
Please instruct me on what you'd like me to do or test. I did the System Restore and then shut down the computer waiting for further comment from you.


Firstly, you need to switch on infected computer in Normal Mode but do NOT connect to the Internet!

Then please proceed to the steps below. All tools you will use are already downloaded on your computer or you have them on CD or external drive, so you shouldn't download them and have Internet connection during the following scans.
Please don't stop if you could not run one or even many of these scans - try to run every one and give me report how each tool worked...

Step 1.
ERUNT - Run to make a full backup:
This will create a full backup of your registry. ERUNT can be used to restore the registry from this backup, if needed.
  1. Please navigate to Start -> All Programs -> ERUNT, then double-click ERUNT from the menu.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on OK at the prompt, then reply Yes.
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on OK. A registry backup has now been created.

Step 2.
Rkill
  1. Double click on the iExplore.exe Desktop icon in order to automatically attempt to stop any processes associated with XP Home Security 2012 and other Rogue programs. Please be patient while the program looks for various malware programs and ends them.
  2. A command window will open then disappear upon completion, this is normal.
    1. If you having problems running this version of RKill, you need to run all other renamed versions of RKill sequentially.
    2. If the next one does not work too, repeat the process until the tool runs.
    3. If no version of Rkill would run, please let me know.
    Do not reboot your machine until asked to do so.
    When finished, Notepad will open with a log file, automatically saved at C:\rkill.log.
  3. Please copy and paste the contents of the rkill.log file, in your next reply.
    Please leave Rkill on the Desktop unless instructed otherwise.
Note: If you get an alert that Rkill is infected, ignore it. The alert is a fake warning given by the rogue software, trying to "protect" itself from being terminated or removed. If you see such a warning, leave the warning on the screen, then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself, so that Rkill can perform its routine.


Step 3.
Malwarebytes' Anti-Malware Update and Rerun
  1. Please start MBAM (Malwarebytes' Anti-Malware) again.
  2. Press the Scanner tab and select FULL SCAN this time, then press the Scan button. This kind of scan will take a while, so please be patient!
    When the scan finishes...
  3. Check all items except any items (if present) in the C:\System Volume Information folder. Then click on Remove Selected.
  4. Let MBAM remove what it can... If there are files to be deleted on reboot, please reboot the machine so MBAM can finish the removal.
    If you rebooted, then you'll need to start MBAM again.
  5. Press the LOG tab and locate the most current log file.
    Please copy and paste the most recent log (from this new run) in your next reply.

Step 4.
TDSSKiller - Rootkit Removal Tool - Scan only
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS/TDL variants.
    If TDSSKiller does not run, please rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. zarodinu.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Please select Skip instead of Cure (default).
  5. Then click Continue, then Close and then Close again.
  6. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory (usually Local Disk C:).
  7. Copy and paste the contents of that file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions and which steps you could run and which could not?
  2. Contents of rkill.log file
  3. Contents of the most recent MBAM log file
  4. Contents of a TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt log file
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Browsers will not open

Unread postby z147 » December 19th, 2011, 9:06 pm

pgmigg,

ERUNT worked and created a backup point
RKILL worked - file below
MBAM and TDSSKiller would not open

Fake security popped up when I was searching for MBAM.
z147
Regular Member
 
Posts: 47
Joined: July 2nd, 2011, 12:13 pm

Re: Browsers will not open

Unread postby z147 » December 20th, 2011, 9:26 am

pgmigg,

here is the Rkill log

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 12/19/2011 at 19:44:59.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe


Rkill completed on 12/19/2011 at 19:46:14.
z147
Regular Member
 
Posts: 47
Joined: July 2nd, 2011, 12:13 pm

Re: Browsers will not open

Unread postby pgmigg » December 20th, 2011, 12:07 pm

Hello z147,

Please, when answering my posts or providing feedback, try to be as exact or detailed as possible. Otherwise, I have to make additional posts asking for clarification, prolonging the fix process.

Fake security popped up when I was searching for MBAM.

Could you please tell me which fake security program it was (the XP Home Security 2012, the Security Sphere 2012, or even something else) and what does it mean 'when I was searching for MBAM' when MBAM should have been on the desktop?

