New
#31
Re-ran the full version of MalwareBytes. Re-running Super Anti-Spyware. Will set a restore point after that's finished. Then I guess I'm on my own
Windows Firewall Authorization Driver - not present, not working, etc
-
-
New #32
C:\Windows\Temp\213087.exe a variant of Win32/TrojanDownloader.Delf.QPN trojan cleaned by deleting - quarantined
C:\Windows\Temp\767930.exe a variant of Win32/TrojanDownloader.Delf.QRH trojan
Uggh! ... Trojan.Downloader.Win32.Delf.qrh is a very malicious item that is designed to allow remote access to your computer to largely occupy precious system resource, trace your Internet habits to record/steal your personal information
Print these instructions out so you don't miss a step:
You will need to change all your passwords, using a known 'clean' machine. Do Not use this infected one to do that!
Next, Copy and paste these lines in Note pad.
@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0
Save as flush.bat to your desktop.
Right click on the flush.bat file to run it as Administrator. Your computer will reboot itself.
Now, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
This is NOT a Windows problem ... it is a user problem with outdated security! Windows 7 is not infallible to Trojans, viruses and other malware. It's up to the user to pre-arm themselves against such.
After doing the above instructions, you NEED an anti-virus program. Download and install MSE as posted earlier. Once you've done that and updated (run a full scan),
I would like to see a Combofix log.
Download Combofix from any of the links below, and save it to your desktop.<--Important
Link 1
Link 2
Link 3
Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.
- Double click combofix.exe and follow the prompts.
- When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply
Please be patient while the scan runs, at times it may appear to stall.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply
After rebooting ensure your Security applications have been re-enabled.
In your next reply post:
ComboFix.txt
***A guide and tutorial on "How to use Combofix" can be found here:
A guide and tutorial on using ComboFix
IF CF won't run:
During the download, rename Combofix.exe to sVchost.exe
-
New #33
Will do this as soon as Super-Anti-Spyware is finished. I am currently using an old (reliable) XP desktop that hasn't given one-tenth of the problems in 7 years as the Windows 7 has in 17 months.
I do see, however, that you're recommending I run ComboFix. My understanding is that the product does not work with 64 bit versions of Windows, and armed with that knowledge, I'm reluctant to run TFC.
Feedback please!
-
New #34
Hi Boweasel,
You are extremely lucky to have Jacee helping you with this - she specialises in the malware area, and has been voted a Microsoft MVP in the area of consumer security for the past 5 years. She is one of two or three regulars here that are recognised as professionals in this area, and the fact that she does it in here own free time is a real bonus for us. In all aspects of security, I would follow Jacee's advise without hesitation or question.
Windows 7 wasn't responsible for the malware infection. Stick with Jacee, and she will get you to the end of this.
Regards,
Golden
-
New #35
Well Super Anti-Spyware finished, found another 55 errors (mostly adware), I removed them and set a restore point. Then, even though you hadn't responded, I downloaded and ran TPC, which prompted me to reboot.
And BTW, since I had to do a restore, Norton is back. or at least the icon and the empty folder. Once again I cannot run the removal tool. If I right click on it and click Troubleshoot Compatibility, say that it worked on Windows XP SP3, apply the settings, and run the pgm, I still get those 2 tasks in taskmgr, but no tangible removal screen. If I click on 'this problem has not been fixed, report it to Microsoft', I get a Troubleshooting has completed box that says Incompatible Application Detected.
Since Norton has apparently not been completely removed because of the restore, I don't know if I can install MSE, but I guess I'll try.
-
New #36
No doubt Norton and Windows firewall was disabled with the Trojan/Malware you have on that machine.
Combofix is not to be used, unless an instructor who knows how to use it, advises so. It will run on Windows 7 64 bit, if you follow my *above instructions*.
If you want to throw in the towel and be on your own, then do so ... otherwise I'm offering free help. It's totally up to you and I'm not *begging* you to do anything you don't want to do.
-
New #37
Look, I'm not saying I don't appreciate the help, but...
here's a link to the BleepingComputer article about ComboFix on 64 bit systems
64 bit Vista & 7 - Combofix?
And there's the incompatbility issue with the Norton Removal Tool, the fact that some of the instructions she gave me were obviously for Windows XP, and the Java screen she had me link to did not match her instructions to the point where I just updated it myself in my own way.
So yeah, I appreciate the help, but some of it's been hard to follow, some of it wrong, and yet you want me to blindly follow the advice I'm given. I don't see why questioning things can't do anything but help everybody - even the person offering advice
-
New #38
I guess I stand corrected, and so does BleepingComputer. ComboFix ran to the end. Here's the log:
-
New #39
You did see this, then ... A guide and tutorial on using ComboFix
I will analyze the log and get back to you when I can. It's Friday night and we need to eat dinner! :)
-
New #40
boweasel,
There are many "experts" out there. There is much "advice" out there.
You stick with Jaycee. Do what she says and nothing more than what she says and nothing less than what she says.
You will end up with a clean machine.
Quote
Related Discussions