Touch Forum Moderator Hello
After You have run the scan tools -
Reboot normally
Post Hijackthis log along with SuperAntiSpyware log, , C: combofix TXT in this topic
Please copy and paste your log. DO NOT add it as an attachment
Kindly do not annotate or format the log with color or font changes.
NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.
Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.
Back to Top
Sherine Here is Hijackthis log file: Back to Top
Sherine SUPERAntiSpyware Scan Log.txt.txt.txtWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! Back to Top
Touch Forum Moderator Please download Malwarebytes' Anti-Malware:
Or here:
to your desktop .
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch
Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan , then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location.
Copy and Paste that log into your next reply, along with fresh combofix log.
NB : If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.
Back to Top
Sherine Malwarebytes' Anti-Malware 1.28WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! 0 eaed8d713d78954a90c813a5e2c5934\sp2gdr\magnify.exe0 eaed8d713d78954a90c813a5e2c5934\sp2gdr\narrator.exe0 eaed8d713d78954a90c813a5e2c5934\sp2gdr\osk.exe0 eaed8d713d78954a90c813a5e2c5934\sp2gdr\utilman.exe0 eaed8d713d78954a90c813a5e2c5934\sp2qfe\magnify.exe0 eaed8d713d78954a90c813a5e2c5934\sp2qfe\narrator.exe0 eaed8d713d78954a90c813a5e2c5934\sp2qfe\osk.exe0 eaed8d713d78954a90c813a5e2c5934\sp2qfe\utilman.exe Back to Top
Touch Forum Moderator Looks like it.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote:
Killall::
Snapshot::
File:: D:\WINDOWS\system32\drivers\qgrknn.sys
D:\Program Files\xzhsvd.txt
D:\WINDOWS\system32\wmdrtc32.dll
D:\DOCUME~1\Sherine\LOCALS~1\temp\erlb.exe
Driver::
abp470n5
Save this as:CFScript
Refering to the picture above, drag CFScript into ComboFix.exe
Rightclick on hijackthis and rename it to hjt exe
log, along with new hijackthis log.
Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.
Back to Top
Sherine Hello, Back to Top
Touch Forum Moderator We´ll try Avenger - >
Please download The Avenger by Swandog46 to your Desktop. Click on Avenger.zip to open the file
Extract avenger2.exe to your desktop
Start Avenger
Quote->
-------------------------------------
Files to delete:
D:\WINDOWS\system32\drivers\qgrknn.sys
D:\Program Files\xzhsvd.txt
D:\WINDOWS\system32\wmdrtc32.dll
D:\DOCUME~1\Sherine\LOCALS~1\temp\erlb.exe
Drivers to unload:
abp470n5
------------------------------------------------------
Copy/Paste all the text in the above quote box into the main window
Click Execute
The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions.
This log file will be located at C:\avenger.txt
Post C:\avenger.txt in next reply
Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.
Back to Top
Sherine Logfile of The Avenger Version 2.0, (c) by Swandog46 Back to Top
Sherine and although the avenger .txt says that the files deleted successfully but they're still there and lots of things are disable in my windows .... i'm getting mad with that virus.. Back to Top
Touch Forum Moderator
Ok. I notice that you do not seem to be running antivirus software.This is somewhat suicidal in today's digital world.
Avast! makes an excellent free antivirus client.
Install, update it, then run a complete systemscan.
Reboot.
Post new combofix log, along with a hiajckthis log
Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.
Back to Top
Sherine Hi ..First of all I want to thank u Touch for all Your time u spent to help me... I think it is a very stubborn Virus..the Avast didn't work either I couldn't install it .. I thing i'll gonna format my HD to kill it forever ... what do u think?? I Have dual systems on my HD and i found the virus even in the other operating system that i dont use when i tried to look for the file with the explorer search i found it in the system 32 folder on the other operating system...seems that it looks for all the operating systems in the hard drives and locate the file wmdrtc32.dll in the sys. folder of everyone... so i think Format the drive is the only way as i tried lots of things for days ...i have only one problem that the virus is in my flash drive and it cannot be formatted so how can i remove it from my flash in order not to come back again to my computer...Many thanx Back to Top
Touch Forum Moderator Download this removal tool to your desktop:http://www.techsupportforum.com/sectools/s...Disinfector.exe since this is a flashdrive infection, insert your flashdrive as well, because above tool will disinfect it as well.
Note : Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.
See if it help ?
Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.
Back to Top
Touch Forum Moderator Seems to be some nasty stuff you´ve got there
Lets run an F-Secure online scan.
Click HERE Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
Allow the Active X control to be installed on your computer, then click the Accept button
Click Full System Scan and allow the components to download and the scan to complete.
If malware is found, check Submit samples to F-Secure then select Automatic cleaning
When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post If Automatic cleaning with Submit samples hangs, click
Cancel , then
New Scan
When the cleaning option is presented, Uncheck Submit samples to F-Secure
Click Automatic cleaning
When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post Note: This scan will only work with Internet Explorer.
You must be logged on a administrator rights to run this scan.
The scan may take a few hours.
NB. Insert your flashdrive before scan
<!-- / message --><!-- sig -->
Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.
Back to Top
Forum Information Currently it is Saturday, November 21, 2009 2:59 PM (GMT +1)View Active Threads Who's Online This forum has 30334 registered members. Please welcome our newest member, sushil .Details 5 Latest Threads
aaaahhhhh. What a nightmare???.. Thanx for ur advice anyway ..
|