Virus shut down my registry editing and others

Unknown

Hi, asking for your assistance here, you've been so helpful before.

I trusted my symantec scanning to tell me if there was a virus lurking inside an executable before I launched it but it didn't detect a virus, so now there's a virus rampant on my computer. It doesn't seem to do anything dangerous, except that I can't go into my registry. And sometimes when I restart my computer, I get the blue screen of death. But a lurking virus is never a good sign, and my symantec antivirus can't seem to get rid of it, please help!

Thank you so much, you guys are a lifesaver time and time again.

goosew_108

Hi, I ran Malware and I got rid of some parts of the virus. This is my most updated logs. I don't think it's quite clean yet because I keep getting errors. Please tell me what I can do next! Thanks.

chiaz

Hello,

Let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.


Please include C:\ComboFix.txt and a new HijackThis log for further review, so that we may continue cleansing the system.


Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

goosew_108

Thanks for looking that over, I ran the two programs like you asked. How's my comp looking now??

chiaz

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\drivers\ae711e63.sys
Folder::
c:\program files\iWin Games
c:\windows\BBSTORE
Registry::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ae711e63]

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt in your new reply.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall. Altering this script in any way could damage your computer.*

goosew_108

Ran combofix again, here's the log.

A problem that is happening with my computer now is it tends to hang quite frequently, I'm not sure if that's an overheating problem or if it's a slowdown because of the malware. I also can't get my printers working because the print spool refuses to run, I read online that that's a common problem for computers that's been infected??

chiaz

OK....let's have you go HERE to run Panda ActiveScan 2.0

• Click the big green Scan now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• Once the scan is completed, please hit the notepad icon next to the text Export to:
• Save it to a convenient location such as your Desktop
• Post the contents of the ActiveScan.txt in your next reply.

goosew_108

Here we are, thanks!

chiaz

Looks good to me.

You may want to remove these though.
C:\Documents and Settings\Lucia\My Documents\Lucia\Applications, programs, BLAH\Adobe Illustrator CS2\keygen.exe
C:\Documents and Settings\Lucia\My Documents\Lucia\Applications, programs, BLAH\Macromedia Studio\Contribute3Installer-en.zip
C:\Documents and Settings\Lucia\My Documents\Lucia\Applications, programs, BLAH\Photoshop CS2 v9.0 + working KeyGen\keygen.exe

goosew_108

Excellent! They are now removed. I'm so relieved that this didn't destroy everything. Thank you so much you guys are geniuses.

chiaz

I think our work is done here - your PC should be clean now.

It's time to remove ComboFix.

Go to to Start > Run
Type in box

combofix /u

Note: the space between the X and the /u

Press Enter.

This command will:

Delete the following:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present

Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.


Even if you have no more queries, I would appreciate if you can reply once more to this thread so that I will be able to have this archived. Thanks.