WiredWX Hobby Weather ToolsLog in

 


descriptionw32 blaster child-porn proxyserver worm Emptyw32 blaster child-porn proxyserver worm

more_horiz
HI guys, yes my sons pc has the w32 blaster child-porn proxyserver worm. he is running windows 7 and google chrome browser. it is a gaming pc with 8gb ram asus motherboard. this looks like a nasty one and any and all help would be greatly appreciated. he cant connect to the internet also

descriptionw32 blaster child-porn proxyserver worm EmptyRe: w32 blaster child-porn proxyserver worm

more_horiz
Hi there starwalker98!

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:
  • Whilst I´m helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  • Feel free to ask questions! Especially if my instructions are not clear. I´m here to help, not confuse you.
  • I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  • Stick with me till the end. If your computer starts running better, doesn´t mean it is clean yet!

====================

Hopefully you have access to a clean computer to download the tools we need and transfer them to the problem PC with a USB memory stick. If that is so, please proceed with the following:

Please download OTL by OldTimer from here and save it to your desktop.
  • Close all windows and double click OTL.exe.
  • The Extra Registry setting should be Use Safelist
  • Copy and paste the following text into the Custom Scans/Fixes box:

Code:

%APPDATA%\Microsoft\*.*
%systemroot%\system32\config\systemprofile\*.dat /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\winn32\*.*
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%PROGRAMFILES%\Mozilla Firefox\*.exe
%ProgramFiles%\TinyProxy.
%systemroot%\system32\*.* /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.* /lockedfiles
%PROGRAMFILES%\*.
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
netlogon.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
disk.sys
explorer.exe
userinit.exe
winlogon.exe
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs

  • Click the Run Scan button and allow it to run.
  • It will produce two logs for you, OTL.txt and Extras.txt. Please post both logs in this thread.
  • You may need multiple posts to get it all.

descriptionw32 blaster child-porn proxyserver worm EmptyRe: w32 blaster child-porn proxyserver worm

more_horiz
thank you gabethebabe,
yes i have a clean pc. after i download oldtimer then click otl.exe. at which time in this process will i download this to the infected pc? thank you

descriptionw32 blaster child-porn proxyserver worm EmptyRe: w32 blaster child-porn proxyserver worm

more_horiz
After you downloaded OTL.exe, move it with the USB stick and copy it to the desktop of the problem computer and run it. Copy the logs back to your USB drive, move them to the clean computer and post them here.

Might be a good idea to first immunize the USB drive that your are using before doing this, to make sure you don´t infect your clean computer:

Please download Flash_Disinfector by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run the tool
  • When requested, insert the USB flash disk(s) you want to to immunize/disinfect
  • Hold down the Shift key when inserting the drive(s) until Windows detects the drive
  • Click OK to start the disinfection process
  • Repeat running Flash_Disinfector.exe for every flash drive you wish to immunize.
  • Reboot your computer when done.

Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that you choose to disinfect. Do not delete that folder!


descriptionw32 blaster child-porn proxyserver worm Emptyporn worm

more_horiz
Hi Gabe,
we decided to just reformat his pcas he said he has nothing on it, had i known that, i wouldnt have bothered you. thank you for your time, and sorry to bother you.
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum