PDA

View Full Version : Computers Need serious help - my computer is fucked


OnTheWarpath58
06-27-2010, 11:25 AM
Mods - I know you'd rather have this in the Media Forum, but if you could leave this in the Lounge for a bit I'd appreciate it. I need all the help I can get.

Everything was working fine this AM, and all of a sudden this scan started from "AV Security Suite" saying m computer is infected. I stopped the scan because I don't recall downloading anything called AV Security. AVG scans nightly.

I can't open AVG. I can't open anything. I've tried restarting and using F12 to boot into Safe Mode, and I'm not even given the option.

Literally everything I try to open comes with a prompt that says that the file cannot be opened because it is infected.

I'm fucked. Please help. FWIW, the computer in question is a desktop PC running Vista.

Old Dog
06-27-2010, 11:27 AM
I thought F8 was safe mode?

Bane
06-27-2010, 11:28 AM
I thought F8 was safe mode?

BING BING BING!!!!

OnTheWarpath58
06-27-2010, 11:28 AM
I thought F8 was safe mode?

Yep. I'm an idiot. I just found that out via a google search. Thanks. F2 and F12 were the only options showing, so I assumed F12.

Let's see if I can run AVG from Safe Mode.

digger
06-27-2010, 11:30 AM
Re-format...

notorious
06-27-2010, 11:31 AM
Restore to a previous date is usually my first option.

OnTheWarpath58
06-27-2010, 11:34 AM
Restore to a previous date is usually my first option.

I'm running AVG in Safe Mode as I type.

I was planning on going to the restore point I just created Thursday, but couldn't open Control Panel to get to it.

I'm not very computer savvy, folks - so if the scan doesn't work - could someone walk me through getting to that restore point in Safe Mode?

TIA

CosmicPal
06-27-2010, 11:34 AM
Go to this forum. These guys ROCK! Post your issue on their forum and someone will be able to help you. It's free.

http://forums.techguy.org/

OnTheWarpath58
06-27-2010, 11:40 AM
Fuck.

I may be overreacting, but the scan doesn't appear to be going very well.

c:\boot\bcd locked file. not tested
c:\boot\bcd.log locked file. not tested.
c:\documents and settings\ locked file. not tested.
c:\pagefile.sys locked file. not tested.

Currently scanning program files.

Over-Head
06-27-2010, 11:41 AM
Pour antifreeze in the cup holder thingy that slides out of the tower :thumb:

MeatRock
06-27-2010, 11:43 AM
Download Combofix and run it. It will remove the virus and reset your comp clock and such. Just google combofix, i have had similar experiences with bogus antivirus virus programs that pop up from out of nowhere. I believe the virus also has a key logger with it to track personal info.

Hope this helps.

MeatRock
06-27-2010, 11:47 AM
Also a regular everyday freeware antivirus program will not remove the virus. I have tried everything and the only thing that seems to work on the bogus antivirus virus is combofix.

bevischief
06-27-2010, 12:01 PM
Combofix is the only way to go. Might have to download it on another PC and copy it over.

OnTheWarpath58
06-27-2010, 12:04 PM
Combofix is the only way to go. Might have to download it on another PC and copy it over.

My only other computer is a Macbook. That's what I'm using now.

Can I download on the PC in Safe Mode?

Gonzo
06-27-2010, 12:05 PM
Kick it?
Posted via Mobile Device

CosmicPal
06-27-2010, 12:07 PM
What OS are you running?

OnTheWarpath58
06-27-2010, 12:08 PM
Kick it?
Posted via Mobile Device

Trust me, I'd fucking love to.

Fuck Microsoft. Fuck Windows. Fuck Vista. Fuck shit like this happening too fucking often.

I've had my Macbook for 4 years, and never had a problem, other than replacing the battery.

OnTheWarpath58
06-27-2010, 12:08 PM
What OS are you running?

Vista.

CosmicPal
06-27-2010, 12:11 PM
Vista.

The first thing you need to do is to set a restore point. Preferably, a week past. If you haven't downloaded anything this week that is important, then restore your computer to a week ago. Do NOT restore it to yesterday or 48 hours ago.

If you have an external hard-drive, I'd save whatever you can to that.

Sure-Oz
06-27-2010, 12:11 PM
What does combofix do? does it erase everything or just remove the spyware/malware and virus shit?

ive never had problem this severe, just curious.

OnTheWarpath58
06-27-2010, 12:13 PM
The first thing you need to do is to set a restore point. Preferably, a week past. If you haven't downloaded anything this week that is important, then restore your computer to a week ago. Do NOT restore it to yesterday or 48 hours ago.

I actually backed up all my files and set a restore point on either Wednesday or Thursday, because I was going to upgrade to W7, and never got around to it.

Can I get to that restore point in Safe Mode?

FWIW, AVG is still scanning, so I'll have to wait for it to finish.

pr_capone
06-27-2010, 12:13 PM
download and install. run a full scan. this program has been my go to for years now.

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

AV Security is a junk virus program that wants you to pay in order to remove "viruses" that are installed in your system. malwarebytes should squash that no problem.

/work in tech support
//deal with this issue on a near daily basis

bevischief
06-27-2010, 12:14 PM
What does combofix do? does it erase everything or just remove the spyware/malware and virus shit?

ive never had problem this severe, just curious.

just remove the spyware/malware and virus shit.

I have used twice now.

MeatRock
06-27-2010, 12:15 PM
You can try to restore it, but the virus will still be there. Trust me on this, it has happened to me. I think you might be able to download Combofix in safe mode, because the program will boot you into safe mode when it runs. If i remember this process correctly. Try it and see if it will let you.

bevischief
06-27-2010, 12:15 PM
This was below was posted before:
ttp://www.chiefsplanet.com/BB/showthread.php?t=214468&highlight=virus&page=3

first off, you need to uninstall that AVG trash(and any other anti-virus or monitor)and run the Gauntlet.
Behold, Combofix:
http://www.bleepingcomputer.com/comb...o-use-combofix

**** the instructions, SAVE the download(don't run), and make sure ALL anti-virus or malware monitors are DISENGAGED before running.

Once that's done, get the REAL DEAL in Maintenance. These apps kick ass and are FAST.

Behold, IOBIT:
http://download.cnet.com/1770-20_4-0...form%3DWindows

Download the first three. Install and run the maintenance suite first( the blue one ).

Then install the security program( the red one )and run a full scan.
(Get Reminderfox, and set to remind you once a day to do the 'quick scan')

Then install the Defrag program and follow it's instructions.

Then get this:

http://download.cnet.com/Avira-AntiV...html?tag=mncol

This program ****s AVG in the ass, and you only have to run it once a week once you do the initial full-system scan. And you can schedule this program.

(renamed it alg.exe)

Paragon backup

http://www.elitekiller.com/malware.htm

http://www.malwarebytes.org/

Sure-Oz
06-27-2010, 12:15 PM
just remove the spyware/malware and virus shit.

I have used twice now.

It doesn't change any settings or actually wipe the pc right? so is it only used when you are just totally fucked and the virus scanner/antispyware-malware programs dont load or catch the problem?

MeatRock
06-27-2010, 12:17 PM
I have malwarebytes as well and the only thing that stops this bogus antivirus from popping back up again seems to be combofix. I was down for 2 weeks before i found a forum on the net that directed me to the program.

Sure-Oz
06-27-2010, 12:17 PM
I use malwarebytes, avast antivirus and spybot s&d weekly

I heard avira is real good too but avast works fine for me

OnTheWarpath58
06-27-2010, 12:18 PM
download and install. run a full scan. this program has been my go to for years now.

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

AV Security is a junk virus program that wants you to pay in order to remove "viruses" that are installed in your system. malwarebytes should squash that no problem.

/work in tech support
//deal with this issue on a near daily basis

Regardless of whether I use Combofix or Malwarebyes, can I download in Safe Mode?

bevischief
06-27-2010, 12:18 PM
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

MeatRock
06-27-2010, 12:18 PM
No it will not delete files or wipe out the pc. It will remove infections from the files they are in.

Sure-Oz
06-27-2010, 12:20 PM
No it will not delete files or wipe out the pc. It will remove infections from the files they are in.

Thanks, ive saved the link for that in future use if i ever need it.

CosmicPal
06-27-2010, 12:21 PM
I actually backed up all my files and set a restore point on either Wednesday or Thursday, because I was going to upgrade to W7, and never got around to it.

