Virus wont allow to download or upload

Posted 10/20/2009 8:37 PM
#78550
User avatar

Bob92 Valued member

Date Joined Nov 2016
Total Posts: 21
This virus has shut down all my anti-virus software,AVG,spybot, highjack this, combofix. I have tried to download combo fix and malwarebytes by renaming and it will not allow the download. At this point I dont think I can download anything. <br/>Please help <br/> <br/>Bob
Posted 10/21/2009 6:43 AM
#78592
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hello Bob92 <br/> <br/> <br/> <br/> <br/> <br/>See if you download and run the below tool -> <br/> <br/> <br/> <br/> <br/><SPAN style="mso-ansi-language: EN-GB" lang=EN-GB>[3] <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p>[/3] <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Go: <SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.0pt" lang=EN-GB><SPAN style="mso-bidi-font-size: 12.0pt">http://bamajim.com/<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB><SPAN style="mso-spacerun: yes"> and download File Lister.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Save it to your Desktop<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Rightlick ->> Extract all ->> And extract it to your Desktop<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Open the File Lister Folder. <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Note: Leave the FileLister.vbe file in the folder and run it from there.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Rightclick FileLister.vbe ->>Select Open Then Open to confirm.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>When the program is fnished it will produce a log for you C:\Files.txt<SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.0pt" lang=EN-GB><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.0pt" lang=EN-GB> <SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Copy and paste the contents of that log in your reply.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN; mso-bidi-font-size: 12.0pt" lang=EN>The log will be reasonably large so you may have to divide it into sections and make several posts to post it.<BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB><o:p></o:p> <br/><BR sab="115">

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 10/21/2009 2:12 PM
#78625
User avatar

Bob92 Valued member

Date Joined Nov 2016
Total Posts: 21
Dave, <br/> <br/>I downloaded, but cant unzip file. Also, any programs I have tried to download and save to desktop, I cant find. <br/>Even when I allow computer to search.....no success. <br/> <br/>Thanks, <br/>Bob
Posted 10/21/2009 2:50 PM
#78630
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Ok. Then run some online scan -> <br/> <br/> <br/> <br/> <br/> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Please go to [color=#0000ff>http://www.eset.com/onlinescan/</FONT>[/url]<?xml:namespace]<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>to perform an online scan. Please use Internet Explorer as it uses ActiveX.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Check (tick) this box: YES, I accept the Terms of Use.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Click on the Start button next to it.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>When prompted to run ActiveX. click Yes.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>You will be asked to install an ActiveX. Click Install.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Once installed, the scanner will be initialized.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>After the scanner is initialized, click Start.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Check (tick) Remove found threats box.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Check (tick) Scan unwanted applications.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Click on Scan.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>It will start scanning. Please be patient.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB><o:p> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial" lang=EN-GB>Please run <FONT color=#222222>http://www.superantispyware.com/onlinescan.html[/color]<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial" lang=EN-GB><SPAN style="mso-spacerun: yes"> Follow the instructions on the site. When downloaded, click on – Check for updates – Button.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial" lang=EN-GB>Under <SPAN style="FONT-FAMILY: Verdana; COLOR: blue; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial" lang=EN-GB>Configuration and Preferences<SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial" lang=EN-GB>, click the <SPAN style="FONT-FAMILY: Verdana; COLOR: blue; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial" lang=EN-GB>Preferences<SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial" lang=EN-GB> button. <br/>Click the <SPAN style="FONT-FAMILY: Verdana; COLOR: blue; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial" lang=EN-GB>Scanning Control<SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial" lang=EN-GB> tab. <br/>Under <SPAN style="FONT-FAMILY: Verdana; COLOR: blue; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial" lang=EN-GB>Scanner Options<SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial" lang=EN-GB> make sure the following are checked:<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial" lang=EN-GB>Close browsers before scanning <br/>Scan for tracking cookies <br/>Terminate memory threats before quarantining. <br/>Ignore System Restore/Volume Information on ME and XP <br/>Please leave the others unchecked.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-bidi-font-size: 10.0pt" lang=EN-GB>On the main screen, under Scan for Harmful Software click Scan your computer. <br/>On the left check C:\Fixed Drive. <br/>On the right, under Complete Scan, choose Perform Complete Scan. <br/>Click Next to start the scan. Please be patient while it scans your computer. <br/>After the scan is complete a summary box will appear. Click OK. <br/>Make sure everything in the white box has a check next to it, then click Next. <br/>It will quarantine what it found and if it asks if you want to reboot, click <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: red; FONT-SIZE: 9pt; mso-bidi-font-size: 10.0pt" lang=EN-GB>NO.<SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-bidi-font-size: 10.0pt" lang=EN-GB> <BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break"><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-bidi-font-size: 10.0pt" lang=EN-GB>When the scan have finished -><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial" lang=EN-GB>Click <SPAN style="FONT-FAMILY: Verdana; COLOR: blue; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial" lang=EN-GB>Preferences<SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial" lang=EN-GB> . Click the <SPAN style="FONT-FAMILY: Verdana; COLOR: blue; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial" lang=EN-GB>Statistics/Logs tab<SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial" lang=EN-GB> . <br/>Under <SPAN style="FONT-FAMILY: Verdana; COLOR: blue; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial" lang=EN-GB>Scanner Logs<SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial" lang=EN-GB> , double-click <SPAN style="FONT-FAMILY: Verdana; COLOR: blue; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial" lang=EN-GB>SUPERAntiSpyware Scan Log<SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial" lang=EN-GB> . <br/>It will open in your default text editor (such as Notepad/Wordpad).<o:p></o:p> <br/> <br/><UL type=disc> <br/><LI style="LINE-HEIGHT: 160%; MARGIN: 0cm 0cm 0pt; COLOR: #222222; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-list: l1 level1 lfo2; tab-stops: list 36.0pt" class=MsoNormal><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial" lang=EN-GB>Save the logfile to desktop<o:p></o:p></LI> <br/><LI style="LINE-HEIGHT: 160%; MARGIN: 0cm 0cm 0pt; COLOR: #222222; mso-margin-bottom-alt: auto; mso-margin-top-alt: auto; mso-list: l1 level1 lfo2; tab-stops: list 36.0pt" class=MsoNormal><SPAN style="FONT-FAMILY: Verdana; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial" lang=EN-GB>Click close and close again to exit the program.<o:p></o:p></LI></UL> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial" lang=EN-GB>Reboot, if needed.<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #222222; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 10.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: DA; mso-bidi-language: AR-SA" lang=EN-GB>Post Superantispyware log, along with ESET log</o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 10/21/2009 6:03 PM
#78692
User avatar

