Solved Do I have the w32 Blaster?

[cottonball]

Please remove MBAM.

It may be in Start > Control Panel > Programs and Features > Uninstall programs...

Now, go back to the MBAM website, and download it again.
When you see the downloaded file, save it to the Desktop, and in the Save prompt, rename it to: Mbob

Follow the previous instructions to install it, etc.

 

[Prescottbob]

Same virus detected message received. McAfee virus protection is turned off.

 

[cottonball]

Try downloading it in Safe Mode with Networking, and run it from there.

 

[cottonball]

Same virus detected message received...

Can you use the Snipping tool to post an image of whatever is showing:

How to Use the Snipping Tool in Vista and Windows 7
http://www.vistax64.com/tutorials/148532-how-use-snipping-tool-vista.html

How to Upload and Post a Screenshot and File in Seven Forums
http://www.sevenforums.com/tutorials/9733-screenshots-files-upload-post-seven-forums.html

 

[Prescottbob]

Nothing will complete downloading--am going back to Safe Mode to try them.

 

[cottonball]

Did it work in Safe Mode with Networking?

Edit:
Try the next post, #27!

If still no-go, please access the RKill Download
Save to the Desktop.


If rkill.exe does not run, then download and try to run iExplore.exe (a renamed RKill.exe), or RKill.com
You only need to get one of these to run.


If your antivirus warns you about this tool, ignore the warning, or temporarily disable your antivirus.
Info: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - BleepingComputer.com


Right-click on the downloaded RKill file and select: Run as Administrator


When the tool runs, a black DOS box briefly flashes and then disappears. This is normal and indicates the tool ran successfully.

When the scan is done, Notepad opens with the RKill report.

Please post the RKill report in your reply


>>Do not reboot the computer after running RKill, as the malware programs will start again!

If the computer reboots, run Rkill again before continuing to the next step.<<

.



Next, download the free version of Malwarebytes' Anti-Malware (MBAM)...etc. as previously posted.

 

[cottonball]

Use the option above, or, better yet, use this option:

SUPERAntiSpyware - SUPERAntiSpyware Portable Scanner

How to use:
http://www.howtogeek.com/howto/9283...-the-must-have-spyware-removal-tool-you-need/

If you are unable to get SUPERAntiSpyware running after following all the steps above, please download and run the following program:

SASSAFERUN.COM

Need to go out for chow...will get back to you later.

 

[Prescottbob]

MBAM, MCPR and MSE all fail to load in safe mode with networking. I'll stay in safe mode awaiting next thought.

 

[cottonball]

See Post #27, above!

 

[VistaKing]

To uninstall Programs in SafeMode .

Click on the rb: button then type regedit inside Search programs and files box. Right click over the regedit under neath Programs (1) select Run as Administrator . Click on the Yes button inside the User Access Control

Inside Registry navigate to

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\

Right-click on the Mininal key and from the menu select New – Key:

Now name the new key MSIService and change the value to Service by double-clicking it

close Registry

Now open up the Command Prompt with Elevated Rights . Click on the rb: once again type in CMD right click on CMD under neath Programs(1) choose Run as Administrator . On the UAC window click on the Yes button. Inside Command Prompt enter the command below

net start msiserver

press <ENTER>

Should get Service started Successfully . Close CMD by typing Exit

Retry to remove software.

 

[Prescottbob]

I'm in the process of doing the SAS retrieval. But will be a while before I get back to this machine.

Thanx for your patience.

 

[Prescottbob]

Do I try to run SAS in SAFE MODE or reboot first?

 

[VistaKing]

Try to run in SafeMode with networking update the definitions then run the program.

 

[cottonball]

Actually, that defeats the purpose of the SUPERAntiSpyware Portable...

As described by the website, ...it is a single file you can copy to your USB drive without requiring installation, and also automatically gives you a random filename so the malware can’t detect it as easily.

In other words, it should work in the infected environment...

 

[Prescottbob]

SAS still scanning. Has found Trojan.Agent/Gen-Injector(Fmt) and 54 tracking cooks.

 

[cottonball]

Prescottbob,

Is SAS pointing to a file when giving the detection?

Also, are you running SAS from Safe Mode or normal Windows?

 

[Prescottbob]

It's still scanning in safe mode. The screen only shows the Trojan nomenclature. However, I did notice SAS was scanning McAfee files when it appeared on the screen. Still scanning will SAS tell me to delete everything it lists?

 

[cottonball]

It should list what it found as Threats Detected, and give you the option to place a check next to what you wish to delete.

As far as cookies go, that is up to you, however, any serious entry, click: Remove Threats button.

Also press View Scan Log, which should open in Notepad, and post its results.

It is also possible that SAS asks for a reboot in order to delete some files. Please do so.

 

[Prescottbob]

Over 5 hours of scanning we have an SAS report. OOOPS! It was highlited and copied but when I hit paste it disappeared and never made it to the post. I'm rebooting now to see if things have improved.

 

[VistaKing]

Try copying it pasting the log again

Open up SUPERAntiSpyware and click View Scan Logs

Wrap log inside [CODE][/CODE] by clicking on the # symbol inside the message box