Can I get to that restore point in Safe Mode?

FWIW, AVG is still scanning, so I'll have to wait for it to finish.

Yeah, but if you have a faux scanner running this morning, your earlier restoration didn't remove any possible trojan you might have.

After completing the full scan, you should run a root file and copy the txt and PM it to me and I can see if you have a trojan on your computer from the root scan. But, it's fairly easy to see for yourself, because the root scan will not only show the trojan, but what exact trojan you will have.

Bowser
06-27-2010, 12:22 PM
Not to hijack OTWP's thread, but has anyone ever heard of File Cure? Bogus, I'm assuming, and should be removed?

MeatRock
06-27-2010, 12:23 PM
Try downloading it in safe mode. I think you can, but im not 100% sure.

CosmicPal
06-27-2010, 12:23 PM
Regardless of whether I use Combofix or Malwarebyes, can I download in Safe Mode?

Safe Mode doesn't allow you to use Network settings, therefore, you cannot download in Safe Mode.

pr_capone
06-27-2010, 12:23 PM
Regardless of whether I use Combofix or Malwarebyes, can I download in Safe Mode?

yes, as long as you do SafeMode with Networking.

If you can access the net while in safe mode, you should be good to go

OnTheWarpath58
06-27-2010, 12:24 PM
Yeah, but if you have a faux scanner running this morning, your earlier restoration didn't remove any possible trojan you might have.

After completing the full scan, you should run a root file and copy the txt and PM it to me and I can see if you have a trojan on your computer from the root scan. But, it's fairly easy to see for yourself, because the root scan will not only show the trojan, but what exact trojan you will have.

It's still scanning. Will it ask me to run a root file? I'm telling you, I'm a tech-idiot. You guys are going to get some really stupid questions.

OnTheWarpath58
06-27-2010, 12:25 PM
Safe Mode doesn't allow you to use Network settings, therefore, you cannot download in Safe Mode.

yes, as long as you do SafeMode with Networking.

If you can access the net while in safe mode, you should be good to go

Which is it, fellas?
:D

pr_capone
06-27-2010, 12:26 PM
Safe Mode doesn't allow you to use Network settings, therefore, you cannot download in Safe Mode.

yes you can.

http://www.mattiasgeniar.be/wp-content/uploads/2008/11/avgprobleem_01.jpg

MeatRock
06-27-2010, 12:26 PM
File Cure has actually corrupted files before on my computer before, so from experience no i would not use File Cure.

OnTheWarpath58
06-27-2010, 12:28 PM
Interesting.

The only line from the AVG scan thus far that hasn't ended with "locked file. not tested":

c:\windows\system32\drivers\netbt.sys Virus identified Win32/patched.DX

This mean anything to anyone?

CosmicPal
06-27-2010, 12:29 PM
yes you can.

http://www.mattiasgeniar.be/wp-content/uploads/2008/11/avgprobleem_01.jpg

Well, he's using Vista. I thought Vista had some funky thing with their Safe Mode.

pr_capone
06-27-2010, 12:30 PM
Interesting.

The only line from the AVG scan thus far that hasn't ended with "locked file. not tested":

c:\windows\system32\drivers\netbt.sys Virus identified Win32/patched.DX

This mean anything to anyone?

not off hand

pr_capone
06-27-2010, 12:31 PM
Well, he's using Vista. I thought Vista had some funky thing with their Safe Mode.

Not that I know of. Granted, I used Vista for all of 30 days before going back to XP and eventually moving on to 7 which still does the safe mode with networking.

Nope, just did a goodle seatch, Vista should give the same options.

MeatRock
06-27-2010, 12:31 PM
Thats the thing though OTWP, there very well could be multiple viruses running on your comp and AVG caught one of them.

OnTheWarpath58
06-27-2010, 12:31 PM
Next question:

I'm currently in just regular Safe Mode.

How am I going to be able to copy the text of the root file and PM it to Cosmic?

I can't use the internet in regular safe mode, can I?

pr_capone
06-27-2010, 12:32 PM
Next question:

I'm currently in just regular Safe Mode.

How am I going to be able to copy the text of the root file and PM it to Cosmic?

I can't use the internet in regular safe mode, can I?

nope. you need to reboot and go back into safe mode with networking

OnTheWarpath58
06-27-2010, 12:32 PM
Not that I know of. Granted, I used Vista for all of 30 days before going back to XP and eventually moving on to 7 which still does the safe mode with networking.

Nope, just did a goodle seatch, Vista should give the same options.

I had the "safe mode with networking" option earlier - I just chose not to use it, because I didn't know if I should.

OnTheWarpath58
06-27-2010, 12:33 PM
nope. you need to reboot and go back into safe mode with networking

So, will the "copy" of the root file still be available?

Fuck, I don't even know what a root file is, or how to run one.

LMAO

THIS FUCKING SUCKS.

CosmicPal
06-27-2010, 12:34 PM
Interesting.

The only line from the AVG scan thus far that hasn't ended with "locked file. not tested":

c:\windows\system32\drivers\netbt.sys Virus identified Win32/patched.DX

This mean anything to anyone?

It means your system file is infected.

Honestly, I'd go to the tech support forum I suggested earlier: post your OS info, a copy of AVG result, and what issues you are having. They'll be able to assist you better than we can.

In the meantime, I wouldn't remove it, it might render your PC unusable.

MeatRock
06-27-2010, 12:34 PM
Good advice from capone. Get into safe mode with networking and download combofix and your problems will be over.

Fritz88
06-27-2010, 12:34 PM
Sorry, can't get around to helping. But don't connect a HD to this PC. The infection can easily transfer to that HD unless you are connecting an iPod, a phone or anything that is not windows.

Fuck AVG. Switch to Kaspersky and W7 after this.

Sure-Oz
06-27-2010, 12:35 PM
Why not run that combofix that people have been suggesting?

OnTheWarpath58
06-27-2010, 12:36 PM
Why not run that combofix that people have been suggesting?

AVG is STILL scanning.

When it's done, I'll likely do just that, especially if I'm going to lose my copy/paste when I reboot in safemode/networking.

OnTheWarpath58
06-27-2010, 12:38 PM
Sorry, can't get around to helping. But don't connect a HD to this PC. The infection can easily transfer to that HD unless you are connecting an iPod, a phone or anything that is not windows.

Fuck AVG. Switch to Kaspersky and W7 after this.

My W7 disk is in the mail. Just waiting.

I wanted to just do the download, but was told that I couldn't upgrade from my version of Vista without the disk.

CosmicPal
06-27-2010, 12:38 PM
OTW, this is the rootkit I'm referring to.

After restoring to an earlier date, if you're still having issues, download this and you will see if you have a trojan or not.

http://sites.google.com/site/rootrepeal/

dirk digler
06-27-2010, 12:41 PM
As capone suggested malwarebytes is the best to fix this problem along with combofix.

OnTheWarpath58
06-27-2010, 12:42 PM
OTW, this is the rootkit I'm referring to.

After restoring to an earlier date, if you're still having issues, download this and you will see if you have a trojan or not.

http://sites.google.com/site/rootrepeal/

Ah. Got it. So after the AVG scan, I can reboot in safemode/networking and jump on CP, and click that link?

OnTheWarpath58
06-27-2010, 12:43 PM
Got another "patched.DX" line - but pretty long - not worth typing out.

OnTheWarpath58
06-27-2010, 12:44 PM
Many thanks to all of you for your help thus far.

MeatRock
06-27-2010, 12:44 PM
The thing about this virus is, is that some antivirus programs will remove viruses from your comp, but will not remove the worm that is sending these viruses through.

So if you find viruses with regular antivirus programs and remove them, the worm is still there and the bogus antivirus WILL pop back up again later.

MeatRock
06-27-2010, 12:45 PM
Combofix kills it.

Sure-Oz
06-27-2010, 12:46 PM
Hope to hear this combofix thing gets you back and running OTWP

OnTheWarpath58
06-27-2010, 12:47 PM
I understand.

So is there any reason to continue the AVG scan, or have I just wasted my time?

And how to I stop the scan, assuming you guys suggest that I should?

mrbiggz
06-27-2010, 12:47 PM
Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore. System Restore starts.
On the Welcome to System Restore page, click Restore my computer to an earlier time (if it is not already selected), and then click Next.
On the Select a Restore Point page, click the most recent system restore point in the On this list, click a restore point list, and then click Next.

Note A System Restore message may appear that lists configuration changes that System Restore will make. Click OK.
On the Confirm Restore Point Selection page, click Next. System Restore restores the previous Windows XP configuration, and then restarts the computer.
Log on to the computer as Administrator. The System Restore Restoration Complete page is displayed.
Click OK.

After you do that then go and download Temp File Cleaner at http://www.geekstogo.com/forum/TFC-Temp-File-Cleaner-OldTimer-file187.html

Then run whatever AV scanner you have along with Malwarebytes at http://majorgeeks.com/download.php?det=5756

Use the system restore to go back a few days to let's say, atleast Friday. The TFC will remove all places the virus/spyware would hide. Malware bytes will get rid of any remnants that the first two didn't get. I'd also recommend the combofix too but alot of spyware virus's do something to not allow it to run. You can still run it at any point after the System Restore.

The Idea behind using multiple applications and utlities is to get things off the system that may have been missed by the others.

OnTheWarpath58
06-27-2010, 12:48 PM
Hope to hear this combofix thing gets you back and running OTWP

Me too, man. Thanks.

Mrs. OTW58 had some work to do from home today, and before she started, this happened - so she had to drive downtown to the office to get it done.

She works from home a lot, so I need to get this thing up and running ASAP.

MeatRock
06-27-2010, 12:50 PM
You can stop the scan by canceling it, i believe it says cancel scan. Or you can ride it out remove a virus that it caught. Then download the program.

MeatRock
06-27-2010, 12:51 PM
System restore will not affect the worm.

dirk digler
06-27-2010, 12:54 PM
Me too, man. Thanks.

Mrs. OTW58 had some work to do from home today, and before she started, this happened - so she had to drive downtown to the office to get it done.

She works from home a lot, so I need to get this thing up and running ASAP.

You need to make her happy because obviously she is looking at porn sites with viruses on them. :)

WilliamTheIrish
06-27-2010, 12:54 PM
OTW,

I had that very nasty little fuck of a virus. I went over every line of code for 8 hours. And in the end I kicked that POS off my computer.

Then just for fun I reformatted and reloaded. Should have done that first. Took less time.

But my six year old Toshiba laptop is running like a dream. And if it happens again, I'll reformat again.

MeatRock
06-27-2010, 12:54 PM
You need to remove the worm or it could result in hardware failure down the road.

OnTheWarpath58
06-27-2010, 12:54 PM
You can stop the scan by canceling it, i believe it says cancel scan. Or you can ride it out remove a virus that it caught. Then download the program.

No cancel scan option. I figure I can just click the "Close" X and cancel it that way.

At this point, I've already wasted over a fucking hour on this scan, I might as well see it through and then reboot - unless you guys think that's pointless.

MeatRock
06-27-2010, 12:56 PM
Did any of ya open any e-mails recently?

OnTheWarpath58
06-27-2010, 12:57 PM
OTW,

I had that very nasty little fuck of a virus. I went over every line of code for 8 hours. And in the end I kicked that POS off my computer.

Then just for fun I reformatted and reloaded. Should have done that first. Took less time.

But my six year old Toshiba laptop is running like a dream. And if it happens again, I'll reformat again.

I'm not sure how comfortable I'd be reformatting and reloading. I've backed up all my files, but let's just say that I'd lose a lot of software. And it would take forever to re-install the "other" programs.

I'll absolutely do it if I have to, however.

OnTheWarpath58
06-27-2010, 12:58 PM
Did any of ya open any e-mails recently?

Nope.

I never check e-mail on the PC - all of my e-mail is sent to my iPhone.

OnTheWarpath58
06-27-2010, 12:59 PM
I was gone all day yesterday, so I went to check the mail hoping that the W7 disk had arrived.

No such luck.

WilliamTheIrish
06-27-2010, 12:59 PM
I'm not sure how comfortable I'd be reformatting and reloading. I've backed up all my files, but let's just say that I'd lose a lot of software. And it would take forever to re-install the "other" programs.

I'll absolutely do it if I have to, however.

I didn't have anything real important on it to begin with. But now that I've done it, I'd do it again in a heartbeat.

It's that simple.

MeatRock
06-27-2010, 01:01 PM
Just wondering, cause if AVG caught 2 viruses already, i guarentee there is a worm sending more through. Damn freeware antivirus programs hardly ever catch anything.

dirk digler
06-27-2010, 01:03 PM
OTW do you have another PC in your house? If you do you could use a USB stick to download Malwarebytes and combofix and whatever else and then plug it in your infected system.

OnTheWarpath58
06-27-2010, 01:03 PM
Just wondering, cause if AVG caught 2 viruses already, i guarentee there is a worm sending more through. Damn freeware antivirus programs hardly ever catch anything.

It's been good to me, though I guess I could have just been lucky.

I know I'll likely get a handful of different answers, but what protection software do you guys recommend?

I want the best I can get for under $100.

MeatRock
06-27-2010, 01:06 PM
If you do have problems getting to the combofix download site and the internet on the infected computer redirects you to a bogus site every time, just download it to a zip drive from your mac and put it in your usb port and run it off of there.

OnTheWarpath58
06-27-2010, 01:06 PM
OTW do you have another PC in your house? If you do you could use a USB stick to download Malwarebytes and combofix and whatever else and then plug it in your infected system.

Nope.

Only other computer is the one I'm currently using to post in this thread - a Macbook.

And not to turn this into a PC v. Apple war, but I knew I should have spent the extra cash and bought that fucking 27" IMAC when I had the chance.

MeatRock
06-27-2010, 01:07 PM
lol Dirk beat me to it.

OnTheWarpath58
06-27-2010, 01:07 PM
OK, the AVG scan is done.

I'm rebooting into safemode/networking.

dirk digler
06-27-2010, 01:07 PM
It's been good to me, though I guess I could have just been lucky.

I know I'll likely get a handful of different answers, but what protection software do you guys recommend?

I want the best I can get for under $100.

I wouldn't ever pay for any anti-virus for my home PC. I know alot of people have had success with Avast and there is a several other free ones that do a good job. The paid ones like Norton and McAfee suck ass.

Fish
06-27-2010, 01:08 PM
Do you have a flash drive anywhere handy? That's a nice handy tool to have in this situation. You can download the setup files for Windows applications on your Mac, put the setup file on the flash drive, and then plug the flash drive into your PC and run the setup from there in Safe Mode. That's how I'd get removal programs on there.

And stick with Malwarebytes. Combofix isn't the end all fix that it's being toted as in this thread. And Combofix only scans for spyware and malware. If you've got other bad elements on the machine, Combofix would not even scan for them. You need scan with several different types of scanners.

I'd put a flash drive in your Mac, go download the latest Windows version of Malwarebytes, copy it to the flash drive, boot the PC into Safe Mode, transfer setup file to PC. Run Malwarebytes. That will get rid of the Fake AV program. Then you'll probably need to fix some extension issues, which can be done easily with a .reg file. I can show you exactly how to do that if you need.

dirk digler
06-27-2010, 01:09 PM
Nope.

Only other computer is the one I'm currently using to post in this thread - a Macbook.

And not to turn this into a PC v. Apple war, but I knew I should have spent the extra cash and bought that fucking 27" IMAC when I had the chance.

That would work as long as its got a USB port on it and you have a USB key.

MeatRock
06-27-2010, 01:09 PM
Norton does suck ass cause it takes up to much internal memory for BS useless additional programs that you dont use. McAfee is not as bad though.

OnTheWarpath58
06-27-2010, 01:09 PM
I wouldn't ever pay for any anti-virus for my home PC. I know alot of people have had success with Avast and there is a several other free ones that do a good job. The paid ones like Norton and McAfee suck ass.

I've always felt the same way, and heard good things about AVG.

But I'd rather pay than go through this shit.

I've seen Kapersky mentioned here before - it's pay software, right?

MeatRock
06-27-2010, 01:10 PM
And combofix does actually scan for viruses Fish not just spyware and malware.

OnTheWarpath58
06-27-2010, 01:11 PM
Sweet.

I'm posting from the "infected" PC in safemode with networking.

So just download malwarebytes and do a full scan?

Sure-Oz
06-27-2010, 01:12 PM
AVG sucks compared to Avast, i switched both my pc's to avast after hearing that and have had zero issues and its live shield found stuff and wiped it/blocked immediately

WilliamTheIrish
06-27-2010, 01:12 PM
I've always felt the same way, and heard good things about AVG.

But I'd rather pay than go through this shit.

I've seen Kapersky mentioned here before - it's pay software, right?

Kaspersky does seem to be the standard for pay AV software.

Sure-Oz
06-27-2010, 01:12 PM
Sweet.

I'm posting from the "infected" PC in safemode with networking.

So just download malwarebytes and do a full scan?

Start with that, ive had good luck with malwarebytes

MeatRock
06-27-2010, 01:13 PM
It says malware and spyware scanner but it will detect and remove viruses. Run it and watch the log files.

OnTheWarpath58
06-27-2010, 01:14 PM
Start with that, ive had good luck with malwarebytes

Anyone else?

I'd prefer to get a bit of a consensus before doing anything from this point on.

dirk digler
06-27-2010, 01:14 PM
Norton does suck ass cause it takes up to much internal memory for BS useless additional programs that you dont use. McAfee is not as bad though.

I wouldn't touch McAfee either after that whole debacle with their update fucking up PC's.

I've always felt the same way, and heard good things about AVG.

But I'd rather pay than go through this shit.

I've seen Kapersky mentioned here before - it's pay software, right?

I thought Kapersky was free but now I see you have to pay for it. That sucks.

I use Microsoft Security Essentials, make sure my PC is fully updated and I always use Firefox. Along with just being diligent on not downloading or installing anything suspicious.

MeatRock
06-27-2010, 01:14 PM
Run both

dirk digler
06-27-2010, 01:15 PM
Anyone else?

I'd prefer to get a bit of a consensus before doing anything from this point on.

Definitely. Malwarebytes works great.

OnTheWarpath58
06-27-2010, 01:16 PM
Do you have a flash drive anywhere handy? That's a nice handy tool to have in this situation. You can download the setup files for Windows applications on your Mac, put the setup file on the flash drive, and then plug the flash drive into your PC and run the setup from there in Safe Mode. That's how I'd get removal programs on there.

And stick with Malwarebytes. Combofix isn't the end all fix that it's being toted as in this thread. And Combofix only scans for spyware and malware. If you've got other bad elements on the machine, Combofix would not even scan for them. You need scan with several different types of scanners.

I'd put a flash drive in your Mac, go download the latest Windows version of Malwarebytes, copy it to the flash drive, boot the PC into Safe Mode, transfer setup file to PC. Run Malwarebytes. That will get rid of the Fake AV program. Then you'll probably need to fix some extension issues, which can be done easily with a .reg file. I can show you exactly how to do that if you need.

I have a flash drive available.

Should I go this route, or is it OK to go ahead and download since I'm able to boot into safe mode with networking?

OnTheWarpath58
06-27-2010, 01:19 PM
OK. Downloaded and installed Malwarebyes.

You guys said "full scan", right?

Fish
06-27-2010, 01:19 PM
Kapersky is one of the best you can get. Panda is good too.

Avast is probably the best of the free ones.

That said, none of them are likely to catch this particular fake AV bug. We use Microsoft Forefront at work, which allows you to combine multiple virus engines and use them all at the same time. Kinda like running Kapersky, Panda, and Avast all at the same time. It even has trouble catching this bug.

A good line of defense against this type of thing is the Pro version of Malwarebytes. It has an active scanner in it, which the free version doesn't have. The free version only works when you're running a scan. When you close the program, it's not doing anything. The Pro version scans all the time just like a virus scanner. And it catches a lot. Use that, along with Avast, and the NoScript Firefox add-on, and you'll be pretty safe against this kind of thing. I think it's a better solution than paying for a virus scanner. Malwarebytes protects against spyware, malware, registry hacks, trojans, and stuff like fake AV programs. The fake AV programs are a new breed of bug, and most virus scanners don't even look for that type of activity.

Brock
06-27-2010, 01:21 PM
Had exactly the same thing. Malwarebytes fixed it. I had to run it more than once though. After that, Avast seems to have kept the problem quarantined.

Fish
06-27-2010, 01:21 PM
And combofix does actually scan for viruses Fish not just spyware and malware.

No it does not. Take a look on their own webpage.

http://www.combofix.org/

It's pretty clear from the first sentence...

Combofix is a freeware (a legitimate spyware remover created by sUBs), Combofix was designed to scan a computer for known malware, spyware (SurfSideKick, QooLogic, and Look2Me as well as any other combination of the mentioned spyware applications) and remove them.

You need more than just Combofix to get rid of these types of things.

OnTheWarpath58
06-27-2010, 01:23 PM
Running a full scan.

It found two infected objects in the first 100 objects it scanned.

Fish
06-27-2010, 01:23 PM
I have a flash drive available.

Should I go this route, or is it OK to go ahead and download since I'm able to boot into safe mode with networking?

If networking in safe mode works, then just do that.

MeatRock
06-27-2010, 01:24 PM
I had the fake microsoft antivirus program that kept popping up over and over and over again infecting my machine with viruses. Whether you like combofix or not, i ran it and it removed the source of the viruses then ran Malwarebytes and removed the other viruses that funneled through, Have not had problems since.

And yes run firefox it helps tremendously.

Sure-Oz
06-27-2010, 01:24 PM
Running a full scan.

It found two infected objects in the first 100 objects it scanned.

Nice...this program is the shit and has saved my ass a few times. I constantly update it.

If this works out def. keep that, and download avast, and update them weekly (avast updates auto)

Brock
06-27-2010, 01:24 PM
I would seriously like to find the people that did this and murder them.

OnTheWarpath58
06-27-2010, 01:24 PM
All I use is Firefox, though IE and Safari are installed.

OnTheWarpath58
06-27-2010, 01:25 PM
I would seriously like to find the people that did this and murder them.

This. They're really fucking up my universe.

Thanks again to everyone helping.

Fish
06-27-2010, 01:26 PM
I had the fake microsoft antivirus program that kept popping up over and over and over again infecting my machine with viruses. Whether you like combofix or not, i ran it and it removed the source of the viruses then ran Malwarebytes and removed the other viruses that funneled through, Have not had problems since.

And yes run firefox it helps tremendously.

Malwarebytes does the exact same thing that Combofix does, plus much more. I'm not trying to trash Combofix, because it's effective for what it does. But it's limited in what it scans, and Malwarebytes does the same thing and more.

MeatRock
06-27-2010, 01:26 PM
Yes fish i understand what it says, iv ran it many times and Malwarebytes also says anti-malware removing tool as well.

MeatRock
06-27-2010, 01:29 PM
Alot of viruses are actually considered Malware.

Fish
06-27-2010, 01:31 PM
I would seriously like to find the people that did this and murder them.

For quite some time, this shit was considered legal practice too. These dicks would do a drive-by install of this fake AV program that tricks users into thinking they have a ton of viruses and asking for money for the fix. And then they could legally take their money to "fix" it. When it was their software that was causing all the "virus-like" activity.

That's the reason that so many of the traditional virus scanners couldn't scan for it(many still don't). Cause it was considered legal practice even though it fucked up everyone's world. Only the malware scanners would consider it something that should be removed.

Sure-Oz
06-27-2010, 01:32 PM
I also use mcafee site advisor as a addon/plugin to my firefox. helps out knowing what sites could be bad on searches, gives you a check mark if its known to be ok or an X if it could have shit on it, or a ? (unknown) or ! (warning could be downloads). Nice little thing to have in the browser on the corner

MeatRock
06-27-2010, 01:34 PM
Actually i would go as far to say that most if not all trojans, worms ect. are considered malware.

CosmicPal
06-27-2010, 01:37 PM
Running a full scan.

It found two infected objects in the first 100 objects it scanned.

Once your scan is completed. Click to remove all the infected files.

If you continue to have problems, then do that root file I suggested. This will assure that you do or do not have any trojans remaining on your hard-drive.

OnTheWarpath58
06-27-2010, 01:38 PM
Once your scan is completed. Click to remove all the infected files.

If you continue to have problems, then do that root file I suggested. This will assure that you do or do not have any trojans remaining on your hard-drive.

I'll run the root file regardless. Can't hurt anything. I'd rather do everything I can the first time.

MeatRock
06-27-2010, 01:39 PM
Viruses is just a term widely used by people. Malware is malicious software coded or non coded.

Fish
06-27-2010, 01:39 PM
Yes fish i understand what it says, iv ran it many times and Malwarebytes also says anti-malware removing tool as well.

I'm sorry, but I know the heuristics of both apps. They're not even close. You don't know what you're talking about here.

Combofix was created and designed for a very specific and small set of things. It grew over time, but it's still rather limited in the type of behavior it looks for. It's updated per build, meaning each time the creators re-write the program. Malwarebytes has an online auto-update database that is updated all the time. That alone makes Malwarebytes infinitely better. Anti-malware heuristics change daily. It's a constant struggle to stay ahead of the changes and evolution of malware. Malwarebytes takes an active approach to that. Combofix heuristics are very dated.

And from Malwarebytes' page:

viruses, worms, trojans, rootkits, dialers, spyware, and malware

You'll notice that Combofix's page doesn't mention that.

MeatRock
06-27-2010, 01:42 PM
Ok then you are telling me that combofix will not detect viruses when viruses are malware and combofix detects and scans for malware? Is this what you are saying?

CosmicPal
06-27-2010, 01:42 PM
OTW...and anyone else for that matter...when you're all completed with this unfortunate mess, go to this link http://www.bluetack.co.uk/ and download the Blocklist Manager. This is a free tool that blocks sites known to have viruses in the past. With this, you'll never have to worry about getting another trojan from simple searching.

MeatRock
06-27-2010, 01:46 PM
Im not making a case of Malwarebytes vs. Combofix. I am saying that combofix is not as outdated as you claim and there are updates for it. As for active protection i agree malwarebytes shines in that area.

MeatRock
06-27-2010, 01:48 PM
But i guess i dont know what im talking about sooo. I hope you get it fixed OTWP. Good luck

MeatRock
06-27-2010, 01:59 PM
Damn i think i need to make my own antivirus program and just say it removes viruses so i can sell alot more copies of my program since others just say spyware and malware which is the same damn thing. Hmmm lol

Fish
06-27-2010, 02:10 PM
Damn i think i need to make my own antivirus program and just say it removes viruses so i can sell alot more copies of my program since others just say spyware and malware which is the same damn thing. Hmmm lol

There are very defined classification standards for malicious computer threats. All companies that sell their software for profit must adhere to the same standards, and define what their software does. It's a very big deal, and classifying things is complicated.

Freeware like Combofix doesn't have to adhere to the same standards...

Fish
06-27-2010, 02:11 PM
And dammit OTW... use the Media Center..... !

Sure-Oz
06-27-2010, 02:11 PM
So...OTWP how is the scan going

pr_capone
06-27-2010, 02:13 PM
No cancel scan option. I figure I can just click the "Close" X and cancel it that way.

At this point, I've already wasted over a ****ing hour on this scan, I might as well see it through and then reboot - unless you guys think that's pointless.

I sent you a PM about 2 hours ago. lol did you receive it?

OnTheWarpath58
06-27-2010, 02:14 PM
I sent you a PM about 2 hours ago. lol did you receive it?

Just now.

MeatRock
06-27-2010, 02:15 PM
And your wrong Fish. Combofix has active servers for updates.

OnTheWarpath58
06-27-2010, 02:15 PM
So...OTWP how is the scan going

175K objects scanned, 4 objects infected.

MeatRock
06-27-2010, 02:15 PM
Meaning it will auto update u to an active server when you click it to run.

MeatRock
06-27-2010, 02:16 PM
You obviously dont know the heuristics for the programs as you claim.

MeatRock
06-27-2010, 02:20 PM
And for the record alot of freeware is just as good as the shit you pay for. And BTW isnt Malwarebytes at least the version OTWP is using freeware as well? Your argument is mute Fish.

Fish
06-27-2010, 02:22 PM
And your wrong Fish. Combofix has active servers for updates.

:facepalm:

pr_capone
06-27-2010, 02:24 PM
And for the record alot of freeware is just as good as the shit you pay for. And BTW isnt Malwarebytes at least the version OTWP is using freeware as well? Your argument is mute Fish.

Dude... don't take it personally.

Fish is right when he states that Malwarebytes is a more versitile program. No point in arguing over wording. May I suggest you guys take this to PM so that we don't clutter up the thread where OTWP is trying to get his shit fixed?

MeatRock
06-27-2010, 02:24 PM
run it if ya wanna facepalm buddy it will take you to an active update server. A new version. What does that take adding some new detection files. WOW holt shit thats gotta be rebuilt from the ground up. :facepalm:

MeatRock
06-27-2010, 02:26 PM
Im good man im not here for this but i do know what im talking about and im not full of shit. But i hear ya capone, its all good

pr_capone
06-27-2010, 02:30 PM
OTWP - BTW, on behalf of all tech support reps, thanks for trying to work shit out on your own before calling your isp bitching about how they put a virus on your computer.

That shit never gets old.

dirk digler
06-27-2010, 02:34 PM
Kapersky is one of the best you can get. Panda is good too.

Avast is probably the best of the free ones.

That said, none of them are likely to catch this particular fake AV bug. We use Microsoft Forefront at work, which allows you to combine multiple virus engines and use them all at the same time. Kinda like running Kapersky, Panda, and Avast all at the same time. It even has trouble catching this bug.

A good line of defense against this type of thing is the Pro version of Malwarebytes. It has an active scanner in it, which the free version doesn't have. The free version only works when you're running a scan. When you close the program, it's not doing anything. The Pro version scans all the time just like a virus scanner. And it catches a lot. Use that, along with Avast, and the NoScript Firefox add-on, and you'll be pretty safe against this kind of thing. I think it's a better solution than paying for a virus scanner. Malwarebytes protects against spyware, malware, registry hacks, trojans, and stuff like fake AV programs. The fake AV programs are a new breed of bug, and most virus scanners don't even look for that type of activity.

Fish would you recommend Forefront for corporate environments?

OnTheWarpath58
06-27-2010, 02:37 PM
OK.

Scan's done.

What now?

Remove selected?

pr_capone
06-27-2010, 02:38 PM
OK.

Scan's done.

What now?

Remove selected?

avg scan or malwarebytes scan?

yes to both regardless. :D

Sure-Oz
06-27-2010, 02:40 PM
OK.

Scan's done.

What now?

Remove selected?

Yes remove selected...

i guess restart and see what happens...and download avast antivirus

OnTheWarpath58
06-27-2010, 02:40 PM
avg scan or malwarebytes scan?

yes to both regardless. :D

Malwarebytes.

pr_capone
06-27-2010, 02:44 PM
Malwarebytes.

yup... tell it to nuke everything. once its done reboot back into regular Vista and you should be gold.

Fish
06-27-2010, 02:49 PM
Fish would you recommend Forefront for corporate environments?

Absolutely. It's incredible for being a M$ product. Very versatile. Use whatever engine(s) you want. Works well. Easy to manage. Small footprint. Expensive though...

OnTheWarpath58
06-27-2010, 02:51 PM
Posting from the "infected" computer, and everything seems to be fine.

Except for some reason, the WeatherBug app I have in the sidebar isn't working.

Otherwise, things seem fine for the moment.

pr_capone
06-27-2010, 02:59 PM
Posting from the "infected" computer, and everything seems to be fine.

Except for some reason, the WeatherBug app I have in the sidebar isn't working.

Otherwise, things seem fine for the moment.

malwarebytes may have seen the weatherbug as malware... you may need to reinstall.

w00t!

glad its back up and running

Sure-Oz
06-27-2010, 03:02 PM
Re-Install weather bug, malwarebytes is the shit!

Download Avast asap and get rid of AVG

MeatRock
06-27-2010, 03:08 PM
OTWP if this problem shows itself again then you have a locked file in your win32 .dll extensions and you will then need combofix to unhook it from there. Malwarebytes will not unhook .dll files that are infected.

So if this bogus antivirus pops up again all of a sudden its then in a locked .dll file.

MeatRock
06-27-2010, 03:09 PM
Just a heads up

MeatRock
06-27-2010, 03:12 PM
But do not run it if you have a root kit on your comp. I forgot to mention that part. Hopefully it was just infected files and malwarebytes took care of em.

OnTheWarpath58
06-27-2010, 03:14 PM
malwarebytes may have seen the weatherbug as malware... you may need to reinstall.

w00t!

glad its back up and running

Re-Install weather bug, malwarebytes is the shit!

Download Avast asap and get rid of AVG

I've tried to re-install the Weatherbug app, and no luck.

Matter of fact, I can't get any apps to work. I keep getting a "service not available" message.

And I've installed Avast, but it won't let me register. I click the "register" button expecting to get a pop-up-like box to fill in some info for the free license, and nothing happens.

MeatRock
06-27-2010, 03:15 PM
oh boy

MeatRock
06-27-2010, 03:17 PM
reboot

OnTheWarpath58
06-27-2010, 03:18 PM
Fuck.

Something is still wrong.

Windows Defender is saying I need to check for definition updates, but then I get an error code saying it can't check for updates.

Sure-Oz
06-27-2010, 03:20 PM
I've tried to re-install the Weatherbug app, and no luck.

Matter of fact, I can't get any apps to work. I keep getting a "service not available" message.

And I've installed Avast, but it won't let me register. I click the "register" button expecting to get a pop-up-like box to fill in some info for the free license, and nothing happens.

http://www.avast.com/registration-free-antivirus.php

You wont need the key for i think 30 days, it should work now. But register here to get it

MeatRock
06-27-2010, 03:21 PM
you might also have some errors in some files after the scan. Try using crap cleaner to clear up some errors first before getting into locked .dll files ok?

Fish
06-27-2010, 03:21 PM
I've tried to re-install the Weatherbug app, and no luck.

Matter of fact, I can't get any apps to work. I keep getting a "service not available" message.

And I've installed Avast, but it won't let me register. I click the "register" button expecting to get a pop-up-like box to fill in some info for the free license, and nothing happens.

If no .exe files will open, you'll need to run this .reg fix to fix the association. That's the .reg file I was talking about earlier.

Update for correct link: http://www.winhelponline.com/fileasso/exefix_vista.zip

Dowload and run that, and it will ask you if you want to import it into the registry. After that, you should be able to double-click files again.

pr_capone
06-27-2010, 03:22 PM
****.

Something is still wrong.

Windows Defender is saying I need to check for definition updates, but then I get an error code saying it can't check for updates.

you posting on the infected rig?

MeatRock
06-27-2010, 03:22 PM
you might have some registry errors going on.

OnTheWarpath58
06-27-2010, 03:22 PM
I'm back on the laptop.

I'm currently waiting on a reboot, but I couldn't install the Windows Update that was recommended either.

What.

The.

Fuck.

OnTheWarpath58
06-27-2010, 03:24 PM
you posting on the infected rig?

I was. Back on the laptop now.

OnTheWarpath58
06-27-2010, 03:26 PM
Infected rig has restarted, and Avast almost instantly said I needed to update, I tried, and I'm getting a "cannot connect to server" error.

MeatRock
06-27-2010, 03:28 PM
use a registry cleaner that fish put up or download crap cleaner does the same thing. Fixes errors.

MeatRock
06-27-2010, 03:29 PM
If that doesnt work ur infected still in a locked win32 file

OnTheWarpath58
06-27-2010, 03:34 PM
Fuck.

Registry Reviver has already found over 300 errors.

Still scanning.

pr_capone
06-27-2010, 03:35 PM
Infected rig has restarted, and Avast almost instantly said I needed to update, I tried, and I'm getting a "cannot connect to server" error.

can you access the net at all from the computer atm?

OnTheWarpath58
06-27-2010, 03:35 PM
Holy fuck. This thing is going nuts.

OnTheWarpath58
06-27-2010, 03:36 PM
can you access the net at all from the computer atm?

Yes, because i just DL'd and installed the Registry Reviver program that Fish suggested, and it's currently scanning. It's found almost 900 errors in just a few minutes.

Fish
06-27-2010, 03:37 PM
Holy fuck. This thing is going nuts.

Did you download Registry Reviver from the link I posted? If so, that may have been incorrect. I changed the link to point to the exact zip file you needed from that page.

I've never heard of Registry Reviver.

Fish
06-27-2010, 03:39 PM
Yes, because i just DL'd and installed the Registry Reviver program that Fish suggested, and it's currently scanning. It's found almost 900 errors in just a few minutes.

Sorry dude. My bad. That was a banner ad made to look like the correct download link. That's likely a "Scare you" registry cleaner that will detect lots of errors and then ask you to pay for the real version that will actually clean it. Don't worry about that, it's unlikely you have 900+ "registry errors". That's deceptive.

Here's the link from that page you needed:

Update for correct link: http://www.winhelponline.com/fileasso/exefix_vista.zip

OnTheWarpath58
06-27-2010, 03:39 PM
Holy shit.

Scan completed. 1857 errors.

749 File/Path References
493 Empty Registry keys
179 CLSID/TypeLib/Interface Entries
163 Program Shortcuts
153 Invalid Class Keys
97 Com/ActiveX Entries
17 Shared DLLS
3 File Associations
2 Application Paths
1 Windows Startup Items

Now what?

Bowser
06-27-2010, 03:41 PM
That's a fuckload of downloaded pr0n.

OnTheWarpath58
06-27-2010, 03:41 PM
Sorry dude. My bad. That was a banner ad made to look like the correct download link. That's likely a "Scare you" registry cleaner that will detect lots of errors and then ask you to pay for the real version that will actually clean it. Don't worry about that, it's unlikely you have 900+ "registry errors". That's deceptive.

Here's the link from that page you needed:

Update for correct link: http://www.winhelponline.com/fileasso/exefix_vista.zip

OK.

Whew. Uninstalled.

MeatRock
06-27-2010, 03:41 PM
Be careful with registry cleaners as some will want to delete win32 files or operating system files. Exempt any operating system files after scan.

Fish
06-27-2010, 03:43 PM
It's spoofing you with errors. It probably won't clean it unless you buy the full version right? Close it. You can run CCCleaner if you want to scan the registry. I can tell you how to run it right. Registry errors are a very grey area, and most of the things they report as errors probably aren't. Registry cleaners can sometimes do more harm than good.

Close that and downloand the .zip file I posted. Unzip the .reg file in it, and run that.

Sure-Oz
06-27-2010, 03:45 PM
Sorry dude. My bad. That was a banner ad made to look like the correct download link. That's likely a "Scare you" registry cleaner that will detect lots of errors and then ask you to pay for the real version that will actually clean it. Don't worry about that, it's unlikely you have 900+ "registry errors". That's deceptive.

Here's the link from that page you needed:

Update for correct link: http://www.winhelponline.com/fileasso/exefix_vista.zip
Do you have one for windows xp? I assume just let it do its thing and your cpu will be in better shape?

Sure-Oz
06-27-2010, 03:46 PM
It's spoofing you with errors. It probably won't clean it unless you buy the full version right? Close it. You can run CCCleaner if you want to scan the registry. I can tell you how to run it right. Registry errors are a very grey area, and most of the things they report as errors probably aren't. Registry cleaners can sometimes do more harm than good.

Close that and downloand the .zip file I posted. Unzip the .reg file in it, and run that.

I have cc cleaner but have no clue wtf to do with the registry cleaner....when are those needed anyway besides OTWP machine going to hell

OnTheWarpath58
06-27-2010, 03:49 PM
It's spoofing you with errors. It probably won't clean it unless you buy the full version right? Close it. You can run CCCleaner if you want to scan the registry. I can tell you how to run it right. Registry errors are a very grey area, and most of the things they report as errors probably aren't. Registry cleaners can sometimes do more harm than good.

Close that and downloand the .zip file I posted. Unzip the .reg file in it, and run that.

"Adding information can unintentionally change or delete values and cause components to stop working correctly. If you do not trust the source of this information in C:\users\...\exefix_vista.reg, do not add it to the registry.

Are you sure you wish to continue?"

I clicked "yes" and got this:

The keys and values contained in c:\users....have been successfully added to the registry.

And I'm still not able to update windows or window defender - or Avast.

OnTheWarpath58
06-27-2010, 03:50 PM
Fish, I have CCleaner if you want to instruct me on what to do.

Der Flöprer
06-27-2010, 03:51 PM
What a fucking nightmare.................

Sorry I can't be of help.

MeatRock
06-27-2010, 03:51 PM
First just run the cleaner at the top its not the registry one. Its the one with the brush.

OnTheWarpath58
06-27-2010, 03:52 PM
What a fucking nightmare.................

Sorry I can't be of help.

I swear to God, I'm thinking of driving downtown and murdering a hobo.

Fuck you, Bill Gates.

MeatRock
06-27-2010, 03:53 PM
It will fix errors in any windoe files and other files outside of operating system.

Bowser
06-27-2010, 03:54 PM
I swear to God, I'm thinking of driving downtown and murdering a hobo.