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Browsers will not open

Unread postby z147 » December 20th, 2011, 1:45 pm

pgmig,

It was XP Antisypware 2012. I was searching for MBAM because I couldn't find it and still can't. The shorcut is still there but it wouldn't work so I serached for the actual file which I also had on my desktop. I downloaded a new version and tried that. It wouldn't open.

z147
z147
Regular Member
 
Posts: 47
Joined: July 2nd, 2011, 12:13 pm

Re: Browsers will not open

Unread postby pgmigg » December 21st, 2011, 6:28 pm

Hello z147,
It was XP Antisypware 2012. I was searching for MBAM because I couldn't find it and still can't. The shorcut is still there but it wouldn't work so I serached for the actual file which I also had on my desktop. I downloaded a new version and tried that. It wouldn't open.

All required tools should have already been downloaded and copied to the infected computer's desktop. If they are not on the infected computer desktop, you will need to copy them from the CD\DVD or download them again from a non infected computer, copy to a CD\DVD ... then copy onto the infected computer desktop.

Please don't stop if you could not run one or even many of these scans - try to run every one and give me report how each tool worked...

Step 1.
ERUNT - Run to make a full backup:
This will create a full backup of your registry. ERUNT can be used to restore the registry from this backup, if needed.
  1. Please navigate to Start -> All Programs -> ERUNT, then double-click ERUNT from the menu.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on OK at the prompt, then reply Yes.
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on OK. A registry backup has now been created.

Step 2.
FixNCR.reg
Some infections can change settings on the computer, so when you launch an executable (.exe) file, it will instead launch the infection.
To fix this we must alter the registry entries altered by the infection.
  1. You should see the FixNCR.reg file that you downloaded on the desktop of infected computer or insert the removable device into the infected computer and open the folder, with the drive letter associated with it...
  2. Double-click on the FixNCR.reg file to fix the Registry on your infected computer.
  3. You may receive a prompt indicating the process has completed ... if prompted, Click OK.
    You should now be able to run your normal programs... proceed to the next step.

Step 3.
Rkill
  1. Double click on the iExplore.exe Desktop icon in order to automatically attempt to stop any processes associated with XP Home Security 2012 and other Rogue programs. Please be patient while the program looks for various malware programs and ends them.
  2. A command window will open then disappear upon completion, this is normal.
    1. If you having problems running this version of RKill, you need to run all other renamed versions of RKill sequentially.
    2. If the next one does not work too, repeat the process until the tool runs.
    3. If no version of Rkill would run, please let me know.
    Do not reboot your machine until asked to do so.
    When finished, Notepad will open with a log file, automatically saved at C:\rkill.log.
  3. Please copy and paste the contents of the rkill.log file, in your next reply.
    Please leave Rkill on the Desktop unless instructed otherwise.
Note: If you get an alert that Rkill is infected, ignore it. The alert is a fake warning given by the rogue software, trying to "protect" itself from being terminated or removed. If you see such a warning, leave the warning on the screen, then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself, so that Rkill can perform its routine.


Step 4.
Malwarebytes' Anti-Malware Update and Rerun
  1. Please start MBAM (Malwarebytes' Anti-Malware) again.
    You must be connected to the Internet to obtain any updates.
  2. Press the Update tab, then press the Check for Updates button. <<---Important!
    Once any updates are installed or you get the message that you are up-to-date
  3. Press the Scanner tab and select FULL SCAN this time, then press the Scan button. This kind of scan will take a while, so please be patient!
    When the scan finishes...
  4. Check all items except any items (if present) in the C:\System Volume Information folder. Then click on Remove Selected.
  5. Let MBAM remove what it can... If there are files to be deleted on reboot, please reboot the machine so MBAM can finish the removal.
    If you rebooted, then you'll need to start MBAM again.
  6. Press the LOG tab and locate the most current log file.
    Please copy and paste the most recent log (from this new run) in your next reply.


