Virus wont allow to download or upload

Posted 10/20/2009 8:37 PM
#78550
User avatar

Bob92 Valued member

Date Joined Nov 2016
Total Posts: 21
This virus has shut down all my anti-virus software,AVG,spybot, highjack this, combofix. I have tried to download combo fix and malwarebytes by renaming and it will not allow the download. At this point I dont think I can download anything.
Please help

Bob
Posted 10/21/2009 6:43 AM
#78592
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hello Bob92





See if you download and run the below tool ->




[3] [/3]

Go: http://bamajim.com/

and download File Lister.

Save it to your Desktop

Rightlick ->> Extract all ->> And extract it to your Desktop

Open the File Lister Folder.

Note: Leave the FileLister.vbe file in the folder and run it from there.

Rightclick FileLister.vbe ->>Select Open Then Open to confirm.

When the program is fnished it will produce a log for you C:\Files.txt



Copy and paste the contents of that log in your reply.



The log will be reasonably large so you may have to divide it into sections and make several posts to post it.




[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 10/21/2009 2:12 PM
#78625
User avatar

Bob92 Valued member

Date Joined Nov 2016
Total Posts: 21
Dave,

I downloaded, but cant unzip file. Also, any programs I have tried to download and save to desktop, I cant find.
Even when I allow computer to search.....no success.

Thanks,
Bob
Posted 10/21/2009 2:50 PM
#78630
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Ok. Then run some online scan ->






Please go to [color=#0000ff>http://www.eset.com/onlinescan/[/url]

to perform an online scan. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.

Click on the Start button next to it.

When prompted to run ActiveX. click Yes.

You will be asked to install an ActiveX. Click Install.

Once installed, the scanner will be initialized.

After the scanner is initialized, click Start.

Check (tick) Remove found threats box.

Check (tick) Scan unwanted applications.

Click on Scan.

It will start scanning. Please be patient.

Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt.







Please run
http://www.superantispyware.com/onlinescan.html[/color]

Follow the instructions on the site. When downloaded, click on – Check for updates – Button.

Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining.
Ignore System Restore/Volume Information on ME and XP
Please leave the others unchecked.

On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click
NO.



When the scan have finished ->

Click Preferences . Click the Statistics/Logs tab .
Under Scanner Logs , double-click SUPERAntiSpyware Scan Log .
It will open in your default text editor (such as Notepad/Wordpad).


  • Save the logfile to desktop

  • Click close and close again to exit the program.

Reboot, if needed.

Post Superantispyware log, along with ESET log

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 10/21/2009 6:03 PM
#78692
User avatar

Bob92 Valued member

Date Joined Nov 2016
Total Posts: 21
Dave,

I can get to eset site, but I cant load scanner. When I receive email from ypu, with the link, I hit the link and a pop-up shows

that says,"cant find application"

Thanks,

Bob
Posted 10/22/2009 5:37 AM
#78732
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Ok. Try to do the above suggestions from safe mode with network.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 10/22/2009 10:04 PM
#78750
User avatar

Bob92 Valued member

Date Joined Nov 2016
Total Posts: 21
I ran eset in safe mode. Could not save log. It deleted about 8 infections. Could not run superantispyware. If this helps, when I try to open anti-virus software on my desktop...I get "windows cannot access specified device, path or file. You may not have appropiate permision to access item", or if I click on a link it will say"application not found"
I did reboot, out of safe mode and having same problems



Thanks,

Bob











Bob
Posted 10/23/2009 5:16 AM
#78761
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hmm :rolleyes:






Click: http://ad13.geekstogo.com/Win32kDiag.exe

and download Win32kDiag.exe directly to your C drive folder, so it then is C:\Win32kDiag.exe.


Go to Start - Run, type cmd (and press OK). At the prompt type or copy/paste the following, pressing Enter after:

cd\
win32kdiag -r -f


Once that completes press any key to finish the scan. Post the new Win32kDiag.txt log with your next reply (it should be located on the desktop).

If by chance you cannot run the command window steps ->

Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.



"%userprofile%\desktop\win32kdiag.exe" -f -r



When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 10/24/2009 6:04 PM
#78804
User avatar

Bob92 Valued member

Date Joined Nov 2016
Total Posts: 21
I did not do last direction yet, however I was able to run eset in normal mode and this was result of scan:
C:\Windows\System32\drivers\atapi.sys Win32/Olmarik.OF virus unable to clean
Posted 10/25/2009 2:21 AM
#78842
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
[code]
C:\Windows\System32\drivers\atapi.sys Win32/Olmarik.OF virus unable to clean
[/code]
That´s not a good sign, therefore run the Win32kDiag.exe instructions, as there are probably more infections.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 10/25/2009 9:07 PM
#78859
User avatar

Bob92 Valued member

Date Joined Nov 2016
Total Posts: 21
unsucessfull downloading win32kdiag.exe.
Both commands,you gave me will not work."not recognized as a internal or external command, operable program or batch file
Posted 10/28/2009 10:08 AM
#78958
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Ok. See if you can run Gmer ->



Click http://www.gmer.net/download.php

and download the installer for Gmer to your desktop, then click that file to run Gmer.


If on it's opening scan Gmer locates items shown in red or indicates "hidden" or "rootkit", stop there, and click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. We don't want any crashes just from taking an initial look at things.

If not, then click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.


You can break logs into parts and use separate posts here when replying and posting the log files, if needed.


[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 10/28/2009 2:02 PM
#78965
User avatar

Bob92 Valued member

Date Joined Nov 2016
Total Posts: 21
Dave,

gmer will not download. When download screen pops up it say it has downloaded 0 bytes of 0 bytes.

Bob
Posted 11/4/2009 2:38 PM
#79252
User avatar

Bob92 Valued member

Date Joined Nov 2016
Total Posts: 21
Is this a lost cause?
Posted 11/5/2009 6:54 AM
#79278
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Unfortunality, it looks like it. However, let´s try one more shot ->


Download and run rkill:


[3]Rkill.exe - [/3][color=#0000ff][3]http://download.bleepingcomputer.com/grinler/rkill.exe[/3][/color]
[3]Rkill.com - [/3][color=#0000ff][3]http://download.bleepingcomputer.com/grinler/rkill.com[/3][/color]
[3]Rkill.scr - [/3][color=#0000ff][3]http://download.bleepingcomputer.com/grinler/rkill.scr[/3][/color]
[3]Rkill.pif - [/3][color=#0000ff][3]http://download.bleepingcomputer.com/grinler/rkill.pif[/3][/color]

Then see if you can run any of the security tools you have ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Friday, July 28, 2017, 8:43 AM (GMT +2)
There are a total of 61,310 posts in 13,483 threads.
In the last 3 days there were 1 new threads and 5 reply posts.

Who's online

This forum has 38,066 registered members. Please welcome our newest member, MaxSlo.
There are currently no users on-line.
We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.