WiredWX Hobby Weather ToolsLog in

 


descriptionpossible virtumonde virus Emptypossible virtumonde virus

more_horiz
I cannot send the OTL report as I'm redirected to a "not connected" message. Frequently while searching for something I'm redirected to ads. I appear to be locked out of windows update all together

[Mod Removed]

Last edited by Sneakyone on 23rd August 2010, 1:37 am; edited 2 times in total (Reason for editing : Removed E-mail)

descriptionpossible virtumonde virus EmptyRe: possible virtumonde virus

more_horiz
Hi, Welcome to GeekPolice.net!

Could you please split the OTL log into multiple posts?

descriptionpossible virtumonde virus EmptyRe: possible virtumonde virus

more_horiz
I tried to cut it in half..no go. Zpping probabily wouldn' work either as I'd have to use that as an attachment.

Last edited by wjesse on 23rd August 2010, 2:01 am; edited 1 time in total (Reason for editing : better wording)

descriptionpossible virtumonde virus EmptyRe: possible virtumonde virus

more_horiz
Hi.

Could you please zip it up and attach it, and please keep all post in this thread.

descriptionpossible virtumonde virus Emptyprobabily virtumonde

more_horiz
got it..I guess I need to send zips separtly..here is extra

descriptionpossible virtumonde virus Emptyprobable virtumonde

more_horiz
extra

descriptionpossible virtumonde virus Emptyprobable virtumonde

more_horiz
awkard posting

descriptionpossible virtumonde virus Emptyprobable virtumonde

more_horiz
still trying

descriptionpossible virtumonde virus EmptyRe: possible virtumonde virus

more_horiz
Hi.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
    O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
    O4 - HKLM..\RunOnceEx: [] File not found
    O20 - AppInit_DLLs: (2.dll) - File not found

    :Files
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\kmfvtyvxg



    :commands
    [emptytemp]
    [resethosts]
    [reboot]



  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

===============

Please download ComboFix possible virtumonde virus Combofix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

possible virtumonde virus Query_RC
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
possible virtumonde virus RC_successful

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

descriptionpossible virtumonde virus EmptyRe: possible virtumonde virus

more_horiz
I cannot find a way to disable either Microsoft Security Essentials, or AVG.

descriptionpossible virtumonde virus EmptyRe: possible virtumonde virus

more_horiz
Hi.

Remove one or the other, having 2 Avs is not good on your computer.

Not sure on MSE, but to disable AVG just click on Real-Time Protection and turn it off.

descriptionpossible virtumonde virus EmptyRe: possible virtumonde virus

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum