WiredWX Hobby Weather ToolsLog in

 


System Recovery Virus

2 posters

descriptionSystem Recovery Virus - Page 2 EmptyRe: System Recovery Virus

more_horiz
Okay leave ESET for now, how is the machine running overall?

descriptionSystem Recovery Virus - Page 2 EmptyRe: System Recovery Virus

more_horiz
Thank you for your help.

The virus pop ups have stopped and my icons have reappeared on the desktop, although not the wallpaper. All my program files are showing empty from the start menu and the icons are still missing from the quick launch bar. Does this mean they are still hidden due to the virus or could they have been wiped?

I am also still logging in via safe mode with networking as the internet crashes otherwise.

Regards,
Carol

descriptionSystem Recovery Virus - Page 2 EmptyRe: System Recovery Virus

more_horiz
Hi,

Is there anything further I can do?

Regards,
Carol

descriptionSystem Recovery Virus - Page 2 EmptyRe: System Recovery Virus

more_horiz
Hmm, please re-run Combofix, I want to check something.

descriptionSystem Recovery Virus - Page 2 EmptyRe: System Recovery Virus

more_horiz
Hi Belahzur,

I have re-run Combofix. Here is the report.

Regards,
Carol

ComboFix 11-09-27.01 - Carol 27/09/2011 20:16:18.2.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.668 [GMT 1:00]
Running from: c:\documents and settings\Carol\Desktop\PCHelpForum.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\d3d9caps.dat
H:\Setup.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.ipsec
.
.
((((((((((((((((((((((((( Files Created from 2011-08-27 to 2011-09-27 )))))))))))))))))))))))))))))))
.
.
2011-09-13 22:17 . 2011-09-13 22:17 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-09-13 22:17 . 2011-09-13 22:17 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-09-05 22:38 . 2011-07-06 18:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-05 22:38 . 2011-07-06 18:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-05 21:41 . 2011-09-05 21:38 1008092 ----a-w- C:\rkill.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:17 . 2005-08-16 04:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-23 19:37 . 2011-06-04 09:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 13:29 . 2007-01-29 17:54 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 10:20 . 2011-07-12 10:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 10:20 . 2011-07-12 10:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-08 14:02 . 2005-08-16 04:18 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 17:37 . 2011-07-05 17:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 17:37 . 2011-07-05 17:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2007-08-31 18:57 . 2007-08-31 18:57 411248 ----a-w- c:\program files\FLV PlayerRCSetup.exe
2007-01-31 18:03 . 2007-01-31 18:03 84961 ----a-w- c:\program files\iTunesSetup.exe
2011-08-12 06:12 . 2011-08-23 19:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-26 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-06-18 671608]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 71008]
"HostManager"="c:\program files\Common Files\AOL\1170957951\ee\AOLSoftware.exe" [2006-11-17 50736]
"MediaFace Integration"="c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe" [2003-08-18 53248]
"Lexmark 3100 Series"="c:\program files\Lexmark 3100 Series\lxbrbmgr.exe" [2003-09-04 106496]
"LXBRKsk"="c:\progra~1\LEXMAR~1\LXBRKsk.exe" [2003-06-13 294912]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-07-13 1312384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Carol\Start Menu\Programs\Startup\
BBC iPlayer Desktop.lnk - i:\bbc iplayer\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [N/A]
Seagate 2GHKV9G4 Product Registration.lnk - c:\documents and settings\Carol\Application Data\Leadertech\PowerRegister\Seagate 2GHKV9G4 Product Registration.exe [2010-5-1 1731736]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1170957951\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
.
R0 Sahara;Sahara;c:\windows\system32\drivers\Sahara.sys [28/02/2011 23:33 166912]
R0 Salvador;Salvador;c:\windows\system32\drivers\Salvador.sys [28/02/2011 23:33 52480]
R0 Scarlet;Scarlet;c:\windows\system32\drivers\Scarlet.sys [28/02/2011 23:33 33792]
R0 Sidney;Sidney;c:\windows\system32\drivers\Sidney.sys [28/02/2011 23:33 116480]
R0 Spfd;Spfd;c:\windows\system32\drivers\Spfd.sys [28/02/2011 23:33 29056]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [04/08/2010 10:37 89368]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [04/08/2010 10:37 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [04/08/2010 10:37 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [04/08/2010 10:37 148520]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [04/08/2010 10:37 337912]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [04/08/2010 10:37 83688]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?]
S0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [22/06/2011 18:01 56336]
S1 RapportCerberus_29574;RapportCerberus_29574;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys [17/08/2011 18:58 216912]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [21/08/2011 10:00 70416]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [21/08/2011 10:00 161936]
S2 gupdate1c9c6a97f4244;Google Update Service (gupdate1c9c6a97f4244);c:\program files\Google\Update\GoogleUpdate.exe [26/04/2009 20:55 133104]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [05/09/2011 23:38 366640]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [03/03/2010 21:26 88176]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [04/08/2010 10:37 214904]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [21/08/2011 10:00 919352]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [04/08/2010 10:37 57432]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26/04/2009 20:55 133104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [05/09/2011 23:38 22712]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [05/09/2011 23:38 41272]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 13:49 227232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [04/08/2010 10:37 83688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [04/08/2010 10:37 85984]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [01/09/2007 21:17 47360]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2011-07-21 c:\windows\Tasks\expressburnSevenDays.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2011-07-21 16:55]
.
2011-07-24 c:\windows\Tasks\expressburnShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2011-07-21 16:55]
.
2011-07-13 c:\windows\Tasks\expressripDowngrade.job
- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2011-07-21 16:55]
.
2011-07-21 c:\windows\Tasks\expressripSevenDays.job
- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2011-07-21 16:55]
.
2011-07-24 c:\windows\Tasks\expressripShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2011-07-21 16:55]
.
2011-09-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-28 19:53]
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-26 19:55]
.
2011-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-26 19:55]
.
2011-07-21 c:\windows\Tasks\mixpadSevenDays.job
- c:\program files\NCH Software\MixPad\mixpad.exe [2011-07-21 17:07]
.
2011-07-24 c:\windows\Tasks\mixpadShakeIcon.job
- c:\program files\NCH Software\MixPad\mixpad.exe [2011-07-21 17:07]
.
2011-07-21 c:\windows\Tasks\wavepadDowngrade.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-07-21 16:54]
.
2011-07-21 c:\windows\Tasks\wavepadSevenDays.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-07-21 16:54]
.
2011-07-24 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-07-21 16:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Carol\Application Data\Mozilla\Firefox\Profiles\vugv58cg.default\
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-27 20:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(396)
c:\windows\system32\WININET.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mslbui.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\mcafee.com\agent\mcagent.exe
.
**************************************************************************
.
Completion time: 2011-09-27 20:34:51 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-27 19:34
ComboFix2.txt 2011-09-11 20:48
.
Pre-Run: 30,919,385,088 bytes free
Post-Run: 30,961,352,704 bytes free
.
Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 6E9A1152160280418C016C6407661BD1