Fuck you, Bill Gates.Run by Tucker's and grab a steak when you're done. Good eats there.

OnTheWarpath58
06-27-2010, 03:56 PM
Fish, what about running the root file that Cosmic suggested earlier?

Would that help narrow down the problem?

Bill Parcells
06-27-2010, 04:03 PM
I got that shit on my last pc..the fucking thing actually changed my desk top background into ''hahahaha! you're infected!!''' :cuss: I did a data recovery off of the hard drive and threw it out. this one is windows 7..I never used vista. I have a mac lap top too..lol..no problems at all for 3 years.

Fucking hacker pieces of shit..I hope they all die in a fire.

Good luck dude!

WilliamTheIrish
06-27-2010, 04:07 PM
Hang in there, dude.

Tell one of these nerds to give you a reformat tutorial.

CosmicPal
06-27-2010, 04:13 PM
Fish, what about running the root file that Cosmic suggested earlier?

Would that help narrow down the problem?

Yes, it will.

Download it and run it. It will show you what type and where the trojan/s is/are located. You can PM it to me and/or Fish if you don't see the Trojans listed.

That will at least tell you where they are and what they are. You can then go from there.

MeatRock
06-27-2010, 04:14 PM
Yea i know how it feels when your computer is screwed. I built mine and not 3 weeks after i got the same BS he's going through. It's frustrating to say the least.

OnTheWarpath58
06-27-2010, 04:15 PM
Tried to do the Windows Update again, and it appears to be working this time.

I'll see where I stand after that.

MeatRock
06-27-2010, 04:16 PM
Did ya run the cc cleaner?

CosmicPal
06-27-2010, 04:16 PM
Again, I strongly recommend you submit your issue to that Tech Forum I suggested. I had the Trojan Vundo a couple of years back and those guys saved my desktop when I thought it was hopeless. I'm still using the same desktop now.

I have a laptop I use for my work and I use my desktop for my media center.

I haven't had ANY issues since those guys helped me get rid of that ****in' trojan.

Sure-Oz
06-27-2010, 04:18 PM
Tried to do the Windows Update again, and it appears to be working this time.

I'll see where I stand after that.

What did u do to get that running?

OnTheWarpath58
06-27-2010, 04:18 PM
Did ya run the cc cleaner?

Yep. Nothing of note. Just cleaned out my internet history and saved forms, etc.

OnTheWarpath58
06-27-2010, 04:19 PM
What did u do to get that running?

Just tried it again.

What's weird is that I tried the Windows Defender update right before, and got the same message I got earlier.

Weird.

MeatRock
06-27-2010, 04:19 PM
The next step is to run the registry underneath the brush. its the one with the blue boxes.

MeatRock
06-27-2010, 04:20 PM
Anything that says framework or common files in the system is ok to fix.

MeatRock
06-27-2010, 04:21 PM
Make sure to back up your registry when asked.

OnTheWarpath58
06-27-2010, 04:21 PM
Update successful, restarting now.

MeatRock
06-27-2010, 04:22 PM
after initial scan then scan again.

OnTheWarpath58
06-27-2010, 04:23 PM
after initial scan then scan again.

?

MeatRock
06-27-2010, 04:24 PM
was saying when scanning registry underneath the brush.

OnTheWarpath58
06-27-2010, 04:24 PM
Fuck, this is going to take forever. Installation is at 20% of stage 1 of 3.

MeatRock
06-27-2010, 04:25 PM
scan again cause it wont get all the errors if you scan your registry the first time.

mikeyis4dcats.
06-27-2010, 04:45 PM
if what you're doing doesn't work, or if you run into it again, download this:

http://www.elitekiller.com/files/rogueremoval.zip

heck, download it now and put it on a flash drive or CD.

It's a kit of all the necessary tools for malware cleanup in one folder, with the exec files renamed as needed to fool malware that blocks cleaning software from running. It's rock solid. Read the help file and run the tools in the order it shows and it will kill anything.

I've used it to salvage a half dozen computers of friends and family that were totally ****ed.

OnTheWarpath58
06-27-2010, 04:49 PM
Fuck.

The windows update installed, but I'm still getting a "cannot connect to server" error when trying to update Avast, and an error code when trying to update Windows Defender.

pr_capone
06-27-2010, 05:05 PM
****.

The windows update installed, but I'm still getting a "cannot connect to server" error when trying to update Avast, and an error code when trying to update Windows Defender.

google the error code for windows defender and see what turns up. If you have a firewall installed you may have to tell it to allow avast to access the internet.

If this is an old installation of avast, tl;dr (at work), then uninstall and reinstall. If this is a new installation of avast it may just be that their servers are down ATM.

OnTheWarpath58
06-27-2010, 05:06 PM
Here's a HijackThis log if anyone can decipher it:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:02:53 PM, on 6/27/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18444)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\WDBtnMgr.exe
C:\Program Files\Lexmark 7600 Series\lxdwmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Lexmark 7600 Series\lxdwMsdMon.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\wsqmcons.exe
C:\Users\XXXXXXX\Desktop\rogueremoval\HiJack This\HJT.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [lxdwmon.exe] "C:\Program Files\Lexmark 7600 Series\lxdwmon.exe"
O4 - HKLM\..\Run: [lxdwamon] "C:\Program Files\Lexmark 7600 Series\lxdwamon.exe"
O4 - HKLM\..\Run: [Lexmark 7600 Series Fax Server] "C:\Program Files\Lexmark 7600 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Users\XXXXXXX\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Desktop Connector.lnk = C:\Program Files\Sprint Mobile Email\Desktop Connector\DesktopConnector.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\XXXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O9 - Extra 'Tools' menuitem: UltimateBet - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\XXXXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program,Files\RelevantKnowledge\rlai.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CLDTVHNService - Unknown owner - C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1c9a0d2e4628d10) (gupdate1c9a0d2e4628d10) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdwCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdwserv.exe
O23 - Service: lxdw_device - - C:\Windows\system32\lxdwcoms.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: SLPMONX - ProdEx Technologies - C:\Windows\system32\slpservice.exe

--
End of file - 9917 bytes



What should I choose to fix, if anything?

RustShack
06-27-2010, 05:10 PM
Shoulda bought a PS3.

WilliamTheIrish
06-27-2010, 05:10 PM
This is like a CP thread asking for medical advice. OTW, hang in there.

OnTheWarpath58
06-27-2010, 05:15 PM
This is like a CP thread asking for medical advice. OTW, hang in there.

I'm trying.

I've gotten functionality back - at least from what I can tell.

I just can't seem to update Avast or Windows Defender without getting an error message.

phisherman
06-27-2010, 05:17 PM
this line tells a possible tale:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577

This is pointing Internet Explorer to the internal loopback address of your NIC. All web requests (including Avast) are probably routed through this address. You'll never get anywhere this way.

In Internet Explorer, go to Tools, Internet Options, Connections Tab, LAN Settings, Uncheck "Use the Proxy Server" and check "Automatically Detect Settings". That should re-enable your web connection.

OnTheWarpath58
06-27-2010, 05:22 PM
this line tells a possible tale:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577

This is pointing Internet Explorer to the internal loopback address of your NIC. All web requests (including Avast) are probably routed through this address. You'll never get anywhere this way.

In Internet Explorer, go to Tools, Internet Options, Connections Tab, LAN Settings, Uncheck "Use the Proxy Server" and check "Automatically Detect Settings". That should re-enable your web connection.

Did all that with no change.

I don't use IE, though it is installed. I use FF.

Chrome and Safari are installed but not used as well.

OnTheWarpath58
06-27-2010, 05:31 PM
I've finally gotten around to running the root file that Cosmic suggested, but there are a lot of options. What should I scan?

http://i45.tinypic.com/6pagrc.jpg

RippedmyFlesh
06-27-2010, 05:35 PM
Remove this with hijacj this
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577

dl combofix to a thumb drive on the mac
rename it before saving it.do save as then change the name to dog.exe or something similiar.Some malware will del combofix setup file.
copy over to desk of win box in normal mode.
Combofix should run in normal mode but i doubt you are patient enough to run it.
It will seem like its hung up let it go until the log file ( a notepad file) covers the screen.
Reinstall malwarebytes and remove the folder left behind.
Run a full scan of malwarebytes.
If you can't work with the computer because of the malware download
rkill.exe to the mac and again rename it as you save to something.exe
run rkill then proceed with above .