Step 5.
TDSSKiller - Rootkit Removal Tool - Scan only
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS/TDL variants.
    If TDSSKiller does not run, please rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. zarodinu.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Please select Skip instead of Cure (default).
  5. Then click Continue, then Close and then Close again.
  6. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory (usually Local Disk C:).
  7. Copy and paste the contents of that file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions and which steps you could run and which could not?
  2. Contents of rkill.log file
  3. Contents of the most recent MBAM log file
  4. Contents of a TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt log file
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Browsers will not open

Unread postby z147 » December 23rd, 2011, 5:04 pm

pmigg,

Do you have any problems executing the instructions and which steps you could run and which could not?
ERUNT would not run.
FIXNcr ran fine
IExplore ran fine
MBAM ran fine
TDSSKiller would not run even with the file extension change. A warning was displayed "Application canot be executed. The file tfswctrl.exe is infected.

Contents of rkill.log file
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 12/23/2011 at 13:54:19.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Documents and Settings\AZ\Local Settings\Application Data\rsk.exe


Rkill completed on 12/23/2011 at 13:55:37.


Contents of the most recent MBAM log file[/u][/u]
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122308

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/23/2011 2:42:01 PM
mbam-log-2011-12-23 (14-42-01).txt

Scan type: Full scan (C:\|)
Objects scanned: 263481
Time elapsed: 41 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 35

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Trojan.Email) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\AZ\application data\Sun\Java\deployment\cache\6.0\19\1dbb9cd3-70e3e1d0 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\AZ\application data\Sun\Java\deployment\cache\6.0\35\7bd790e3-5e7c4f35 (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\AZ\local settings\application data\rsk.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\AZ\local settings\temp\opre0.9623365498032108.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\AZ\local settings\temp\a58c8.tmp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\networkservice\application data\Sun\Java\deployment\cache\6.0\59\12ff00bb-5d477bd5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{019ea508-7ec4-4bbf-9507-2c5b5fd13cab}\RP369\A0145721.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{019ea508-7ec4-4bbf-9507-2c5b5fd13cab}\RP369\A0145725.dll (Trojan.Banker) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\0.5158769621281333.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\833.3179.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\nnnv0.11491142187908254.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\nnnv0.2162705883147521.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\nnnv0.3425163213401775.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\nnnv0.47106158035612367.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\nnnv0.7305629635040942.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\nnnv0.9647729140006882.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\opre0.21908242506753117.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\opre0.35317549102059587.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\opre0.6237909738437495.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\opre0.8097911123094249.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\opre0.9098894698255029.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\opre0.991552020582681.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\opre0.993185188771506.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\sghj0.08714886156306278.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\sghj0.537802381742439.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\nnnv0.11153854322903733.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\opre0.595908794016229.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\kna0.02575846805795401.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\kna0.21651861563651065.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\kna0.30463451071394276.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\kna0.5879312877995662.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\kna0.6514546565793159.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\kna0.8247657204510297.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\erwsyg\setup.exe (Trojan.Email) -> Quarantined and deleted successfully.
c:\documents and settings\AZ\local settings\temp\nnnv0.5588442171554086.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.


Contents of a TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt log file
Do you see any changes in computer behavior? warnings continue to appear and Spyware Sphere started to run again.
z147
Regular Member
 
Posts: 47
Joined: July 2nd, 2011, 12:13 pm

Re: Browsers will not open

Unread postby pgmigg » December 24th, 2011, 12:29 pm

Hello z147,
warnings continue to appear and Spyware Sphere started to run again.

You computer is infected and has a multitude of rogue infections, that are popping up after we fix one... but it will be treated and clean. Let continue...
Now it is a time to kill Security Sphere 2012 again.

Note: Continue surfing the Web until I will say that you computer is clean is DANGEROUS!

Please read carefully my instructions below and print it out because you will not have Internet access during processing...

Note: Below you can see two steps 1A and 1B for creation of full registry backup and System Restore Point. If you could not run 1A, please try to run 1B. You don't need to run both of them, if the 1A will be successful. Please let me know if you cannot run both of these steps, but please proceed to Step 2 even in such case...

Step 1A.
ERUNT - Run to make a full backup:
This will create a full backup of your registry. ERUNT can be used to restore the registry from this backup, if needed.
  1. Please navigate to Start -> All Programs -> ERUNT, then double-click ERUNT from the menu.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on OK at the prompt, then reply Yes.
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on OK. A registry backup has now been created.

