Having MAJOR virus probs - PLS HELP

barcelonic · 10-04-11, 05:13 PM

Major infections - afraid to restart machine.

Ran Avira after a full MSE scan and it deleted the stuff it found but the log says 19 detections found only 14 deleted.

All Im asking is if anyone who can understand this stuff would mind taking a look at the following log to tell me their thoughts

Any help massively appreciated thanks guys

Spoiler

barcelonic · 10-04-11, 05:14 PM

Sorry for double post - the log was too long for one post

Rest of log>>

Spoiler

grabrail · 10-04-11, 05:20 PM

You may be better getting some proper AV rather than free stuff. McAffee works a lot better.

Anyhow, looks like protected areas of your O/S are infected, "c:\windows\system32\drivers"

Try booting in safe mode and running the scan again, this should stop the driver files loading and allw them to be removed properly.

MrRedman · 10-04-11, 05:24 PM

Boot in Safe Mode - Start > Search box type "System Restore". Take your computer back to the last good configuration state.

grabrail · 10-04-11, 05:28 PM

Quote:

Originally Posted by MrRedman

Boot in Safe Mode - Start > Search box type "System Restore". Take your computer back to the last good configuration state.

Won't help. Once your computer boots succesfully to the O/S, this is marked as the "the last know good configuration"

So basically each time you boot your computer and log on, you are working on the last known good configuration. That option helps if you cannot get into windows at all, it will boot the last time you did, removing any changes or additions to the registry since the last time you succesfully logged in.

barcelonic · 10-04-11, 05:34 PM

Quote:

Originally Posted by MrRedman

Boot in Safe Mode - Start > Search box type "System Restore". Take your computer back to the last good configuration state.

I never set restore points and dont wanna lose data so not really an option for me.

Quote:

Originally Posted by grabrail

You may be better getting some proper AV rather than free stuff. McAffee works a lot better.

Anyhow, looks like protected areas of your O/S are infected, "c:\windows\system32\drivers"

Try booting in safe mode and running the scan again, this should stop the driver files loading and allw them to be removed properly.

Unfortunately i can't really do that until tomorrow as I urgently need use of PC tonight and havent restarted yet since infection but tomorrow i'll definitely go into safe mode, i never thought of that really - am i right in thinking safe mode doesnt connect to internet, hence why its safe?

Oh and btw Ive found processes running which are probably blocking my success somehow like ''iexplore.exe *32'' - there are 5 of these running. I thought it could be IE but i have 6 tabs open, not 5 so thats weird.

The descriptions of files found in MSE are roughly as like this:
about 3 moderate threats [browser modifiers], about 2 trojans [severe] and about 10 or so Exploits with no names just codes [severe] - all of which came at the same time when i rushed through a software installation and accidentally forgot to untick all the cr@p they try to throw in like toolbars, homepages etc..

Fortunately i know enough about the net to know when i've been infected and i know enough about PC viruses from past experience that restarting acts as a catalyst so i'm leaving it on as i need the use of it for tonight, if only for tonight.

Sorry for length of this post btw lol im just stressin lol

grabrail · 10-04-11, 05:41 PM

You have 2 options (depending on O/S) when choosing safe mode, with or without networking,

If you choose without then you wont have any internet access, if you choose with you probably will.

Safe mode essentially stops loading any drivers for your hardware and loads some basic legacy drivers for video etc. As your drivers folder contains infected files, these will be in use when booted in normal mode, but when loaded in safe mode these drivers shouldnt start so the files wont be in use. The AV should then be able to remove them.

Another thing you can do, is the following

start > run > msconfig

Then go to the startup tab and have a look down the list for anything weird. If its all weird to you lol, you can take a screenshot and post it on here and i will assist in disabling anything you shouldnt need.

I dont think theres anything too serious been picked up in the scan, more annoyances and trojans.

barcelonic · 10-04-11, 05:49 PM

thanks grabrail - thing is when i run a scan on MSE once its completed it says the stuffs been removed but asks me to restart computer; now MSE has NEVER asked me to restart following successful removal of any kind of malware - thats the thing that got me worrying in the first place

i will try the msconfig thing i think, do i need to be in safe mode for that tho?

grabrail · 10-04-11, 05:53 PM

Quote:

Originally Posted by barcelonic

thanks grabrail - thing is when i run a scan on MSE once its completed it says the stuffs been removed but asks me to restart computer; now MSE has NEVER asked me to restart following successful removal of any kind of malware - thats the thing that got me worrying in the first place

i will try the msconfig thing i think, do i need to be in safe mode for that tho?

No you can run msconfig at anytime.

The reason it wants you to reboot is becuase it will probably of marked the files it cant access for deletion, it will remove them upon restart

barcelonic · 10-04-11, 06:12 PM

Quote:

Originally Posted by grabrail

No you can run msconfig at anytime.

The reason it wants you to reboot is becuase it will probably of marked the files it cant access for deletion, it will remove them upon restart

the startup list contained things im familiar with, except Microsoft Intellipoint and Microsoft Security Client.

Im using Win7 64bit Home and i checked the folders for those programs and the date modified was Jan 11 and Dec 10 respectively, if that means anything.

As for running safe mode, i can do that tomorrow and hopefully im overreacting but i've lost PCs to viruses before and i cant stand being without my PC as im housebound and its my only source of entertainment [home cinema custombuilt machine]

edit: tried to rep you but couldn't sry

grabrail · 10-04-11, 06:13 PM

Quote:

Originally Posted by barcelonic

the startup list contained things im familiar with, except Microsoft Intellipoint and Microsoft Security Client.

These are quite safe

Let me know how you get on

cono1717 · 10-04-11, 07:00 PM

Probably the best piece of virus removal I have used.

Malwarebytes' Anti-Malware: Malwarebytes - Download it, let the database update, reboot in safe mode, full scan (while having a refreshing beverage) - Job Done.

Ilikefree · 10-04-11, 07:26 PM

MBAM is the most powerful virus removal software I've ever used. IMO it's worth paying for the real time scanning stuff

Cruelworld · 10-04-11, 07:38 PM

format c:
Best removal tool ever

**the_icks** · 10-04-11, 07:57 PM

fdisk /mbr

10-04-11, 05:13 PM	#1
barcelonic iBook Join Date: Aug 2008 Location: Swansea Posts: 2,927	Having MAJOR virus probs - PLS HELP Major infections - afraid to restart machine. Ran Avira after a full MSE scan and it deleted the stuff it found but the log says 19 detections found only 14 deleted. All Im asking is if anyone who can understand this stuff would mind taking a look at the following log to tell me their thoughts Any help massively appreciated thanks guys Spoiler Avira AntiVir Personal Report file date: 10 Ebrill 2011 16:26 Scanning for 2537417 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows 7 x64 Windows version : (plain) [6.1.7600] Boot mode : Normally booted Username : SYSTEM Computer name : CERI-PC Version information: BUILD.DAT : 10.0.0.635 31822 Bytes 07/03/2011 12:15:00 AVSCAN.EXE : 10.0.3.5 435368 Bytes 04/03/2011 13:36:52 AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 11:57:04 LUKE.DLL : 10.0.3.2 104296 Bytes 04/03/2011 13:36:59 LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 22:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 08:05:36 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 13:37:07 VBASE002.VDF : 7.11.3.0 1950720 Bytes 09/02/2011 13:37:08 VBASE003.VDF : 7.11.5.225 1980416 Bytes 07/04/2011 15:24:07 VBASE004.VDF : 7.11.5.226 2048 Bytes 07/04/2011 15:24:07 VBASE005.VDF : 7.11.5.227 2048 Bytes 07/04/2011 15:24:07 VBASE006.VDF : 7.11.5.228 2048 Bytes 07/04/2011 15:24:07 VBASE007.VDF : 7.11.5.229 2048 Bytes 07/04/2011 15:24:07 VBASE008.VDF : 7.11.5.230 2048 Bytes 07/04/2011 15:24:07 VBASE009.VDF : 7.11.5.231 2048 Bytes 07/04/2011 15:24:07 VBASE010.VDF : 7.11.5.232 2048 Bytes 07/04/2011 15:24:07 VBASE011.VDF : 7.11.5.233 2048 Bytes 07/04/2011 15:24:07 VBASE012.VDF : 7.11.5.234 2048 Bytes 07/04/2011 15:24:07 VBASE013.VDF : 7.11.5.235 2048 Bytes 07/04/2011 15:24:07 VBASE014.VDF : 7.11.5.236 2048 Bytes 07/04/2011 15:24:07 VBASE015.VDF : 7.11.5.237 2048 Bytes 07/04/2011 15:24:07 VBASE016.VDF : 7.11.5.238 2048 Bytes 07/04/2011 15:24:07 VBASE017.VDF : 7.11.5.239 2048 Bytes 07/04/2011 15:24:07 VBASE018.VDF : 7.11.5.240 2048 Bytes 07/04/2011 15:24:07 VBASE019.VDF : 7.11.5.241 2048 Bytes 07/04/2011 15:24:08 VBASE020.VDF : 7.11.5.242 2048 Bytes 07/04/2011 15:24:08 VBASE021.VDF : 7.11.5.243 2048 Bytes 07/04/2011 15:24:08 VBASE022.VDF : 7.11.5.244 2048 Bytes 07/04/2011 15:24:08 VBASE023.VDF : 7.11.5.245 2048 Bytes 07/04/2011 15:24:08 VBASE024.VDF : 7.11.5.246 2048 Bytes 07/04/2011 15:24:08 VBASE025.VDF : 7.11.5.247 2048 Bytes 07/04/2011 15:24:08 VBASE026.VDF : 7.11.5.248 2048 Bytes 07/04/2011 15:24:08 VBASE027.VDF : 7.11.5.249 2048 Bytes 07/04/2011 15:24:08 VBASE028.VDF : 7.11.5.250 2048 Bytes 07/04/2011 15:24:08 VBASE029.VDF : 7.11.5.251 2048 Bytes 07/04/2011 15:24:08 VBASE030.VDF : 7.11.5.252 2048 Bytes 07/04/2011 15:24:08 VBASE031.VDF : 7.11.6.19 95744 Bytes 08/04/2011 15:24:08 Engineversion : 8.2.4.206 AEVDF.DLL : 8.1.2.1 106868 Bytes 04/03/2011 13:36:49 AESCRIPT.DLL : 8.1.3.58 1266042 Bytes 10/04/2011 15:24:12 AESCN.DLL : 8.1.7.2 127349 Bytes 04/03/2011 13:36:48 AESBX.DLL : 8.1.3.2 254324 Bytes 04/03/2011 13:36:48 AERDL.DLL : 8.1.9.9 639347 Bytes 10/04/2011 15:24:11 AEPACK.DLL : 8.2.6.0 549237 Bytes 