Thanks,
John
"john" <jmck...@cableone.net> wrote in message
news:uD4Wceg...@TK2MSFTNGP05.phx.gbl...
but before you do, look at the keys
and ascertain their folder locations
and delete those afterwards.
incidentally, you can delete those
entries from the registry and disk.
however, since they are trojans as
you elude to then this implies there
is a software installed that is doing
one thing as it was marketed to be
but in the background it is also unleashing
the trojans.
so find out which program is unleashing
them, or you will never see the end of
the trojan infections.
incidentally, sometimes trojans corrupt
the system files.
so don't be surprised if after you inoculate
your system, you have to initiate a repair
install to replace corrupted system files
with genuine ones.
--
db���`�...�><)))�>
DatabaseBen, Retired Professional
- Systems Analyst
- Database Developer
- Accountancy
- Veteran of the Armed Forces
- @Hotmail.com
- nntp Postologist
~ "share the nirvana" - dbZen
~~~~~~~~~~~~~~~
>
>
"john" <jmck...@cableone.net> wrote in message
news:uD4Wceg...@TK2MSFTNGP05.phx.gbl...
Hello John:
If you *DO* already have MBAM installed previously, you may rename the
MBAM executable. For example:
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
to
C:\Program Files\Malwarebytes' Anti-Malware\johnmbam.exe
Then launch MBAM as usual, *update* the database and scan in the
system's normal mode as opposed to "Safe" mode.
Although the registry entries you found may indeed be toxic, some
don't relish the thought of using regedit.
Please post a follow-up to this thread with your progress.
--
1PW
| Thanks,
| John
John:
What do you mean "fail to work" ?
Fail to execute ?
Fail to find and eliminate the trojan ?
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
John
John
John
--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
"john" <jmck...@cableone.net> wrote in message
news:eRbTsWiQ...@TK2MSFTNGP05.phx.gbl...
--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
"john" <jmck...@cableone.net> wrote in message
news:eNXBCriQ...@TK2MSFTNGP04.phx.gbl...
Try renaming SuperAntiSpyware.exe to something else, like gotcha.exe.
Try the same for the Malwarebytes AntiMalware executable.
Buffalo
PS: You may even want to try installing the infected HDD in another computer
as a Slave Drive and clean it there.
| Fail to execute. I posted the error message in one of my replies.
| John
TDSS RootKit ?
Close all running programs and utilities and download Gmer
http://www.gmer.net/#files
Follow David Lipman's advice.
That is your best chance for success.
Buffalo
Burn BitDefender, or another program listed at the link below, to a CD
(using a working machine) and test the infected machine with it.
BitDefender also has a Rootkit checker on the Linux Desktop; run it if
you think that's the problem:
http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/
Download the executable rather than the .iso image, if one is
available.. it prompts you to insert a CD and burns the file, no problem.
Then run these:
Malwarebytes© Corporation
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
SuperAntispyware
http://www.superantispyware.com/superantispywarefreevspro.html
--
Joe =o)
Well, it appears that PCBUTTS has confirmed that he's stalking me again.
Notice how he's registered an account using my name - showing his
sickness and how unethical he is.
--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam9...@rrohio.com (remove 999 for proper email address)
How come you posted from another server instead of your giganews
account?
You have to resort to stalking me from multiple Usenet providers now?
That can be a clear symptom of a trojan, or a rootkit underneath it,
defending itself. You'd probably find that things like the malwarebytes
installer couldn't run, either. Rename the installer or the executable,
then run it.
ccleaner can help you with this process, but these infections are likely
hiding in the Windows folder structures, rather than the temp folders. A
lot of the help ccleaner affords here is reducing the time required for
scanning.
Also, if your system is infected, restore points will also be infected.
And be sure that you have created another user account, because it's
possible to damage the user profile.
HTH
-pk
DO NOT downlaod anything from this known purveyor of malware. Even the
authentic looking URL is a complete fake.
Google 'pcbutts1' for more info.
you need to figure out which process
that is running is unleashing them
so, the keys should provide some
clue.
if not, run autoruns from microsoft and
or process explorer.
also, people forget about the prefetch
files - they get loaded at boot time.
and third party drivers get loaded at
boot time as well.
--
db���`�...�><)))�>
DatabaseBen, Retired Professional
- Systems Analyst
- Database Developer
- Accountancy
- Veteran of the Armed Forces
- @Hotmail.com
- nntp Postologist
~ "share the nirvana" - dbZen
~~~~~~~~~~~~~~~
>
>
"john" <jmck...@cableone.net> wrote in message
news:eRbTsWiQ...@TK2MSFTNGP05.phx.gbl...
After deleting the two entries and without rebooting, will MBAM or SAS run?
so perhaps it is another reason why
your deletions don't take.
just a thought to consider.
--
db�ソス�ソス�ソス`�ソス...�ソス><)))�ソス>
DatabaseBen, Retired Professional
- Systems Analyst
- Database Developer
- Accountancy
- Veteran of the Armed Forces
- @Hotmail.com
- nntp Postologist
~ "share the nirvana" - dbZen
~~~~~~~~~~~~~~~
>
>
"db" <datab...@hotmail.com> wrote in message
news:Op$5zipQK...@TK2MSFTNGP02.phx.gbl...
> the likely would get re entered in the
> registry.
>
> you need to figure out which process
> that is running is unleashing them
>
> so, the keys should provide some
> clue.
>
> if not, run autoruns from microsoft and
> or process explorer.
>
> also, people forget about the prefetch
> files - they get loaded at boot time.
>
> and third party drivers get loaded at
> boot time as well.
>
> --
> db�ソス�ソス�ソス`�ソス...�ソス><)))�ソス>
john wrote:
> Buffalo wrote:
>> After deleting the two entries and without rebooting, will MBAM or
>> SAS run?
>>
>>
> no
Did you try renaming the exe for SuperAntiSpyware.exe to something else and
then running it?
Perhaps something like Begone.bat or similar and then double-clicking on
it to execute it?
Buffalo
John
| I ran Gmer but, it got to the folder in the windows directory $hf_mig$
| which I think stores all the windows updates, and promptly shut down. I
| can not delete the file from my down load directory. I am thinking that
| this nasty critter is located in the windows directory but, not at all
| sure how to find it. I am wondering if it might be wise to create a log
| file when the system boots up. Any thoughts on that?
| John
Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
Then post the contents of the HJT log in your post with a full explanation of your problem
and what you have done to date in one of the below expert forums...
{ Please - Do NOT post the HJT Log here ! }
Forums where you can get expert advice for HiJack This! (HJT) Logs.
NOTE: Registration is REQUIRED in any of the below before posting a log
Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0
Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://www.malwarebytes.org/forums/index.php?showforum=7
Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13
I'll try the programs you suggested above.
Thanks,
John
John
Just curious. Did you ever try renaming SuperAntiSpyware.exe to something
else and then executing it?
Buffalo
>> | John
>> Suggested primary:
>> http://www.thespykiller.co.uk/index.php?board=3.0
Rename HJT to something like TOM.COM and try again.
Thanks,
John
Thanks, Bit Defender sounds promising, since it runs.
Buffalo
PS:Something wouldn't let you change the name or the extension of the SAS
executable?
I am not good at this stuff, so thanks for the info.
Thank you all,
John
| I would like to thank all of you for your help. The links that David
| posted were of great help. It appearers that the Trojans have been
| removed. I had to un install all the anti malware software and re
| install it all. Everything seems to be working properly. It seemed to
| be just keep trying to run each suggested program until you found one
| that worked and then go back to the beginning and start over.
| Thank you all,
| John
Thanx for the feedback John!