Bob92 Valued member

Date Joined Nov 2016
Total Posts: 21
Dave, <br/> <br/>I can get to eset site, but I cant load scanner. When I receive email from ypu, with the link, I hit the link and a pop-up shows <br/> <br/>that says,"cant find application" <br/> <br/>Thanks, <br/> <br/>Bob
Posted 10/22/2009 5:37 AM
#78732
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Ok. Try to do the above suggestions from safe mode with network.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 10/22/2009 10:04 PM
#78750
User avatar

Bob92 Valued member

Date Joined Nov 2016
Total Posts: 21
I ran eset in safe mode. Could not save log. It deleted about 8 infections. Could not run superantispyware. If this helps, when I try to open anti-virus software on my desktop...I get "windows cannot access specified device, path or file. You may not have appropiate permision to access item", or if I click on a link it will say"application not found" <br/>I did reboot, out of safe mode and having same problems <br/> <br/> <br/> <br/>Thanks, <br/> <br/>Bob <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/> <br/>Bob
Posted 10/23/2009 5:16 AM
#78761
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hmm :rolleyes: <br/> <br/> <br/> <br/> <br/> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 8pt; mso-ansi-language: EN-GB" lang=EN-GB>Click:<SPAN style="mso-spacerun: yes"> <SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 8pt"><SPAN style="mso-ansi-language: EN-GB" lang=EN-GB>http://ad13.geekstogo.com/Win32kDiag.exe<SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 8pt; mso-ansi-language: EN-GB" lang=EN-GB><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 8pt; mso-ansi-language: EN-GB" lang=EN-GB>and download Win32kDiag.exe directly to your C drive folder, so it then is C:\Win32kDiag.exe. <br/> <br/> <br/>Go to Start - Run, type cmd (and press OK). At the prompt type or copy/paste the following, pressing Enter after: <br/> <br/>cd\ <br/>win32kdiag -r -f <br/> <br/>Once that completes press any key to finish the scan. Post the new Win32kDiag.txt log with your next reply (it should be located on the desktop). <br/> <br/>If by chance you cannot run the command window steps -> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 8pt; mso-ansi-language: EN-GB" lang=EN-GB>Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 8pt; mso-ansi-language: EN-GB" lang=EN-GB> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 8pt; mso-ansi-language: DE" lang=DE>"%userprofile%\desktop\win32kdiag.exe" -f -r<o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 8pt; mso-ansi-language: DE" lang=DE> <o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 8pt; mso-ansi-language: EN-GB" lang=EN-GB>When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.<o:p></o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 10/24/2009 6:04 PM
#78804
User avatar

Bob92 Valued member

Date Joined Nov 2016
Total Posts: 21
I did not do last direction yet, however I was able to run eset in normal mode and this was result of scan: <br/>C:\Windows\System32\drivers\atapi.sys Win32/Olmarik.OF virus unable to clean
Posted 10/25/2009 2:21 AM
#78842
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
[code] <br/>C:\Windows\System32\drivers\atapi.sys Win32/Olmarik.OF virus unable to clean <br/>[/code] <br/>That´s not a good sign, therefore run the Win32kDiag.exe instructions, as there are probably more infections.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 10/25/2009 9:07 PM
#78859
User avatar

Bob92 Valued member

Date Joined Nov 2016
Total Posts: 21
unsucessfull downloading win32kdiag.exe. <br/>Both commands,you gave me will not work."not recognized as a internal or external command, operable program or batch file
Posted 10/28/2009 10:08 AM
#78958
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Ok. See if you can run Gmer -> <br/> <br/> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #333333; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>Click <SPAN style="FONT-FAMILY: Verdana; COLOR: #333333; FONT-SIZE: 9pt; mso-bidi-font-size: 12.0pt"><SPAN style="mso-ansi-language: EN-GB" lang=EN-GB>http://www.gmer.net/download.php<SPAN style="FONT-FAMILY: Verdana; COLOR: #333333; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: #333333; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 12.0pt" lang=EN-GB>and download the installer for Gmer to your desktop, then click that file to run Gmer. <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.0pt" lang=EN-GB> <br/> <br/>If on it's opening scan Gmer locates items shown in red or indicates "hidden" or "rootkit", stop there, and click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. We don't want any crashes just from taking an initial look at things. <br/> <br/>If not, then click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan). <br/> <br/>When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p> <br/> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.0pt" lang=EN-GB> <o:p></o:p> <br/><SPAN style="FONT-FAMILY: Verdana; COLOR: black; FONT-SIZE: 9pt; mso-ansi-language: EN-GB; mso-bidi-font-size: 8.0pt; mso-bidi-font-family: 'Times New Roman'; mso-fareast-font-family: 'Times New Roman'; mso-fareast-language: DA; mso-bidi-language: AR-SA" lang=EN-GB>You can break logs into parts and use separate posts here when replying and posting the log files, if needed.<BR style="mso-special-character: line-break"><BR style="mso-special-character: line-break">

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 10/28/2009 2:02 PM
#78965
User avatar

Bob92 Valued member

Date Joined Nov 2016
Total Posts: 21
Dave, <br/> <br/>gmer will not download. When download screen pops up it say it has downloaded 0 bytes of 0 bytes. <br/> <br/>Bob
Posted 11/4/2009 2:38 PM
#79252
User avatar

Bob92 Valued member

Date Joined Nov 2016
Total Posts: 21
Is this a lost cause?
Posted 11/5/2009 6:54 AM
#79278
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Unfortunality, it looks like it. However, let´s try one more shot -> <br/> <br/> <br/>Download and run rkill: <br/> <br/> <br/><SPAN style="mso-ansi-language: EN-GB" lang=EN-GB>[3]Rkill.exe - [/3]<SPAN style="mso-ansi-language: EN-GB" lang=EN-GB>[color=#0000ff][3]http://download.bleepingcomputer.com/grinler/rkill.exe[/3][/color]<SPAN style="mso-ansi-language: EN-GB" lang=EN-GB> <br/>[3]Rkill.com - [/3]<SPAN style="mso-ansi-language: EN-GB" lang=EN-GB>[color=#0000ff][3]http://download.bleepingcomputer.com/grinler/rkill.com[/3][/color]<SPAN style="mso-ansi-language: EN-GB" lang=EN-GB> <br/>[3]Rkill.scr - [/3]<SPAN style="mso-ansi-language: EN-GB" lang=EN-GB>[color=#0000ff][3]http://download.bleepingcomputer.com/grinler/rkill.scr[/3][/color]<SPAN style="mso-ansi-language: EN-GB" lang=EN-GB> <br/>[3]Rkill.pif - [/3]<SPAN style="mso-ansi-language: EN-GB" lang=EN-GB>[color=#0000ff][3]http://download.bleepingcomputer.com/grinler/rkill.pif[/3][/color] <br/> <br/>Then see if you can run any of the security tools you have ?<SPAN style="mso-ansi-language: EN-GB" lang=EN-GB><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Thursday, December 8, 2016, 7:11 AM (GMT +1)
There are a total of 61,161 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 1 reply posts.

Who's online

This forum has 37,968 registered members. Please welcome our newest member, Crawlerz.
There are currently no users on-line.