Welcome to Smokey's Security Forums.
As a guest you only have limited access to the board and it's features, please consider registering to gain full access!
Registration is free and it only takes a few moments to complete.

Smokey's Security Forums

Please login or register.

Login with username, password and session length
Advanced search  

News:

A flaw in Google's bug database exposed private security vulnerability reports

The bug allowed the researcher to see the most sensitive vulnerabilities in Google's services.

​A flaw in Google's bug database exposed private security vulnerability reports

Malware Log Analysis & Removal Help * Ransomware Encryption & Decrytion Techniques * Official Jetico Inc. Support Forums

Share this topic on FacebookShare this topic on MySpaceShare this topic on RedditShare this topic on TwitterAuthorTopic: Suspected virus on Hp Pavilion g4 Win7  (Read 3109 times)

0 Members and 1 Guest are viewing this topic.

mikehendeTopic starter

  • Full Member
  • **
  • Offline Offline
  • Posts: 71
Re: Suspected virus on Hp Pavilion g4 Win7
« Reply #10 on: April 04, 2013, 09:23:46 PM »
As mentioned in the other thread the friend already took both units back as he was desperate to get them back, I told him that we should wait until "you" confirm that all is well but he says "as long as it's working normally he will take his chances" so that's that. As soon as the wife can get around to it, I will donate $10 to this board via her Paypal account for helping me with the 2 units, I know it's not much but I did this as a favor for this friend as he does favors for me too so I am making this donation myself.

Starbuck

  • Site Owner
  • *
  • Online Online
  • location: Midlands. UK
  • Posts: 3420
  • .: Leader Malware Analysis & Removal Team
  • -: Site Help Desk - Support Department
    • WWW
Re: Suspected virus on Hp Pavilion g4 Win7
« Reply #9 on: April 04, 2013, 09:08:43 PM »
That's odd, you shouldn't have a problem with .txt files.
Just copy and paste the reports in a reply.

mikehendeTopic starter

  • Full Member
  • **
  • Offline Offline
  • Posts: 71
Re: Suspected virus on Hp Pavilion g4 Win7
« Reply #8 on: April 04, 2013, 01:13:19 PM »
After running the adwcleaner the laptop started working normal again, thanks! Trying to attach both log files here it is saying I "cannot attach .txt files"?

mikehendeTopic starter

  • Full Member
  • **
  • Offline Offline
  • Posts: 71
Re: Suspected virus on Hp Pavilion g4 Win7
« Reply #7 on: April 04, 2013, 12:05:55 AM »
I downloaded OTL from within the laptop but with the interface open, but nothing functions, tried the same from cd, same result? Sorry, I was posting at the same time, will try your instructions now.

Starbuck

  • Site Owner
  • *
  • Online Online
  • location: Midlands. UK
  • Posts: 3420
  • .: Leader Malware Analysis & Removal Team
  • -: Site Help Desk - Support Department
    • WWW
Re: Suspected virus on Hp Pavilion g4 Win7
« Reply #6 on: April 03, 2013, 11:59:00 PM »
Quote
I can go on the net, how should I proceed please?



Step 1
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on the Delete button.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

.


Step 2
  • Download OTL to your desktop.
    right click on the link and select 'Save Link/Target As'.

    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check
.

.


Now copy the lines in bold below.

netsvcs
msconfig
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\*
%USERPROFILE%\..|smtmp;true;true;true /FP
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT


  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.


    .
  • Click the Run Scan button.



  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.
In your next reply, please submit:
ADWCleaner report
and both reports from OTL

mikehendeTopic starter

  • Full Member
  • **
  • Offline Offline
  • Posts: 71
Re: Suspected virus on Hp Pavilion g4 Win7
« Reply #5 on: April 03, 2013, 11:28:00 PM »
No, I didn't try that, did so now, it works, I can go on the net, how should I proceed please?

