"Attention 1972vet"

  • 50 Replies
  • 10183 Views
*

Offline GRINGOYLE

  • Bronze Member
  • 49
Re: "Attention 1972vet"
« Reply #15 on: March 08, 2009, 01:28:10 AM »
combofix frozen at...

Scanning for infected files . . .
This typically doesn't take more then 10 minutes
However,scan times for badly infected machines may easily double 

combofix has been frozen here more then 60 minutes

*

Offline 1972vet

  • Microsoft® MVP
  • Malware Removal Staff
  • Diamond Member
  • 8290
  • Patience is bitter indeed, but its fruit is sweet.
Re: "Attention 1972vet"
« Reply #16 on: March 08, 2009, 09:08:35 AM »
Have you disabled your protective software prior to dragging the combofix script file?
Disabled Veteran
U.S.C.G. 1972 - 1978
Membership: U.N.I.T.E., A.S.A.P.

2009-13

Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

*

Offline GRINGOYLE

  • Bronze Member
  • 49
Re: "Attention 1972vet"
« Reply #17 on: March 08, 2009, 12:29:16 PM »
yes the same way I did last combo fix scan

*

Offline 1972vet

  • Microsoft® MVP
  • Malware Removal Staff
  • Diamond Member
  • 8290
  • Patience is bitter indeed, but its fruit is sweet.
Re: "Attention 1972vet"
« Reply #18 on: March 08, 2009, 12:50:29 PM »
That's curious. The first run went fine, the second run hangs up...interesting.

Make sure you can View All Files.

If you haven't already, look in your add/remove programs listing and uninstall BitComet...also, delete every file you KNOW that you downloaded using BitComet...and uninstall any other program that you also KNOW you downloaded using BitComet.

Let's assume then that everything else prior to the combofix script instruction went fine. That would mean that you've run the Symantec removal tool eliminating any possible conflict there...and checking on your newly downloaded antivir product to see that it is disabled was just an extra step since the disabling was built into that script (KILLALL).

Let's try to tackle the remainder of the instruction a different way. Reboot the computer into Safe mode. Once in safe mode and logged on as "Administrator", please continue with the instructions below:

Locate and delete the following folders indicated in Bold Text:
c:\program files\BitComet
c:\documents and settings\Eva\Application Data\Symantec
c:\documents and settings\Administrator\Application Data\Symantec
c:\documents and settings\All Users\Application Data\Symantec
c:\program files\Common Files\Symantec Shared

Copy the data in the code box below into notepad and save it as deletereg.reg
Set File type to "all files"
Code: [Select]
REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10478:TCP"=-
"10478:UDP"=-
Double-click that file and confirm you want to merge it with the registry.

Reboot the computer.

When the system comes back up, visit This Web Site and upload the following file for a free scan:
C:\ituninst.bat

...Post back your results. Thanks!


Disabled Veteran
U.S.C.G. 1972 - 1978
Membership: U.N.I.T.E., A.S.A.P.

2009-13

Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

*

Offline GRINGOYLE

  • Bronze Member
  • 49
Re: "Attention 1972vet"
« Reply #19 on: March 08, 2009, 12:58:41 PM »
That's curious. The first run went fine, the second run hangs up...interesting.

Make sure you can View All Files.

If you haven't already, look in your add/remove programs listing and uninstall BitComet...also, delete every file you KNOW that you downloaded using BitComet...and uninstall any other program that you also KNOW you downloaded using BitComet.

I'll do my best the person who used the programs sold this laptop to my friend and has become really unhelpfull in reguards to what info he can provide about the programs he had installed or used.

I am going to start on the next steps now for you.

*

Offline 1972vet

  • Microsoft® MVP
  • Malware Removal Staff
  • Diamond Member
  • 8290
  • Patience is bitter indeed, but its fruit is sweet.
Re: "Attention 1972vet"
« Reply #20 on: March 08, 2009, 01:24:20 PM »
That's OK...I wouldn't worry if I were you. Any cracked software that was downloaded using BitComet will eventually turn up with our efforts.
Disabled Veteran
U.S.C.G. 1972 - 1978
Membership: U.N.I.T.E., A.S.A.P.

2009-13

Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

*

Offline GRINGOYLE

  • Bronze Member
  • 49
Re: "Attention 1972vet"
« Reply #21 on: March 08, 2009, 01:36:26 PM »
I was only able to find the followin files to delete

c:\program files\BitComet
c:\program files\Common Files\Symantec Shared

also Do I need to perform:
Copy the data in the code box below into notepad and save it as deletereg.reg
Set File type to "all files"

Code:
REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10478:TCP"=-
"10478:UDP"=-
Double-click that file and confirm you want to merge it with the registry.

Reboot the computer.
 when I am in safe mode?

VirSCAN.org Scanned Report :
Scanned time   : 2009/03/08 12:47:11 (MST)
Scanner results: All Scanners reported not find malware!
File Name      : ituninst.bat
File Size      : 324 byte
File Type      : MS-DOS batch file text
MD5            : 6a502b835ccba619be535c3dc42e5595
SHA1           : cd5bd4c64073bb873514644f3047bb0885ad8ccc
Online report  : http://virscan.org/report/9aefefb29f6269dedb6d72813cd7490a.html

Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result
a-squared      4.0.0.32        20090308223224    2009-03-08  2.27   -
AhnLab V3      2009.03.07.01   2009.03.07        2009-03-07  1.07   -
AntiVir        7.9.0.105       7.1.2.135         2009-03-07  1.92   -
Antiy          2.0.18          20090308.2212560  2009-03-08  0.12   -
Authentium     5.1.1           200903081655      2009-03-08  1.07   -
AVAST!         3.0.1           090307-0          2009-03-07  0.00   -
AVG            7.5.52.442      270.11.9/1989     2009-03-07  1.93   -
BitDefender    7.81008.2771082 7.24055           2009-03-09  2.55   -
CA (VET)       9.0.0.143       31.6.6386         2009-03-07  4.15   -
ClamAV         0.94.2          9080              2009-03-07  0.00   -
Comodo         3.8             1037              2009-03-08  0.50   -
CP Secure      1.1.0.715       2009.03.08        2009-03-08  7.18   -
Dr.Web         4.44.0.9170     2009.03.08        2009-03-08  4.16   -
F-Prot         4.4.4.56        20090308          2009-03-08  1.08   -
F-Secure       5.51.6100       2009.03.08.01     2009-03-08  0.05   -
Fortinet       2.81-3.117      10.133            2009-03-08  0.14   -
GData          19.3754/19.252  20090308          2009-03-08  3.31   -
ViRobot        20090307        2009.03.07        2009-03-07  0.41   -
Ikarus         T3.1.01.45      2009.03.08.72399  2009-03-08  3.93   -
JiangMin       11.0.706        2009.03.06        2009-03-06  1.52   -
Kaspersky      5.5.10          2009.03.08        2009-03-08  0.02   -
KingSoft       2009.2.5.15     2009.3.8.21       2009-03-08  0.63   -
McAfee         5.3.00          5547              2009-03-08  2.77   -
Microsoft      1.4405          2009.03.08        2009-03-08  4.54   -
mks_vir        2.01            2009.03.08        2009-03-08  2.63   -
Norman         6.00.06         6.00.00           2009-03-06  8.01   -
Panda          9.05.01         2009.03.08        2009-03-08  1.54   -
Trend Micro    8.700-1004      5.884.34          2009-03-08  0.02   -
Quick Heal     10.00           2009.03.07        2009-03-07  0.92   -
Rising         20.0            21.19.42.00       2009-03-06  0.24   -
Sophos         2.84.1          4.39              2009-03-09  2.03   -
Sunbelt        5031            5031              2009-03-08  0.58   -
Symantec       1.3.0.24        20090308.003      2009-03-08  0.09   -
nProtect       20090307.01     3288711           2009-03-07  4.10   -
The Hacker     6.3.2.7         v00275            2009-03-07  0.49   -
VBA32          3.12.10.1       20090307.1637     2009-03-07  1.61   -
VirusBuster    4.5.11.10       10.102.3/969050   2009-03-08  1.20   -


« Last Edit: March 08, 2009, 01:51:36 PM by GRINGOYLE »

*

Offline 1972vet

  • Microsoft® MVP
  • Malware Removal Staff
  • Diamond Member
  • 8290
  • Patience is bitter indeed, but its fruit is sweet.
Re: "Attention 1972vet"
« Reply #22 on: March 08, 2009, 02:04:17 PM »
Quote
Do I need to perform:
Copy the data in the code box below into notepad and save it as deletereg.reg
Set File type to "all files"...
...when I am in safe mode?
Well of course. Just curious how you think...why would I give an instruction that I wouldn't want you to perform?
Disabled Veteran
U.S.C.G. 1972 - 1978
Membership: U.N.I.T.E., A.S.A.P.