descriptionSystem Recovery Virus - Page 2 EmptyRe: System Recovery Virus

more_horiz
Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

descriptionSystem Recovery Virus - Page 2 EmptyRe: System Recovery Virus

more_horiz
I tried to run this before without success. Now I am getting message "Unexpected error 2002"

descriptionSystem Recovery Virus - Page 2 EmptyRe: System Recovery Virus

more_horiz
Hello.

Make sure no proxy is enabled.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Try again, see if you get the same error.

descriptionSystem Recovery Virus - Page 2 EmptyRe: System Recovery Virus

more_horiz
Ok, I tried a few things and eventually uninstalled Firefox as I don't use it, then managed to run ESET.

Here is the log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=0
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=c3d2259e6de8ed499e27f00bbdf014bc
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2011-10-03 06:37:53
# local_time=2011-10-03 07:37:53 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5121 16777190 100 75 3630970 18154935 0 0
# compatibility_mode=8192 67108863 100 0 50113123 50113123 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
esets_scanner_update returned -1 esets_gle=0
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=c3d2259e6de8ed499e27f00bbdf014bc
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-03 06:53:00
# local_time=2011-10-03 07:53:00 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5121 16777190 100 75 3631877 18155842 0 0
# compatibility_mode=8192 67108863 100 0 50114030 50114030 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0

descriptionSystem Recovery Virus - Page 2 EmptyRe: System Recovery Virus

more_horiz
Hello.
Just some old programs to update now.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 9.4.5
    Java(TM) 6 Update 20
    Viewpoint Media Player

Updating Java:

  • Download the latest version of Java SE Runtime Environment (JRE) 7.
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-7-windows-i586.exe that you downloaded to install the newest version.

Please download Firefox 7.0.1 and install it. It will install over version 6.0 you currently have installed, so you won't lose any bookmarked websites.

Then download and install Adobe Reader X

How is the machine running now?

descriptionSystem Recovery Virus - Page 2 EmptyRe: System Recovery Virus

more_horiz
Hello,

I have removed the three programs but, trying to download java to my desktop has failed.

At around 2% the message:
"Internet Explorer cannot download jre-7-windows-i586.exe from download.oracle.com. The connection with the server was reset"

I haven't downloaded Adobe Reader X yet as I wasn't sure if the downloads needed to be done in a specific order.

Firefox... I don't use it so do I need to reinstall it?

Regards,
Carol

descriptionSystem Recovery Virus - Page 2 EmptyRe: System Recovery Virus

more_horiz
Hello.
Hmm, try downloading Java 7 again, could of been a server issue with oracle.

If you don't use Firefox, uninstall it.

You can install Adobe Reader X whenever, they don't need to be done in order.

descriptionSystem Recovery Virus - Page 2 EmptyRe: System Recovery Virus

more_horiz
Oh dear... I've tried to save Java to desktop again and download Adobe but both have failed.

I'm sorry this is proving so much of a problem... is there anything else I can do?

Carol

descriptionSystem Recovery Virus - Page 2 EmptyRe: System Recovery Virus

more_horiz
Hi, I've just tried to log in in safe mode to download and install Java and Adobe but that didn't work either. Internet just hangs - it's not the connection, that's fine.

Do you have any further suggestions or do you think I'm looking at starting from scratch?

Regards,
Carol

descriptionSystem Recovery Virus - Page 2 EmptyRe: System Recovery Virus

more_horiz
Hi,

I know you are busy and I'm sorry to press, but since this problem has been ongoing since 6th September, I'm wondering if it is looking likely that I will have to reinstall the operating system? Or do you have any other suggetions?

You have helped me once before and I will be more than happy to make a donation, but I struggling without the full use of my pc as I sometimes use it for work.

Many thanks,
Carol

descriptionSystem Recovery Virus - Page 2 EmptyRe: System Recovery Virus

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum