Suspected malware and Can't seems to remove
Solved/Closed
Related:
- Suspected malware and Can't seems to remove
- How to remove number from blacklist - Guide
- Ubuntu remove password - Guide
- Remove recent files windows 11 - Guide
- Code to remove number from blacklist - Guide
- How to remove steam guard - Guide
7 responses
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,169
Apr 2, 2011 at 05:12 AM
Apr 2, 2011 at 05:12 AM
Dear Jasozhou,
You system is seriously infected and I found 27 items.
The virus made its entry through your peer to peer bittorent.
You have a spyware called Baidu and I also strongly suspect a rootkit.
You system as it is at the moment and will be after the upcoming desinfection will remain very vulnerable to all kinds of malmare and possible intrusion.
You system restore is presently deactivated. I suggest that you reactivate after desinfection.
I shall prescribe to you a very powerfull antidote that is able to kill and send any virus to the glue factory. It is of very last resort and should not be abused of, as matter of a fact, once you have used it, I suggest you delete it from your system.
To keep your system safe, you must follow the instructions hereunder to the letter:
First step, boot your system in safe mode with networking
1. Download Combofix to your desktop.
http://www.combofix.org/download.php
2.Close all open Windows including this one.
Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
3. Double click on the ComboFix icon.
Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
4. Accept the disclaimer and the recovery
5.You should now press the Yes button to continue. If at any time during the Recovery Console installation you receive a message stating that it failed to install, please allow ComboFix to continue with the scan of your computer.
ComboFix will disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings.
If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
During the process, please do not mouse click nor must you tap on the keyboard. Let the tool run.
Once you are done, report to me on how your system is behaving.
Good luck
Ambucias
You system is seriously infected and I found 27 items.
The virus made its entry through your peer to peer bittorent.
You have a spyware called Baidu and I also strongly suspect a rootkit.
You system as it is at the moment and will be after the upcoming desinfection will remain very vulnerable to all kinds of malmare and possible intrusion.
You system restore is presently deactivated. I suggest that you reactivate after desinfection.
I shall prescribe to you a very powerfull antidote that is able to kill and send any virus to the glue factory. It is of very last resort and should not be abused of, as matter of a fact, once you have used it, I suggest you delete it from your system.
To keep your system safe, you must follow the instructions hereunder to the letter:
First step, boot your system in safe mode with networking
1. Download Combofix to your desktop.
http://www.combofix.org/download.php
2.Close all open Windows including this one.
Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
3. Double click on the ComboFix icon.
Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
4. Accept the disclaimer and the recovery
5.You should now press the Yes button to continue. If at any time during the Recovery Console installation you receive a message stating that it failed to install, please allow ComboFix to continue with the scan of your computer.
ComboFix will disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings.
If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
During the process, please do not mouse click nor must you tap on the keyboard. Let the tool run.
Once you are done, report to me on how your system is behaving.
Good luck
Ambucias
Jasoz,
download and install malwarebytes from https://www.malwarebytes.com/
update it and run a full scan.
remove found infections.
restart your PC and go to
https://www.eset.com/uk/
run this scan.
once this is done do the same with
https://www.trendmicro.com/en_us/forHome/products/housecall.html
download and install malwarebytes from https://www.malwarebytes.com/
update it and run a full scan.
remove found infections.
restart your PC and go to
https://www.eset.com/uk/
run this scan.
once this is done do the same with
https://www.trendmicro.com/en_us/forHome/products/housecall.html
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,169
Apr 1, 2011 at 05:16 AM
Apr 1, 2011 at 05:16 AM
Dear Jasozhou,
If Kieferschild's solution and advice do not remove the virus completely,
To help you, I must make a diagnostic and to do so, I require a log.
Open this link and download ZHPDiag :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
Register the file on your Desktop.
Double click on ZHPDiag.exe and follow the instructions.
the tool created two icons ZHPDiag and ZHPFix (we will use ZHPFix at the next step).
Double click on the short cut ZHPDiag on your Destktop.
Click on the Magnifying glass and run the analysys.
Wait for the tool to finished (maybe a long time)
Close ZHPDiag.
To transmit the report, click on this link :
https://authentification.site
Click on Parcourir and search the directory where you installed ZHPDiag (usually C:\Program Files\ZHPDiag).
Select the file ZHPDiag.txt.
Click on "upload »
Copy the url and post it here
If Kieferschild's solution and advice do not remove the virus completely,
To help you, I must make a diagnostic and to do so, I require a log.
Open this link and download ZHPDiag :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
Register the file on your Desktop.
Double click on ZHPDiag.exe and follow the instructions.
the tool created two icons ZHPDiag and ZHPFix (we will use ZHPFix at the next step).
Double click on the short cut ZHPDiag on your Destktop.
Click on the Magnifying glass and run the analysys.
Wait for the tool to finished (maybe a long time)
Close ZHPDiag.
To transmit the report, click on this link :
https://authentification.site
Click on Parcourir and search the directory where you installed ZHPDiag (usually C:\Program Files\ZHPDiag).
Select the file ZHPDiag.txt.
Click on "upload »
Copy the url and post it here
Sorry for the delay in replying.
Thanks kieferschild for the solution offered but I have done all of that and the problem still persist.
Thanks Ambucias, I have done what you instructed me to do and here is the url.
Download Link:
http://www.speedyshare.com/files/27732837/ZHPDiag.txt
Delete Password:
vabubuhadose
Million thanks to the both of you!
Thanks kieferschild for the solution offered but I have done all of that and the problem still persist.
Thanks Ambucias, I have done what you instructed me to do and here is the url.
Download Link:
http://www.speedyshare.com/files/27732837/ZHPDiag.txt
Delete Password:
vabubuhadose
Million thanks to the both of you!
Didn't find the answer you are looking for?
Ask a question
Dear Ambucias,
Thanks a million!!
After following your prescription to the very last letter, my system is all well and good again!
Solved this and all other problems that have been troubling me for a long time. =)
Do you need a copy of the combofix.txt?
And by the way, you mentioned that my system is very vulnerable to future invasion, is there any recommendations that I can adopt to make my system more secure and ready to defend against invasion?
I got to thank you a million times over again or even more!
Cheers and kudos to you!
Jason Zhou
Thanks a million!!
After following your prescription to the very last letter, my system is all well and good again!
Solved this and all other problems that have been troubling me for a long time. =)
Do you need a copy of the combofix.txt?
And by the way, you mentioned that my system is very vulnerable to future invasion, is there any recommendations that I can adopt to make my system more secure and ready to defend against invasion?
I got to thank you a million times over again or even more!
Cheers and kudos to you!
Jason Zhou
Ambucias
Posts
47356
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,169
Apr 2, 2011 at 04:27 PM
Apr 2, 2011 at 04:27 PM
Hello Jason,
I will not require the Combofix log for I know what it did. However, I strongly recommend that you delete Combofix for it cannot be used lightly and any circumstances. Some people have and had to restore their system from scratch. It worked for you after I have analysed your log.
Please ensure your system restore is activated and create a new restore point that you can name Ambucias, this was you know it's a good place to go back to in case of a future infection.
Please be careful with your bittorent peer to peer downloads they are one of the most popular source to propagate viruses. Should you download anything, always scan it with your antivirus before opening or running.
When you McAfee license comes to term, I suggest you look into purchasing F-Secure or Kaspersky.
You are totally welcome, now lets start a chain, help someone else with anything, it can be something simple like helping an old lady to cross the street, donate blood ...or a kidney.
Best regards
I will not require the Combofix log for I know what it did. However, I strongly recommend that you delete Combofix for it cannot be used lightly and any circumstances. