247fixes PC Help Forum: Before You Post ! - 247fixes PC Help Forum

Jump to content

Welcome to 247fixes PC Help Forum

Welcome to 247fixes PC Help Forum, like most online communities you must register to view or post in our community, but don't worry this is a simple free process that requires minimal information. Take advantage of it immediately, Register Now or Sign In.

  • Start new topics and reply to others
  • Subscribe to topics and forums to get automatic updates
  • Add events to our community calendar
  • Get your own profile and make new friends
  • Customize your experience here
Guest Message © 2010 DevFuse
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Before You Post ! READ THIS FIRST

#1 User is offline   jpshortstuff 

  • Forum Inspector
  • Icon
  • Group: Administrator
  • Posts: 1834
  • Joined: 13-August 07
  • Location:England

Posted 20 April 2008 - 09:45 PM

Firstly, you must be registered on the forums. To do this, click the following link and follow the on-screen directions:
>>Register<<

Next, have a read of the Rules and Guidelines for the Malware Removal Forum.

Before posting to the forums and beginning any fixes, we strongly advise that you take some safety precautions.

Create A System Restore Point

Download SysRestorePoint to your desktop and unzip it to it's own folder.
  • Double click SysRestorePoint.exe so that we can make a new system restore point.
  • A box will pop up after it has made a new point, usually after a few seconds. Close that window and exit the program.



http://img.informer.com/icons/png/32/0/772.png Backup Your Registry

Backup Your Registry with ERUNT

Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.*
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time



Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is Unchecked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.



Starting a New Topic

Now we need to start a new topic in the Malware Removal Forum. To do this, click the following link:
>>Create New Topic<<

In the "Topic Title" and "Topic Description" fields, type a title and description that we can identify your problem with.

For Example:

Topic Title: Virtumonde Infection
Topic Description: IE Popups and Security Warnings

Then, type a detailed description of your problem in the main text area. This will aid us in analyzing your problem and devising a fix for you. The more information you can give us, the better.

Finally, post the OTL and GMER logs so we can get started at fixing your problem.



Your topic has now been created. A member of staff will help you as soon as they can. Please bear in mind that all the staff here have real lives as well as helping out at many forums, so we will not always be able to attend to your thread as quickly as we would like. If this is the case and you haven't received a reply within 3 days of posting your topic, add a reply to this thread with a link to your topic in the Malware Removal Forum. We will attend to your thread as soon as we can.

You can help us by not replying to your own thread (helpers look for threads with 0 replies, starting with the oldest), and by reading the Rules and Guidelines for the Malware Removal Forum thread.

Thanks,

With Regards,
The 247Fixes Staff
0
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users