Solved Do I have the w32 Blaster?

I inadvertently clicked on an Adobe Flash pop up today and my computer went into a nose dive. A fictitious Internet Security screen tells me I've got 6 viruses. It has shut me out of the Internet and all programs. I've tried downloading malware removal programs in safe mode but every one will not complete the download. Each Time at the end of the download a screen tells me the download has a virus and it's been deleted. Suggestions?

Hi Prescottbob

Download the tool on another PC . Use a flash drive to transfer the tool to the infected PC


RogueKiller Download

:ar: Click on Download now

:ar: Save to the Desktop.

:ar: Close all windows and browsers

:ar: Right click on and choose Run as Administrator

:ar: Press: SCAN

:ar: provide the RKreport.txt (Mode: Scan) in your reply.

Thanks, I'll give it a try after a good night's sleep.

Anytime your ready

I've got the scan report ( RK put it in NotePad ) . How do I get it in the post?

Just highlite the report, select: Copy
Then, Paste it in your reply.

It should not be a large report.

I'm a real novice. I highlited the report, selected copy, then how do I paste to the post?

Press: Post Reply

Then, right-click the blank area, select Paste and it should show whatever was copied.

Then, press: Submit Reply

Started in : Safe mode with network support
User : Binnie [Admin rights]
Mode : Scan -- Date : 05/06/2013 08:50:39
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 13 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Internet Security (C:\Users\Binnie\AppData\Roaming\amsecure.exe) [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-429565886-468534743-1202395684-1000[...]\Run : Internet Security (C:\Users\Binnie\AppData\Roaming\amsecure.exe) [-] -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST31500341AS +++++
--- User ---
[MBR] 565cafce03e31579f24341c0c8632f3e
[BSP] cead95340ba2d9af9313cc5fd7a1a309 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 1415758 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_05062013_02d0850.txt >>
RKreport[1]_S_05062013_02d0850.txt

Thank You Cottonball

Should I go ahead and delete the items RK has checked or wait till a Win 7 help guru looks at the RK report and gives me the go ahead?

Prescottbob,

Please run RogueKiller once again:

•Quit all programs
•Right-click the RogueKiller file and select: Run as Administrator
•Wait until the Prescan finishes
•Press: Scan
•Once the scan is done, press the [Delete] button.

Please post the new RKreport (Mode: Remove) in your reply, just like you did before..
The report is created on the Desktop

When done with RogueKiller, please download the free version of Malwarebytes' Anti-Malware (MBAM):
Malwarebytes : Malwarebytes Anti-Malware removes malware including viruses, spyware, worms and trojans, plus it protects your computer

Save to the Desktop.

MBAM may make changes to the Registry as part of its disinfection routine.
If using other security programs that detect Registry changes, they may interfere or alert you.
Let your security program(s) allow the changes that MBAM makes. It is a safe program.
Double-click the downloaded file to run MBAM.

When the installation begins, follow the series of setup wizard prompts pressing Next, and on the last prompt, press: Install
When done with this phase, press: Finish
However, uncheck: Enable free trial of Malwarebytes Anti-Malware Pro


MBAM automatically starts and takes you to the main console and to the Scanner tab.
On the Scanner tab:
Make sure the Perform Full Scan option is selected.
Then click on the Scan button.

The scan may take some time to complete, so please be patient.

When the scan is finished, a message box shows: The scan completed successfully. ..etc.
If anything is found, click Show Results to display all objects found.
Click OK to close the message box and continue with the removal process.
Make sure that everything is checked, and click: Remove Selected

When removal is completed, a report opens in Notepad.
(The log is automatically saved and can also be viewed by clicking the Logs tab).

Please post the MBAM log in your reply.

Take your time.

Will be back @ about 4:00PM CST, USA to check.


Edit:
Also, reboot after running RogueKiller, and see if you can run Malwarebytes in normal Windows (not in Safe Mode).

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : Download RogueKiller (Official website)
Blog : tigzy-RK
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Binnie [Admin rights]
Mode : Remove -- Date : 05/06/2013 11:33:38
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Internet Security (C:\Users\Binnie\AppData\Roaming\amsecure.exe) [-] -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST31500341AS +++++
--- User ---
[MBR] 565cafce03e31579f24341c0c8632f3e
[BSP] cead95340ba2d9af9313cc5fd7a1a309 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 1415758 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[3]_D_05062013_02d1133.txt >>
RKreport[1]_S_05062013_02d0850.txt ; RKreport[2]_S_05062013_02d1130.txt ; RKreport[3]_D_05062013_02d1133.txt

Report after delete. Now should I leave safe mode?

Rebooted, went to malwarebytes, downloaded free version, a virus was detected in the download and was deleted. Internet IE is working again. Windows security center is alerting but won't start.

Did you run Malwarebytes or did your antivirus think it was a virus and stopped you from downloading?

Did not run malwarebytes, it stopped loading at99 percent with the virus detected message.

disable your virus for time being until it downloads.

VistaKing:

Same result with McaFee shut off.

Ah ... McAfee Uninstall that program . Reinstall MSE

:ar: McAfee Removal Tool
http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

:ar: MSE download
Microsoft Security Essentials - Microsoft Windows

On the Drop down menu choose " Windows Vista / Windows 7 64-bit " and click on Download now