WiredWX Hobby Weather ToolsLog in

 


Computer virus that I can't get rid of.

2 posters

descriptionComputer virus that I can't get rid of. EmptyComputer virus that I can't get rid of.

more_horiz
I have Windows Vista on my laptop and after trying to find an episode of Grey's anatomy last night to watch my computer became infected with a virus. I now keep being asked by my alter to block BankerFox.A, I think is what it is and Win32.Nuqel.E. Also a box keeps popping up that says Microsoft.NET Framework, but it is a blank box other then that, and then another box keeps popping up that says "Revocation information for the security certificate for this site is not available. Do you want to proceed?" and then also boxes keep popping up that say things like "application cannot be executed. the file chrome.exe is infected. Do you want to activate your antivirus software now?" and other antivirus software stuff keeps popping up and i clicked on it the first time it came up because i thought it was legit and it took me to a porn site and wanted me to buy the antivirus software, which i didn't b/c i now know it is fake, but i also cannot get on my internet now either (it says on the web page "internet explorer warning-visiting this web site may harm your computer!" and it goes on to tell me to purchase something for secure internet surfing) and am doing this from another computer in my house, please help! i will need to be walked through step by step b/c i know computers but not that well.

descriptionComputer virus that I can't get rid of. EmptyRe: Computer virus that I can't get rid of.

more_horiz
also i was looking at what you have other people do like downloading OTL by old timer...how do you do that b/c i assume i am going to have to do that.

also, the internet i use is explorer and chrome and they both are not working because of the virus.

i also originally scanned my computer with trend micro and it got rid of somethings, but the problem hasn't gone away.

Last edited by kimmiegirl on 21st May 2010, 7:55 pm; edited 2 times in total (Reason for editing : forgot information)

descriptionComputer virus that I can't get rid of. EmptyRe: Computer virus that I can't get rid of.

more_horiz
Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionComputer virus that I can't get rid of. EmptyRe: Computer virus that I can't get rid of.

more_horiz
how do i download OTL onto my desktop if my internet will not work?

i am accessing this site from a computer other then the one that is infected b/c my infected lap top will not let me access internet explorer or google chrome.

my proxy server is checked in my internet explorer too.

descriptionComputer virus that I can't get rid of. EmptyRe: Computer virus that I can't get rid of.

more_horiz
Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

We need to use the RKill Tool by Grinler

Rkill.com <--- Download site

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
iExplore.exe or eXplorer.exe
which are renamed copies of rkill.com, and try them instead.

Try using OTL now.

descriptionComputer virus that I can't get rid of. EmptyRe: Computer virus that I can't get rid of.

more_horiz
how do I change my security settings, so I can download OTL and Rkill?

descriptionComputer virus that I can't get rid of. EmptyRe: Computer virus that I can't get rid of.

more_horiz
Hello.

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the second option, to run Windows in Safe Mode with networking, then press Enter.
  • Choose your usual account.

If you can access GeekPolice from Safe Mode, then try downloading OTL and running it.

descriptionComputer virus that I can't get rid of. EmptyRe: Computer virus that I can't get rid of.

more_horiz
okay, so i can access the internet on my lap top by unchecking my proxy server, but i have to uncheck on each new page i am brought to before going on to a new page, or it says that it may be dangerous and i need to purchase antivirus software...i also figured out how to get into safe mode, but my internet in unable to work, like there is no internet connection, is there a way to put it in safe mode and still have internet connection? if so how?

descriptionComputer virus that I can't get rid of. EmptyRe: Computer virus that I can't get rid of.

more_horiz
Hello.
Do you have another machine we can use to download tools from and external hardware to transfer the tools across? the malware keeps replacing the proxy, so we'll need to kill the trojan first.

descriptionComputer virus that I can't get rid of. EmptyRe: Computer virus that I can't get rid of.

more_horiz
yes, i have another computer and by external hardware do you mean like a flash drive b/c i have that too.

descriptionComputer virus that I can't get rid of. EmptyRe: Computer virus that I can't get rid of.

more_horiz
Yes.
Okay, download RKill + OTL from another machine and transfer them across to this infected machine.

descriptionComputer virus that I can't get rid of. EmptyRe: Computer virus that I can't get rid of.

more_horiz
okay, i've copied them onto my flash drive and i am going to go and try them on my infected lap top, but heres my question since rkill is web based will it be able to run on my infected lap top?

descriptionComputer virus that I can't get rid of. EmptyRe: Computer virus that I can't get rid of.

more_horiz
RKill isn't web based, the .com is so it can run undetected by the malware.

There is also two other RKill links if one doesn't work, so run RKill first, then OTL.

descriptionComputer virus that I can't get rid of. EmptyRe: Computer virus that I can't get rid of.

more_horiz
oh, okay, and i don't know if you need this from rkill or not, but i thought i would post it anyway.

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Kimmie on 4/2010 Mon at 11:33:49.


Processes terminated by Rkill or while it was running:


C:\Users\Kimmie\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Users\Kimmie\AppData\Local\asam.exe
C:\Users\Kimmie\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Kimmie\AppData\Local\symibswac\mrvyrattssd.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe


Rkill completed on 4/2010 Mon at 11:34:02.

descriptionComputer virus that I can't get rid of. EmptyRe: Computer virus that I can't get rid of.

more_horiz
Okay, please run OTL and post the two logs.

descriptionComputer virus that I can't get rid of. EmptyRe: Computer virus that I can't get rid of.

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum