Welcome to MalwareRemoval.com, What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.
MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Press Submit - this will submit the file for testing. Please wait for all the scanners to finish then copy and paste the results in your next response.
Or if to busy: try later or the second link Virustotal
When ALL scanners finish, copy to notepad and then paste here.
MBRCheck
Please download MBRCheck.exe and save it to your desktop.
Right click on MBRCheck.exe and select " Run as administrator " to run it.
A window similar to this should open on your desktop:
If you are prompted with options, enter N at the prompt and press Enter
Press Enter again.
A log will open on your Desktop ...... MBRCheck_mm.dd.yy_hh.mm.ss.txt(where mm.dd.yy_hh.mm.ss are the date and time the scan was run)
Please post the contents of the log in your next reply.
Post Results of the Jotti or Virustotal scan(s) Results of MBRCheck
Hey turtledove: Could only do one of the two files with Jotti or VirusTotal. c:\program files\SB2010_setup.msi is 148Mb whereas the two sites have a 20Mb limit. I'm still trying to run it through Jotti but it is not cooperating. VirusTotal is too busy. MBRCheck log is at the bottom. I sure hope you can find something - this piece of crap is getting slower and slower. Still can't set up the printer either. Still getting the spoolsv alert. I'm almost to the point of chucking it and buying a new system.
c:\windows\is-4CR4U.exe Filename: isRS-000.tmp Status: Scan finished. 0 out of 19 scanners reported malware. Scan taken on: Sun 14 Nov 2010 05:46:39 (CET) Permalink
Additional info File size: 711168 bytes Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit MD5: 296a2fac6a99515a8a57d6af147890e6 SHA1: 44e5e5bedf8527fd15a25ff0fab1cd8cd34b82a8
Scanners [ArcaVir] 2010-11-14 Found nothing [G DATA] 2010-11-13 Found nothing [Avast! antivirus] 2010-11-13 Found nothing [Ikarus] 2010-11-13 Found nothing [Grisoft AVG Anti-Virus] 2010-11-13 Found nothing [Kaspersky Anti-Virus] 2010-11-13 Found nothing [Avira AntiVir] 2010-11-13 Found nothing [ESET NOD32] 2010-11-14 Found nothing [Softwin BitDefender] 2010-11-14 Found nothing [Panda Antivirus] 2010-11-13 Found nothing [ClamAV] 2010-11-14 Found nothing [Quick Heal] 2010-11-12 Found nothing [CPsecure] 2010-11-14 Found nothing [Sophos] 2010-11-14 Found nothing [Dr.Web] 2010-11-14 Found nothing [VirusBlokAda VBA32] 2010-11-12 Found nothing [Frisk F-Prot Antivirus] 2010-11-13 Found nothing [VirusBuster] 2010-11-13 Found nothing [F-Secure Anti-Virus] 2010-11-14 Found nothing
c:\program files\SB2010_setup.msi
the file limit is 20Mb on each service. This file is 143Mb. They're no cooperating.
MBRCheck, version 1.2.3 (c) 2010, AD
Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 2 (build 6002), 32-bit Base Board Manufacturer: ASUSTek Computer INC. BIOS Manufacturer: Phoenix Technologies, LTD System Manufacturer: HP-Pavilion System Product Name: GG781AA-ABA a6110n Logical Drives Mask: 0x000005fc
I'm rechecking our previous steps and will return as soon as possible. Thank you for the logs. I'd like you to do a scan online please.
ESET online scannner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
Hold down Control then click on the following link to open a new window to ESET online scanner
Then click on:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install. All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on:
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.
Post C:\Program Files\ESET\EsetOnlineScanner\log.txt
Copy these instructions please as you'll be off the internet during part of the fix. **Vista users: Right Click, select Run as Administrator*
ComboFix - CFScript WARNING ! This script is for THIS user and computer ONLY! Using this tool incorrectly could damage your Operating System... preventing it from starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
Please open Notepad and copy/paste all the text below... into the window:
Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
This will cause ComboFix to run again. Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash. Do Not touch your computer when ComboFix is running! When finished... Notepad will open ... ComboFix will produce a log file called "log.txt".
Please copy/paste the contents of log.txt... in your next reply.
** Enable your Antivirus and Firewall, before connecting to the Internet again! **
Whew!! I thought I was screwed. After ComboFix was done and rebooted my system, I couldn't open ANYTHING! It wasn't until a did another restart that everything came back (well at least this is working - so far). I'm still getting that incredibly nagging spoolsv.exe alert 4 or 5 times on startup. And...and...when I went to copy and paste the log to this post, the Runtime spoolsv.exe alert came back up to rear it's ugly head. When I acknowledged the alert, the screen went black and the computer froze. I had to do a hard reboot to get out of everything. I know you're doing your all but this thing is getting worse and worse - in fact, just now, while I was in the middle of 'getting worse and...' that bloody Runtime alert came back up. Here's the log:
Okay, I was in the middle of the log post when what happened above happened again. I had to close Firefox (lucky for the Session Manager app that saves everything) and start again. I'm trying one more time and then that's it. This machine is getting incredibly slow and cumbersome. I'm sorry, but I just can't get the log copied without this infernal thing freezing up. Okay, one more time:
Nope - happened again although without the Runtime alert. As soon as I attempted to paste the log, the computer froze and I couldn't shake it loose until I closed Firefox. Is it the fault of Firefox? Who knows. Here's another try:
Nope - can't post. As soon as I paste the log, the computer freezes and it doesn't matter how long I wait, I have to close Firefox but not the whole post is saved. I'm going over to IE to try that route.
Nope, can't do it. I went over to IE and the same result. As soon as I pasted, IE froze and wouldn't respond. I even tried copying the log to a new notepad page and tried to CUT and paste but with the same dismal result. I'm sorry but my computer is obviously rebelling after all the scans and deletions of files and is acting like a little kid and holding its breath. I don't know how to get the log to you unless it is by 'private message'. Sorry.
I do not know why you can not post. My best advice at this point is that it is best to save your documents that you need, not downloaded programs; and reformat the system. It has had as mentioned a rootkit/spying/info stealing virus. ESET also found an illegitimate NIS 2010. I suggest staying off such sites and P2P in the future if you want a safe and dependable machine.
Here are a couple of links once you are reformatted. Our forum here for keeping safe: viewtopic.php?f=4&t=54766 COMPUTER SECURITY - a short guide to staying safer online
For technical help should your printer problem remain after the reinstall.
Thanks turtledove - saved all the links and will try the reformat. Is there no way to load the recovery discs and just pick up the files that have been corrupted? Will the recovery program not just look and replace the bad or missing stuff?
Anyway, thanks for all your help and (don't take this the wrong way - I really mean it as a compliment) I hope to never have to hear from you again. Your help has been invaluable and I've learned quite a few things. Cheers and let's close this monster down.
In this case, even if it only replaced the corrupt files, due to what was found, you're best to restore back to factory condition. That is because we do not know the total amount of corrupted files.
srcstcbstrd wrote:Anyway, thanks for all your help......Your help has been invaluable and I've learned quite a few things.
Users browsing this forum: No registered users and 178 guests
Contact us:
Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.