2009-13

Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

*

Offline GRINGOYLE

  • Bronze Member
  • 49
Re: "Attention 1972vet"
« Reply #23 on: March 08, 2009, 02:13:29 PM »
Don't worry I did that step the question was did I need to do it in safe mode, cause I was going to have to type the code by hand and I was worried about messing it up but I managed to get it entered right and confirm that it merge with the registry

*

Offline 1972vet

  • Microsoft® MVP
  • Malware Removal Staff
  • Diamond Member
  • 8290
  • Patience is bitter indeed, but its fruit is sweet.
Re: "Attention 1972vet"
« Reply #24 on: March 08, 2009, 02:54:41 PM »
OK great. Saving that data to notepad prior to actually following the instructions is what I had in mind...had you stopped at the point where I said to boot into safe mode, you also would not have been able to see what files I had in mind for you to delete. However, you said you deleted them so I imagine you printed the instructions. You could also have saved them to a text file to the desktop prior to booting into safe mode which is what I assumed you would decide upon...another bad assumption on my part, sorry  ;)

Can you try performing the "drag the cfscript.txt" instruction now and post back the results? Thanks!
Disabled Veteran
U.S.C.G. 1972 - 1978
Membership: U.N.I.T.E., A.S.A.P.

2009-13

Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

*

Offline GRINGOYLE

  • Bronze Member
  • 49
Re: "Attention 1972vet"
« Reply #25 on: March 08, 2009, 03:12:54 PM »
It appears to have frosen again at:

Scanning for infected file . . .
This typically doesn't take more than 10 minutes
However, scan times for badly infected machines may easily double

Its only been about 10 to 15 minutes since that screen came up but the laptop fans have stoped like the last time it froze at that screen

*

Offline GRINGOYLE

  • Bronze Member
  • 49
Re: "Attention 1972vet"
« Reply #26 on: March 08, 2009, 06:27:33 PM »
In an attemp to get you more info Mbam will not scan the laptop frezes up at:

objects scanned: 4090
objects infected: 0
time elapsed: 3 second(s)

freezes there evry time

*

Offline GRINGOYLE

  • Bronze Member
  • 49
Re: "Attention 1972vet"
« Reply #27 on: March 08, 2009, 06:32:46 PM »
The laptop seems to be running Avia AntiVir just fine, its csanned nearly 50% now without any trouble.

*

Offline 1972vet

  • Microsoft® MVP
  • Malware Removal Staff
  • Diamond Member
  • 8290
  • Patience is bitter indeed, but its fruit is sweet.
Re: "Attention 1972vet"
« Reply #28 on: March 08, 2009, 06:37:05 PM »
Let's look at the simple possibilities first. While attempting to run combofix, you have already disabled avira and you have only the free version of mbam? Is that right? If so, then moving on, you do nothing else at all with the computer while combofix is attempting to run. That right too?
Disabled Veteran
U.S.C.G. 1972 - 1978
Membership: U.N.I.T.E., A.S.A.P.

2009-13

Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

*

Offline GRINGOYLE

  • Bronze Member
  • 49
Re: "Attention 1972vet"
« Reply #29 on: March 08, 2009, 06:41:42 PM »
Yes. I only have the free ver. of Mbam.
Yes, I also have Avira Anti disabled when running the combo fix

Befor you had me try the combo fix for a second time I read you reply about turning avira off so I decided to uninstall it along with Mbam to see if combofix would work but it did not.

I have just resent ly re-installed Mbam and avira to see of they will run.

also when running combofix I do nothing all browsers are closed I dont click the mouse nada