Starbuck

  • Site Owner
  • *
  • Online Online
  • location: Midlands. UK
  • Posts: 3420
  • .: Leader Malware Analysis & Removal Team
  • -: Site Help Desk - Support Department
    • WWW
Re: Suspected virus on Hp Pavilion g4 Win7
« Reply #4 on: April 03, 2013, 11:13:06 PM »
Hi Mike,

A couple of things:
Quote
(ATTENTION: FRST version is 20 days old)

As FRST is updated regularly, you will need to download and run the latest version.

Have you tried booting the machine into 'Safe Mode' or 'Safe Mode with Networking?


mikehendeTopic starter

  • Full Member
  • **
  • Offline Offline
  • Posts: 71
Re: Suspected virus on Hp Pavilion g4 Win7
« Reply #3 on: April 03, 2013, 10:38:08 PM »
Hey Pete, thanks for referring me to this forum and appreciate you taking the time to help with this even with your hectic schedule! Please see attached file for the frst log.

Starbuck

  • Site Owner
  • *
  • Online Online
  • location: Midlands. UK
  • Posts: 3420
  • .: Leader Malware Analysis & Removal Team
  • -: Site Help Desk - Support Department
    • WWW
Re: Suspected virus on Hp Pavilion g4 Win7
« Reply #2 on: April 03, 2013, 10:24:01 PM »
Hi Mike,

Quote
To post the log results here, which is the best way to do this please since the log is too big and will need at least 3 posts?

Click the reply button to this post.
Click Additional Options.
You will then see the attachment browse button.
Use this to select the file from your system and add the attachment to the post.

mikehendeTopic starter

  • Full Member
  • **
  • Offline Offline
  • Posts: 71
Suspected virus on Hp Pavilion g4 Win7
« Reply #1 on: April 03, 2013, 05:27:46 PM »
Hello All, I am new here so please bear with me? I am trying to clean 2 computers for a friend, his desktop and his daughter's laptop. I have create this thread here for the laptop and will create another for the desktop.

I Powered on but this machine would not always go o desktop and when it does, it cannot go to the net, open the Control panel or the C Drive or any other normal function so I restarted, chose "Launch Startup repair"-that did not work.
I then put a CD in the drive with all Malware tools:
OTL
AdwCleaner
Combofix
aswMBR
Malwarebytes Anti-Malware
RogueKiller
TDSSKiller

but the drive would not recognize CD and I cannot open it from within Windows so I then downloaded OTLPEnet.exe on a cd but it would not boot and the system will not go to into the BIOS by me pressing ESC, F1, F2, DEL or F10 keys or go to the Boot Order screen and will not boot from the CD.
I then put frst on a USB stick and followed these instructions:

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

    Restart the computer.
    As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    Use the arrow keys to select the Repair your computer menu item.
    Select US as the keyboard language settings, and then click Next.
    Select the operating system you want to repair, and then click Next.
    Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

        Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    Select Command Prompt
    In the command window type in notepad and press Enter.
    The notepad opens. Under File menu select Open.
    Select "Computer" and find your flash drive letter and close the notepad.
    In the command window type e:\frst64 (or \frst if using the 32bit version) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
    The tool will start to run.
    When the tool opens click Yes to disclaimer.
    Press Scan button.
    It will make a log (FRST.txt) on the flash drive.

To post the log results here, which is the best way to do this please since the log is too big and will need at least 3 posts? Or if there is something else I should do, please help? Thanks.
 

* Permissions
You can't post new topics.
You can't post replies.
You can't post attachments.
You can't modify your posts.
BBCode Enabled
Smilies Enabled
[img] Enabled
HTML Disabled


Except where otherwise stated, all content, graphics, banners and images included © 2006 - 2017 Smokey Services™ -- All rights reserved
Design board graphics, banners and images by Meg&Millie - Emma aka Tinker

This site does not store profiling-, tracking-, third-party and/or any other non-essential cookie(s) on client computers and is fully compliant with the EU ePrivacy Directive
Smokey's does not use any Web Analytics/Analysis Service, and also does not use any browser fingerprinting techniques

    

  

Smokey's also provides free fully qualified FRST (Farbar Recovery Scan Tool) Log / Malware Analysis & Removal Help and System Health Checks
rifle
rifle
rifle
rifle