-
April 13th, 2012, 06:39 PM
#1
[Inactive] VMalwarebytes removed all programs?-dang kids
My kids HP home school computer had a virus...
SOOO---my wife downloaded Malwarebytes and ran it.
Everything except Malwarebytes, adobe and IE are gone...
IE still has a problem that it HIJACKS any of the searches (which was the original problem+ more)...
I tried to open in Safemode and use SYSTEM RESTORE. It allows SYSTEM RESTORE to start but, once you pick a point to restore from and hit NEXT...it runs for a minute..then stops...If you click NEXT again, it does nothing until you pick a new restore point.
Any help appreciated.
-
April 13th, 2012, 08:14 PM
#2
Welcome aboard
Please, complete all steps listed here: http://discussions.virtualdr.com/sho...d.php?t=167915
Please, observe following rules:
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running tools or applying updates other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
=============================================================
Let's see, if we can recover your missing features.
Download and run UnHide
Let me know, if it worked.
-
April 14th, 2012, 02:00 PM
#3
update
Your reply seemed 'generic'...
The computer will not allow me to download and does not recognize the CD rom anymore.
-
April 14th, 2012, 02:35 PM
#4
The welcome part of the reply with instructions is given to all new members
here in the intensive care forum.
The pertinent part of the reply to you directly is below the double line.
Can you download the program on another computer and transfer/run it
via a thumb drive?
VirtualDr email notices are not working.
Check back regularly for responses.
_____________________
cat lovers click here
-
April 14th, 2012, 06:59 PM
#5
Your reply seemed 'generic'...
I didn't want to sound rude, so I simply won't comment.
-
April 15th, 2012, 04:14 PM
#6
update
Broni----I am sorry if I offended you, It was a loong day.
Anyway, UNHIDE did work.
All the programs are back but:
-IE is still being hijacked when I do a search.
-I can not get Malwares to download or copy from a usb
-I have AVG 2012. When I run it, it finds problems but can not fix them all
***I will be out of town for 3-4 days so my reply moving forward might be slightly delayed.
-
April 15th, 2012, 04:18 PM
#7
Good news
Complete required steps when ready...
-
April 27th, 2012, 02:57 PM
#8
-
April 27th, 2012, 04:47 PM
#9
UPDATE
Ok,
I started with MALWAREBYTES...
The computer will no not connect to the internet.
So could not update prior to running.
Here is the log
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.04.08
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Parent :: K12-E92297E4956 [administrator]
4/27/2012 1:31:47 PM
mbam-log-2012-04-27 (13-31-47).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204013
Time elapsed: 7 minute(s), 46 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\WINDOWS\Temp\0.13905803992966592 (Exploit.Drop.9) -> Quarantined and deleted successfully.
(end)
-
April 28th, 2012, 12:03 PM
#10
UPDATE
Last night I ran Malwares and GMER.
Nothing detected but, not able to connect to the internet thru WIRELESS or when I plug cable directly in.
-
April 28th, 2012, 12:48 PM
#11
Transfer the logs to a thumbdrive, as a example, and post using a different computer.
-
April 28th, 2012, 08:10 PM
#12
The Malwares LOG is posted above...
here is the GMER log.
MER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-28 17:06:41
Windows 5.1.2600 Service Pack 3
Running: dqve4unt.exe; Driver: C:\DOCUME~1\Parent\LOCALS~1\Temp\pwndaaod.sys
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\$NtUninstallKB6093$\2809841349 0 bytes
File C:\WINDOWS\$NtUninstallKB6093$\3795514871 0 bytes
File C:\WINDOWS\$NtUninstallKB6093$\3795514871\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB6093$\3795514871\cfg.ini 256 bytes
File C:\WINDOWS\$NtUninstallKB6093$\3795514871\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB6093$\3795514871\L 0 bytes
File C:\WINDOWS\$NtUninstallKB6093$\3795514871\L\ydobhgbn 162816 bytes
File C:\WINDOWS\$NtUninstallKB6093$\3795514871\oemid 170 bytes
File C:\WINDOWS\$NtUninstallKB6093$\3795514871\U 0 bytes
File C:\WINDOWS\$NtUninstallKB6093$\3795514871\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB6093$\3795514871\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB6093$\3795514871\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB6093$\3795514871\U\80000000.@ 66560 bytes
File C:\WINDOWS\$NtUninstallKB6093$\3795514871\U\80000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB6093$\3795514871\U\80000032.@ 115712 bytes
File C:\WINDOWS\$NtUninstallKB6093$\3795514871\version 908 bytes
---- EOF - GMER 1.0.15 ----
-
April 29th, 2012, 03:35 PM
#13
-
May 1st, 2012, 05:39 PM
#14
I have posted the two logs....
Appears all the virus is gone but, I am unable to connect to the internet with this computer. When I use wireless or plug in, it is unable to aquire network address.
-
May 1st, 2012, 06:47 PM
#15
There are two more scan logs that we need.. pls see the instruction thread..
aswMBR.exe and dds scans are the next two
VirtualDr email notices are not working.
Check back regularly for responses.
_____________________
cat lovers click here
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|