Skip to content


Reply
Stone Esquire
johngalt1836
Posts: 4
Registered: ‎12-21-2011
Accepted Solution

Win 7 Antispyware 2012 virus- Help

[ Edited ]

Need help removing the above virus.  Rebooted and entered safe mode with networking and still get the popups and sometimes blocks any further work online.  Ran the av removal but not sure it worked and no change in the popups.

 

Attached is the Hijack this log.  Thanks 

Please use plain text.
Legendary Emissary
malwarekiller
Posts: 3,925
Registered: ‎08-08-2011

Re: Win 7 Antispyware 2012 virus- Help

[ Edited ]

Welcome aboard! Posted Image


Please download RKILL from the following locations. Please note that the other filenames below are RKill as well, just renamed in order to allow it run by certain malware. SPECIAL THANKS TO BLEEPINGCOMPUTERS.

RKill.com Download Link

When RKill is run it will display a console screen similar to the one below:



 

That console screen will continue to run until it RKill has finished. Once finished, the box will close and a log will be displayed showing all of the processes that were terminated by RKill and while RKill was running.

Note:Rkill only terminates malicious rougue processes temporarily enabling to run other tools.

Then it will display a log copy and paste it here on next reply. 

 

NEXT


Download ComboFix from the any of the locations given in this website:

    • IMPORTANT !!! You need to Save ComboFix.exe to your Desktop
      • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here
      • Double click on ComboFix.exe & follow the prompts.
      • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
      • If you already have the Recovery Console preinstalled, it will not ask for the following. If it does prompt, allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

      Posted Image

      Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

      Posted Image

      Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.

      When finished, it shall produce a log for you. Please copy & paste the contents of this log (also found at C:\ComboFix.txt) in your next reply at your topic.
—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Stone Esquire
johngalt1836
Posts: 4
Registered: ‎12-21-2011

Re: Win 7 Antispyware 2012 virus- Help

Started computer in Safe mode with networking, then downloaded RKill and ran.   The console screen never appeared and never received the log file.  Should I go ahead with the Combofix steps?

Please use plain text.
Legendary Emissary
malwarekiller
Posts: 3,925
Registered: ‎08-08-2011

Re: Win 7 Antispyware 2012 virus- Help

[ Edited ]

Yes please run combofix and post the log stay in safe mode unless told to boot to normal mode.

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Stone Esquire
johngalt1836
Posts: 4
Registered: ‎12-21-2011

Re: Win 7 Antispyware 2012 virus- Help

OK.  Only way I could get Rkill and Combofix to run was in regular mode.  Never did get the log from Rkill but did get Combofix to run and log is attached.  I think it must have corrected something since no more pop ups from Win 7 Antispyware 2012 so far.  Combofix log is attached.

 

Thanks so much for your help.

Please use plain text.
Legendary Emissary
malwarekiller
Posts: 3,925
Registered: ‎08-08-2011

Re: Win 7 Antispyware 2012 virus- Help

[ Edited ]

Ok..lets bring down the rougue toaster :smileylol:

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

 

NEXT

 

Download the latest version of TDSSKiller from the link below and save it to your Desktop. 
http://support.kaspersky.com/viruses/utility
 
 
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters
     
     
     
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK. 
     
     
     
  • Click the Start Scan button. 
     
     
     
  • If a suspicious object is detected, the default action will be Skip, click on Continue
     
     
     
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process. 
     
     
     
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Stone Esquire
johngalt1836
Posts: 4
Registered: ‎12-21-2011

Re: Win 7 Antispyware 2012 virus- Help

Okay, ran the MBAM and the TDSSKiller.  MBAM found two items requiring removal and TDSSKiller didn't find anything.  The logs for each are attached.  Can't tell you how much I appreciate your help on this. 

 

What is your recommendation on how to prevent this type of virus from getting throught the antivirus software.  Do I need to add Webroot or some other program?

 

Again, thanks so very much and have a wonderful Christmas

Please use plain text.
Legendary Emissary
malwarekiller
Posts: 3,925
Registered: ‎08-08-2011

Re: Win 7 Antispyware 2012 virus- Help

[ Edited ]

Well,

 subject to no further problems?

your computer is clean.

Now let me do some tune-ups.

 



Mark this topic as solved...use the options tab of your topic to do so.

 

Remove combofix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall(Notice the space between the "x" and "/") then click OK
    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled


For the first run I would recommend a boot defrag and disk check 



Download and run Puran Disc Defragmenter

 



 

 Run OTL

download link:

http://www.geekstogo.com/forum/files/file/398-otl-​oldtimers-list-it/

  • Under theCustom Scans/Fixes box at the bottom, paste in the following
  • 
  • Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

 


 
 Malwarebytes.  Update and run it today also i recommend to run it weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. 

Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

  • Go to this site  and click Do I have Java
  • It will check your current version and then offer to update to the latest version



To manually create a new Restore Point
 

  • Go to Control Panel and select System 
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom 
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones

  • GoStart > All programs > Accessories > system tools 
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one 
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up 
  • Select OK
  • Select Delete.

 

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

 

I recommend comodo firewall with defence+ as  a second line of defence here is the link to it:

http://personalfirewall.comodo.com/free-download.html?key5sk1=eef8d74d5ea6733f9a865540f0b8c46af1681e...

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide  How did I get infected in the first place ?

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.