10/04/2011 15:24:11 AEOFFICE.DLL : 8.1.1.20 205177 Bytes 10/04/2011 15:24:11 AEHEUR.DLL : 8.1.2.97 3428726 Bytes 10/04/2011 15:24:10 AEHELP.DLL : 8.1.16.1 246134 Bytes 04/03/2011 13:36:41 AEGEN.DLL : 8.1.5.4 397684 Bytes 10/04/2011 15:24:09 AEEMU.DLL : 8.1.3.0 393589 Bytes 04/03/2011 13:36:40 AECORE.DLL : 8.1.20.2 196982 Bytes 10/04/2011 15:24:09 AEBB.DLL : 8.1.1.0 53618 Bytes 04/03/2011 13:36:39 AVWINLL.DLL : 10.0.0.0 19304 Bytes 04/03/2011 13:36:53 AVPREF.DLL : 10.0.0.0 44904 Bytes 04/03/2011 13:36:52 AVREP.DLL : 10.0.0.8 62209 Bytes 17/06/2010 13:27:13 AVREG.DLL : 10.0.3.2 53096 Bytes 04/03/2011 13:36:52 AVSCPLR.DLL : 10.0.3.2 84328 Bytes 04/03/2011 13:36:53 AVARKT.DLL : 10.0.22.6 231784 Bytes 04/03/2011 13:36:50 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 04/03/2011 13:36:51 SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 13:27:22 AVSMTP.DLL : 10.0.0.17 63848 Bytes 04/03/2011 13:36:53 NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 13:27:21 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 04/03/2011 13:37:12 RCTEXT.DLL : 10.0.58.0 97128 Bytes 04/03/2011 13:37:12 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, E:, G:, J:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +APPL,+PCK,+SPR, Start of the scan: 10 Ebrill 2011 16:26 Starting search for hidden objects. Error in ARK library The scan of running processes will be started Scan process 'avscan.exe' - '75' Module(s) have been scanned Scan process 'avscan.exe' - '30' Module(s) have been scanned Scan process 'avcenter.exe' - '89' Module(s) have been scanned Scan process 'avgnt.exe' - '51' Module(s) have been scanned Scan process 'sched.exe' - '48' Module(s) have been scanned Scan process 'iexplore.exe' - '157' Module(s) have been scanned Scan process 'iexplore.exe' - '95' Module(s) have been scanned Scan process 'iexplore.exe' - '95' Module(s) have been scanned Module is OK -> <C:\Program Files (x86)\Internet Explorer\iexplore.exe> [NOTE] Process 'iexplore.exe' was terminated Module is infected -> <C:\Program Files (x86)\ScanQuery\scanquery.dll> [DETECTION] Contains virus patterns of Adware ADWARE/Zwangi.fiw.1 [NOTE] The file was moved to the quarantine directory under the name '4ba368e3.qua'. Scan process 'jusched.exe' - '26' Module(s) have been scanned Scan process 'AdobeARM.exe' - '50' Module(s) have been scanned Scan process 'DTLite.exe' - '38' Module(s) have been scanned Scan process 'nvSCPAPISvr.exe' - '30' Module(s) have been scanned Scan process 'PnkBstrA.exe' - '27' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Master boot sector HD1 [INFO] No virus was found! Master boot sector HD2 [INFO] No virus was found! Master boot sector HD3 [INFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Boot sector 'E:\' [INFO] No virus was found! Boot sector 'G:\' [INFO] No virus was found! Boot sector 'J:\' [INFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '128' files ). *Part 2 in next post>>* __________________ APOLOGIES FOR TYPOS I HAVE A NEW KEYBOARD Join the Consoles.RI conga today! __ Free Loader \| UK Freebies Recieved: Spoiler Xbox 360 Premium Xbox Live Gold (12 Months) £34 Bank Transfer (Thx Furbs) £19.38 BT Godfather II (PS3) "Talking about music is like dancing about architecture" - Frank Zappa Last edited by barcelonic; 10-04-11 at 05:14 PM..

10-04-11, 05:14 PM	#2
barcelonic iBook Join Date: Aug 2008 Location: Swansea Posts: 2,927	Sorry for double post - the log was too long for one post Rest of log>> Spoiler Starting the file scan: Begin scan in 'C:\' <Solid State> C:\Program Files (x86)\ClickPotatoLite\bin\10.0.668.0\ClickPotatoLi teSAAX.dll [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen2 adware or spyware C:\Program Files (x86)\ScanQuery\ScanQuery_deleted_\scanquery.dll [DETECTION] Contains virus patterns of Adware ADWARE/Zwangi.fiz C:\Program Files (x86)\ScanQuery\ScanQuery_deleted_\scanquery.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\ShopperReports Uninstaller.exe [0] Archive type: NSIS [DETECTION] Contains recognition pattern of the DR/Hotbar.DH.52 dropper --> [PluginsDir]/Install.dll [DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen C:\ProgramData\ScanQuery\scanquery116.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\Users\Ceri\AppData\Local\Mozilla\Firefox\Profil es\atf1pyxx.default\Cache\8A5D5634d01 [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen2 adware or spyware C:\Users\Ceri\AppData\Local\Temp\nsc961C.tmp\Setup .dll [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware C:\Users\Ceri\AppData\LocalLow\Sun\Java\Deployment \cache\6.0\34\36d849a2-5711975f [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the JAVA/Exdoer.AF Java virus --> durdom/huiak.class [DETECTION] Contains recognition pattern of the JAVA/Exdoer.AF Java virus --> durdom/Stremer.class [DETECTION] Contains recognition pattern of the JAVA/OpenStream.L Java virus C:\Users\Ceri\AppData\LocalLow\Sun\Java\Deployment \cache\6.0\38\4442bda6-57a73ef9 [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the JAVA/Exdoer.AF Java virus --> durdom/huiak.class [DETECTION] Contains recognition pattern of the JAVA/Exdoer.AF Java virus --> durdom/Stremer.class [DETECTION] Contains recognition pattern of the JAVA/OpenStream.L Java virus C:\Users\Ceri\AppData\LocalLow\Sun\Java\Deployment \cache\6.0\46\3056f16e-74d54bba [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the EXP/Java.itq exploit --> Applet2.class [DETECTION] Contains recognition pattern of the EXP/Java.itq exploit C:\Users\Ceri\AppData\LocalLow\Sun\Java\Deployment \cache\6.0\47\52fcb46f-3d09dbfb [0] Archive type: ZIP [DETECTION] Contains recognition pattern of the JAVA/Exdoer.B Java virus --> bpac/purok.class [DETECTION] Contains recognition pattern of the JAVA/Exdoer.B Java virus --> bpac/Stremer.class [DETECTION] Contains recognition pattern of the JAVA/OpenStream.L Java virus C:\Users\Ceri\Downloads\XvidSetup.exe [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen2 adware or spyware C:\Windows\System32\drivers\sptd.sys [WARNING] The file could not be opened! C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\upgrade[1].cab [0] Archive type: CAB (Microsoft) [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan --> upgrade.exe [1] Archive type: NSIS --> [UnknownDir]/scanquery.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\Windows\Temp\SCA82D8.tmp\upgrade.exe [0] Archive type: NSIS [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan --> [UnknownDir]/scanquery.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan Begin scan in 'D:\' <Games> Begin scan in 'E:\' <Storage> Begin scan in 'G:\' <System Reserved> Begin scan in 'J:\' <LaCie> J:\Ceri-PC\Backup Set 2009-12-06 190000\Backup Files 2009-12-06 190000\Backup files 1.zip [0] Archive type: ZIP --> C/Users/Ceri/AppData/Local/Mozilla/Firefox/Profiles/febeprof.Ceri/Cache/6FCF8EC7d01 [WARNING] The file could not be read! Beginning disinfection: C:\Windows\Temp\SCA82D8.tmp\upgrade.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\Windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\upgrade[1].cab [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\Users\Ceri\Downloads\XvidSetup.exe [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen2 adware or spyware [NOTE] The file was deleted! C:\Users\Ceri\AppData\LocalLow\Sun\Java\Deployment \cache\6.0\47\52fcb46f-3d09dbfb [DETECTION] Contains recognition pattern of the JAVA/OpenStream.L Java virus [NOTE] The file was deleted! C:\Users\Ceri\AppData\LocalLow\Sun\Java\Deployment \cache\6.0\46\3056f16e-74d54bba [DETECTION] Contains recognition pattern of the EXP/Java.itq exploit [NOTE] The file was deleted! C:\Users\Ceri\AppData\LocalLow\Sun\Java\Deployment \cache\6.0\38\4442bda6-57a73ef9 [DETECTION] Contains recognition pattern of the JAVA/OpenStream.L Java virus [NOTE] The file was deleted! C:\Users\Ceri\AppData\LocalLow\Sun\Java\Deployment \cache\6.0\34\36d849a2-5711975f [DETECTION] Contains recognition pattern of the JAVA/OpenStream.L Java virus [NOTE] The file was deleted! C:\Users\Ceri\AppData\Local\Temp\nsc961C.tmp\Setup .dll [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware [NOTE] The file was deleted! C:\Users\Ceri\AppData\Local\Mozilla\Firefox\Profil es\atf1pyxx.default\Cache\8A5D5634d01 [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen2 adware or spyware [NOTE] The file was deleted! C:\ProgramData\ScanQuery\scanquery116.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\ShopperReports Uninstaller.exe [DETECTION] Contains recognition pattern of the DR/Hotbar.DH.52 dropper [NOTE] The file was deleted! C:\Program Files (x86)\ScanQuery\ScanQuery_deleted_\scanquery.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was deleted! C:\Program Files (x86)\ScanQuery\ScanQuery_deleted_\scanquery.dll [DETECTION] Contains virus patterns of Adware ADWARE/Zwangi.fiz [NOTE] The file was deleted! C:\Program Files (x86)\ClickPotatoLite\bin\10.0.668.0\ClickPotatoLi teSAAX.dll [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen2 adware or spyware [NOTE] The file was deleted! End of the scan: 10 Ebrill 2011 18:06 Used time: 1:21:07 Hour(s) The scan has been done completely. 21974 Scanned directories 530069 Files were scanned 19 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 14 files were deleted 0 Viruses and unwanted programs were repaired 1 Files were moved to quarantine 0 Files were renamed 1 Files cannot be scanned 530049 Files not concerned 3668 Archives were scanned 2 Warnings 16 Notes 54 Objects were scanned with rootkit scan 0 Hidden objects were found __________________ APOLOGIES FOR TYPOS I HAVE A NEW KEYBOARD Join the Consoles.RI conga today! __ Free Loader \| UK Freebies Recieved: Spoiler Xbox 360 Premium Xbox Live Gold (12 Months) £34 Bank Transfer (Thx Furbs) £19.38 BT Godfather II (PS3) "Talking about music is like dancing about architecture" - Frank Zappa

10-04-11, 05:24 PM	#4
MrRedman HTC Sensation 4G Join Date: Sep 2010 Location: London Posts: 346	Boot in Safe Mode - Start > Search box type "System Restore". Take your computer back to the last good configuration state. __________________ Click here! to join the freebiejeebies gadgets conga and get 2 FREE greens!

10-04-11, 05:49 PM	#8
barcelonic iBook Join Date: Aug 2008 Location: Swansea Posts: 2,927	thanks grabrail - thing is when i run a scan on MSE once its completed it says the stuffs been removed but asks me to restart computer; now MSE has NEVER asked me to restart following successful removal of any kind of malware - thats the thing that got me worrying in the first place i will try the msconfig thing i think, do i need to be in safe mode for that tho? __________________ APOLOGIES FOR TYPOS I HAVE A NEW KEYBOARD Join the Consoles.RI conga today! __ Free Loader \| UK Freebies Recieved: Spoiler Xbox 360 Premium Xbox Live Gold (12 Months) £34 Bank Transfer (Thx Furbs) £19.38 BT Godfather II (PS3) "Talking about music is like dancing about architecture" - Frank Zappa

10-04-11, 07:00 PM	#12
cono1717 iPod 30gb Join Date: Aug 2009 Location: Widnes Posts: 1,090	Probably the best piece of virus removal I have used. Malwarebytes' Anti-Malware: Malwarebytes - Download it, let the database update, reboot in safe mode, full scan (while having a refreshing beverage) - Job Done. __________________ Totally Free iPad \| McFlurry Ice Cream Van Everything I say reflects my own opinions and not that of any company.

10-04-11, 05:20 PM	#3
grabrail iBook Join Date: Dec 2006 Location: Nottingham Posts: 2,325	You may be better getting some proper AV rather than free stuff. McAffee works a lot better. Anyhow, looks like protected areas of your O/S are infected, "c:\windows\system32\drivers" Try booting in safe mode and running the scan again, this should stop the driver files loading and allw them to be removed properly.

10-04-11, 05:41 PM	#7
grabrail iBook Join Date: Dec 2006 Location: Nottingham Posts: 2,325	You have 2 options (depending on O/S) when choosing safe mode, with or without networking, If you choose without then you wont have any internet access, if you choose with you probably will. Safe mode essentially stops loading any drivers for your hardware and loads some basic legacy drivers for video etc. As your drivers folder contains infected files, these will be in use when booted in normal mode, but when loaded in safe mode these drivers shouldnt start so the files wont be in use. The AV should then be able to remove them. Another thing you can do, is the following start > run > msconfig Then go to the startup tab and have a look down the list for anything weird. If its all weird to you lol, you can take a screenshot and post it on here and i will assist in disabling anything you shouldnt need. I dont think theres anything too serious been picked up in the scan, more annoyances and trojans.

10-04-11, 07:26 PM	#13
Ilikefree Mini Mac Join Date: Jul 2008 Location: London Posts: 5,141	MBAM is the most powerful virus removal software I've ever used. IMO it's worth paying for the real time scanning stuff

10-04-11, 07:38 PM	#14
Cruelworld Romper Stomper Join Date: May 2009 Location: Behind the fridge... Posts: 4,268	format c: Best removal tool ever __________________ Free Gadgets \| Free iPod \| Free iPhone \| Free Gadget \| Free Wii U This page will help some people.

10-04-11, 07:57 PM	#15
the_icks Mr Baldy Chicken Join Date: Mar 2006 Posts: 14,487	fdisk /mbr __________________