OnTheWarpath58
06-27-2010, 05:36 PM
Well, I got Avast to update by going into settings and changing the proxy settings from auto detect to direct connection.

RippedmyFlesh
06-27-2010, 05:39 PM
Well, I got Avast to update by going into settings and changing the proxy settings from auto detect to direct connection.
If you were infected you should uninstall avast and reinstall it when the malware is removed.

OnTheWarpath58
06-27-2010, 05:48 PM
Can anyone suggest a good spyware program, or does Avast cover that as well?

Fish
06-27-2010, 06:05 PM
Can anyone suggest a good spyware program, or does Avast cover that as well?

Spybot is probably the best free one. Malwarebytes Pro does spyware and more, but it costs $25.

OnTheWarpath58
06-27-2010, 06:07 PM
Spybot is probably the best free one. Malwarebytes Pro does spyware and more, but it costs $25.

Everything seems to be back to normal, except I can't seem to get Windows Defender to update.

All the problems I had with Avast updating, and re-installing Weatherbug are taken care of.

Do you think WD is just an isolated incident, or do I still have a problem?

Fish
06-27-2010, 06:14 PM
Everything seems to be back to normal, except I can't seem to get Windows Defender to update.

All the problems I had with Avast updating, and re-installing Weatherbug are taken care of.

Do you think WD is just an isolated incident, or do I still have a problem?

Not sure. The bug may have borked something with Windows Defender. I would try to do a manual update of the definitions. And if that doesn't work, try reinstalling Windows Defender. The manual update might be all it needs.

Go here for instructions and to download the manual update.

http://www.microsoft.com/security/portal/Definitions/HowToWD.aspx

It's basically just a file you download that installs the updates separately from the actual Windows Defender app. There's different instructions for 32 and 64 bit versions of Vista, depending on what you have.

See if that works.

OnTheWarpath58
06-27-2010, 06:19 PM
Not sure. The bug may have borked something with Windows Defender. I would try to do a manual update of the definitions. And if that doesn't work, try reinstalling Windows Defender. The manual update might be all it needs.

Go here for instructions and to download the manual update.

http://www.microsoft.com/security/portal/Definitions/HowToWD.aspx

It's basically just a file you download that installs the updates separately from the actual Windows Defender app. There's different instructions for 32 and 64 bit versions of Vista, depending on what you have.

See if that works.


Yeah, I tried the manual update already.

And I just downloaded Spybot, and am running a scan.

So far, there's one problem listed as "fraud.sysguard" and it says it's 7 entries of malware.

pr_capone
06-27-2010, 06:23 PM
Everything seems to be back to normal, except I can't seem to get Windows Defender to update.

All the problems I had with Avast updating, and re-installing Weatherbug are taken care of.

Do you think WD is just an isolated incident, or do I still have a problem?

me thinks isolated. you said it gave you an error code. what was it?

dirk digler
06-27-2010, 06:30 PM
Yeah, I tried the manual update already.

And I just downloaded Spybot, and am running a scan.

So far, there's one problem listed as "fraud.sysguard" and it says it's 7 entries of malware.

If that doesn't work try SuperAntiSpyware. I have had alot luck with that one in removing certain malware.

OnTheWarpath58
06-27-2010, 06:31 PM
me thinks isolated. you said it gave you an error code. what was it?

Error Found: Code 0x80072efe

CosmicPal
06-27-2010, 06:40 PM
I'm trying.

I've gotten functionality back - at least from what I can tell.

I just can't seem to update Avast or Windows Defender without getting an error message.

The hijack file didn't show anything alarming.

If you're unable to update Avast and/or Windows Defender then you may want to try uninstalling them and reinstalling those files.

pr_capone
06-27-2010, 06:42 PM
Error Found: Code 0x80072efe

http://support.microsoft.com/kb/836941

Fish
06-27-2010, 06:43 PM
Error Found: Code 0x80072efe

Does Windows Update work? Have you tried that?

That error is sometimes related to Windows Update. Test that. And if it works, I'd just uninstall Windows Defender, download the latest version, and install that.

OnTheWarpath58
06-27-2010, 06:47 PM
Does Windows Update work? Have you tried that?

That error is sometimes related to Windows Update. Test that. And if it works, I'd just uninstall Windows Defender, download the latest version, and install that.

Windows Update ended up working earlier - you just probably missed the post about it.

Spybot found a handful of things, 1 of which it said could not be removed, but may be removed upon a restart.

It's running another scan right now.

Once everything is back up and running, I'll re-install WD and see if that fixes the problem.

Right now, if it wasn't for WD not updating, I'd think nothing was wrong.

Everything seems back to normal.

CosmicPal
06-27-2010, 06:53 PM
Everything seems back to normal.

After rebooting, come back and if you see four hot babes in this picture, then something is terribly wrong with your computer. I'd take it out to the pasture and smash it.

http://www.barelyhangingon.com/wp-content/uploads/fat_women_bathingsuits.jpg

OnTheWarpath58
06-27-2010, 06:55 PM
After rebooting, come back and if you see four hot babes in this picture, then something is terribly wrong with your computer. I'd take it out to the pasture and smash it.

http://www.barelyhangingon.com/wp-content/uploads/fat_women_bathingsuits.jpg

Good thing my Macbook is missing some sort of plug-in, because all I get is a blue box with a ? in it.

Me thinks I was going to get Rick Rolled with some heavies.

pr_capone
06-27-2010, 06:56 PM
After rebooting, come back and if you see four hot babes in this picture, then something is terribly wrong with your computer. I'd take it out to the pasture and smash it.

http://www.barelyhangingon.com/wp-content/uploads/fat_women_bathingsuits.jpg

http://img204.imageshack.us/img204/6713/58806076.jpg

CosmicPal
06-27-2010, 06:57 PM
All right, who's the wise guy that removed my pic? Huh?

OnTheWarpath58
06-27-2010, 06:57 PM
Fuck, these scans take forever.

Going on 8 hours of my Sunday wasted on this bullshit.

CosmicPal
06-27-2010, 06:59 PM
****, these scans take forever.

Going on 9 hours of my Sunday wasted on this bullshit.

Feel your pain. Been there and done it. Get everything updated now so it doesn't happen again.

OnTheWarpath58
06-28-2010, 09:49 AM
Weird.

Still can't update windows defender, and I can't even re-install it.

Cosmic and Fish, be on the lookout for a PM with my RootRepeal logs - hopefully one of you guys can tell if this is just an isolated incident or if I still have an issue.

QuikSsurfer
06-28-2010, 09:53 AM
Which is it, fellas?
:D

I've got some free time today and I could remote into your system (with team viewer or some other client) and take care of this problem for you.

PM me.

CosmicPal
06-28-2010, 12:12 PM
Feel free to send that RootRepeal to me and/or Fish. I'll look it over.

But, if QuikSurfer is willing to remote to your computer, that's an excellent idea. There's some free remote softwares out there you can use and if QS is good with computers, he'll be able to assist you better and faster with remote access.

pr_capone
06-28-2010, 12:28 PM
Feel free to send that RootRepeal to me and/or Fish. I'll look it over.

But, if QuikSurfer is willing to remote to your computer, that's an excellent idea. There's some free remote softwares out there you can use and if QS is good with computers, he'll be able to assist you better and faster with remote access.

windows Remote Help works a treat... use it with my brother's system every now and then. best of all its free and already installed. :D

Dicky McElephant
06-28-2010, 12:39 PM
Does anyone have any opinions on Trend Micro vs. Kapersky?

thecoffeeguy
06-28-2010, 12:48 PM
Does anyone have any opinions on Trend Micro vs. Kapersky?

I have never been a fan of trend micro.
Kapersky is supposed to be pretty good.

Cant recall if sophos has a personal edition. Sophos has always been good in the enterprise.

thecoffeeguy
06-28-2010, 12:49 PM
Weird.

Still can't update windows defender, and I can't even re-install it.

Cosmic and Fish, be on the lookout for a PM with my RootRepeal logs - hopefully one of you guys can tell if this is just an isolated incident or if I still have an issue.

Did you by chance try using Microsoft Security Essentials? Not very good for detecting things real time, but very good for finding stuff that exists on the system.

Give it a shot. It is free.

Pasta Giant Meatball
07-19-2010, 06:49 PM
Just wanted to bump this thread to thank all those that recommended combofix for Warpath's problem. I decided to try it out and it took care of a NASTY problem I'd been having with my computer. Thanks and rep your way guys.