Step 1B.
Create System Restore Point
  1. Click Start.
  2. Select All Programs -> Accessories -> System Tools, then press System Restore.
  3. At the Welcome screen select Create a restore point and then press Next.
  4. In the description box, type a name to describe this restore point.
      System Restore automatically adds (to your description) the current date and time.
  5. Click Create to finish creating this restore point.
  6. Click Close to exit System Restore.
Unless you use some other method to create system restore points, it is advisable to leave this feature ON and active.

Step 2.
Restart to Safe Mode
  1. Please restart your computer, and then press and hold F8 during the initial startup to start your computer in Safe Mode.
  2. Use the arrow keys to select the Safe Mode option.
  3. If you are prompted to select an operating system, use the arrow keys to select the appropriate operating system for your computer, and then press ENTER.
  4. Log on as an administrator or with an account that has administrator credentials.
You don't need to have networking now because you should already have the all needed programs.

Step 3.
Check - Reset Proxy settings
Malware can alter your proxy settings. If altered, it can affect your ability to browse or download tools required for disinfection.

Internet Explorer Proxy settings:
  1. Open Internet Explorer > click Tools > Internet Options > Connections tab.
  2. Click the LAN Settings... button and uncheck "Use a proxy server for your LAN"
    or change the settings to the proxy you normally use if you previously reconfigured it.
  3. Remove any unknown addresses from the Address box. 80 is the default Port so it does not have to be changed.
  4. Click OK... then click OK again.
  5. Close Internet Explorer and -restart- the computer.
  6. An example of how to do this with screenshots can be found in steps 3-7 under the section Automated Removal Instructions... in this guide.

Firefox Proxy settings:
  1. Open Firefox, click Tools > Options > Advanced and click the Network Tab.
  2. Under the Connection section click on the Settings... button.
  3. Under Configure Proxies to Access the Internet, check No proxy. This is the default option if you don't use a proxy.
  4. Click OK... then click OK again and close Firefox.

For other browsers, please refer to How to configure browser proxy settings.

Step 4.
TDSSKiller - Rootkit Removal Tool - Scan only
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS/TDL variants.
    If TDSSKiller does not run, please rename it to pgmigg.exe. Right-click on TDSSKiller.exe, select Rename and give it pgmigg name with the .exe file extension.
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Please select Skip instead of Cure (default).
  5. Then click Continue, then Close and then Close again.
  6. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory (usually Local Disk C:).
  7. Copy and paste the contents of that file in your next reply.

Next.
Please restart your computer to Normal Mode.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Could you run one of the steps 1 successfully?
  3. Contents of TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Browsers will not open

Unread postby z147 » December 26th, 2011, 2:12 pm

pgmigg

I could not run either step 1A or 1B.
Sypware Sphere came up even in Safe Mode.
Could not run TDSSKiller even with file name and extension changed. I tried .com and pmigg.exe
z147
Regular Member
 
Posts: 47
Joined: July 2nd, 2011, 12:13 pm

Re: Browsers will not open

Unread postby z147 » December 29th, 2011, 9:53 am

pmigg,

It's been almost 72 hours since my last post. Can you still help me?

z147
z147
Regular Member
 
Posts: 47
Joined: July 2nd, 2011, 12:13 pm

Re: Browsers will not open

Unread postby pgmigg » December 30th, 2011, 10:36 am

ello z147,
I could not run either step 1A or 1B.
Sypware Sphere came up even in Safe Mode.
Could not run TDSSKiller even with file name and extension changed. I tried .com and pmigg.exe

Based on this notes as well as the same results after a few unsuccessful tries to treat you computer, I'm sorry to say I have gone as far as I can with assisting you and I have no other option but to advise you carry out is a reformat your hard drive and reinstall the Windows operating system.

Please tell me, do you have Windows installation CD coming with your computer or the computer has a Recovery Partition?

For your safety and protection, I would advise backing up all your important documents, personal data files and photos to a CD or DVD drive.
The safest practice is not to backup any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

Please read the following:

Please let me know you decision and ask any questions related to this action. I will be happy to help you.

Please click HERE to find a short guide to staying safer online.

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Browsers will not open

Unread postby Wingman » January 2nd, 2012, 12:14 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14112
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware