New
#1
Win 7 unable to use or create restore point after fbi virus
After being attacked and removing fbi virus I'm unable to use or create restore points. Tried repair and wmi.dat. Any other suggestions would be appreciated.
After being attacked and removing fbi virus I'm unable to use or create restore points. Tried repair and wmi.dat. Any other suggestions would be appreciated.
Follow the instructions here, then see if you can set a clean restore point Remove the FBI MoneyPak Ransomware or the Reveton Trojan
Farbar Service Scanner
Click here Farbar Service Scanner to DOWNLOAD
Place file into your desktop
Place a check mark next to the following options
- ⬜ Internet Services
- ⬜ Windows Firewall
- ⬜ System Restore
- ⬜ Security Center
- ⬜ Windows Update
- ⬜ Windows Defender
Press the Scan button
Farbar Service Scanner will create a log, called FSS.txt, on the Desktop. Upload the FSS.txt with your reply
Last edited by VistaKing; 19 Jul 2013 at 14:49.
I recommend wiping the HD with Diskpart Clean Command to get a perfect Clean Reinstall .
It will likely save time in the long run dealing with all of the surprises left behind even when you clean up a serious infection.
You may be right but I'll give the other fixes a try first thing tomorrow.
Run this tool as well
Farbar Recovery Scan Tool
32-bit Version OS Farbar Recovery Scan Tool <==== Download Link
Drag the FRST.exe from the Downloads folder to your Desktop
Right click on FRST.exe and choose
When the tool opens click Yes on the disclaimer window .
Press Scan button.
Please upload both logs in your reply.(FRST.txt and Addition.txt)
FRST.txt and Addition.txt will be on the Desktop
Upload a File
Click on the Go Advanced button under the Message box . Scroll down to Additional Options then click on Manage Attachments in the Attach Files sections . Click the Browse button locate the file then click on the Open button . In the Upload File from your Computer section click on the Upload button . Wait until it finishes uploading then close the window . Then click Submit Reply .
Don't Run
Open Notepad . Inside Notepad paste the highlighted text
start
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
HKLM\...\Run: [] - [x]
HKLM\...\Run: [TaskTray] - [x]
HKCU\...\Run: [AdobeBridge] - [x]
URLSearchHook: (No Name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No File
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
C:\ProgramData\20tb6z.dat
C:\ProgramData\dziw0q.pad
C:\ProgramData\as98213.txt
C:\ZD267718
C:\ProgramData\20tb6z.dat
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
end
Inside Notepad
click on File > Save As
File Name : Fixlist.txt
Save as type: All Files
Location: Destkop
Open up FRST.exe again . Click on the [Fix] button . Once its complete it will create a new log called Fixlog.txt upload that log.
AdwCleaner
Click here AdwCleaner
Click on Download Now button
Save to the Desktop
Right-click on AdwCleaner.exe and choose
Click on Delete and confirm the prompt.
Your computer will be rebooted automatically. A text file will open after the restart.
Upload the log : The log file is at C:\AdwCleaner[Sn].txt
Also run
TDSSKILLER
download link TDSSKiller
Save the file to the Desktop
Right-click the program and select:
When the TDSSKiller console opens, click on: Change Parameters
Under Additional Options, place a check in the box next to: Detect TDLFS File System
Click: OK
Press: Start Scan
If a suspicious object is detected, the default action is Skip, leave it as is, and click on: Continue
If malicious objects are found, they show in the Scan results.
Ensure Cure (the default) is selected, then click: Continue > Reboot now, to finish the cleaning process.
(Note: If Cure is not available, select Skip, >>Do not select: Delete<<)
When done, the tool outputs its log to the disk with the Windows Operating System, normally C:\
Logs have a name like:
C:\TDSSKiller.X.X.X_12.04.2013_15.31.43_log.txt
Please post the TDSSKiller log in your reply.
Last edited by VistaKing; 20 Jul 2013 at 00:04.