WiredWX Hobby Weather ToolsLog in

 


Computer massive infection

3 posters

descriptionComputer massive infection EmptyComputer massive infection

more_horiz
This is Itachi21 here. This is another computer I am working on and there is so many problems its not even funny. Some applications can't even execute.

I downloaded HijackThis but I can't get it to execute without a window popping up saying "Application cannot be executed. The file winlogon.scr is infected. Do you want to activate your antivirus software now?"

descriptionComputer massive infection EmptyRe: Computer massive infection

more_horiz
Please download exeHelper from one of the two links.
Link 1
Link 2

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

descriptionComputer massive infection EmptyRe: Computer massive infection

more_horiz
i cant get any program to execute. including that one. should i press yes instead of no or will that activate whatever the problem is?

descriptionComputer massive infection EmptyRe: Computer massive infection

more_horiz
Press no.
Hmm, can you get into msconfig? Go to Start > Run. In the run box, type in:

msconfig

Hit enter.
Does the msconfig window open?

descriptionComputer massive infection EmptyRe: Computer massive infection

more_horiz
no unfortunatley. and i cant even load task manager. nothing will allow me to open. i got firefox to open before all of this hit.

descriptionComputer massive infection EmptyRe: Computer massive infection

more_horiz
what do i do?

descriptionComputer massive infection EmptyRe: Computer massive infection

more_horiz
Now I have lost all internet access on the computer I was working on.

This isn't a good thing. I'm working off my computer now. The computer we we're trying to get to work is still on but like i said it just disconnected from the internet and now I can't find any wireless points when I was connected to mine all day.

descriptionComputer massive infection EmptyRe: Computer massive infection

more_horiz
You'll need to copy tools over via USB then, lets try Combofix.

Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    Computer massive infection CF_download_FF

    Computer massive infection CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    Computer massive infection Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    Computer massive infection Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionComputer massive infection EmptyRe: Computer massive infection

more_horiz
Ok I downloaded combo fix then transfered it onto my flash drive then went to open it on the infected computer and it still wont let me open it. I think its the BankerFox.A Trojan and another one.

descriptionComputer massive infection EmptyRe: Computer massive infection

more_horiz
Hmm, I wonder if we can manually edit the registry.

Go to Start > Run. In the run box, type in:

regedt32

Does the registry editor open?

descriptionComputer massive infection EmptyRe: Computer massive infection

more_horiz
No. Anything that tries to run just says that that particular executable wont open and it says its infected.

descriptionComputer massive infection EmptyRe: Computer massive infection

more_horiz
I'll keep going till I find something that works. LMBO or ROFL

Please download Ice Sword from HERE

  1. Download the zip to your desktop and extract it.
  2. Open the Ice Sword folder and then launch IceSword.exe.
  3. IceSword will randomly rename itself on open; does IceSword work?

descriptionComputer massive infection EmptyRe: Computer massive infection

more_horiz
No it wont work. I transfered Ice Sword onto my flash drive then onto the other computer and it still wont work. I cannot get any program to open. What happens if i click yes instead of no?

descriptionComputer massive infection EmptyRe: Computer massive infection

more_horiz
Ok IceSword is working now what do I do?

descriptionComputer massive infection EmptyRe: Computer massive infection

more_horiz
Hehe, I actually just tested some malware like this and found something odd.

Do you still have Combofix on your Desktop? rename it to utorrent.exe and see if it runs.

Sounds weird I know, but the malware I'm playing with here blocks out explorer.exe, but lets me run utorrent.exe Ahahaha

descriptionComputer massive infection EmptyRe: Computer massive infection

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum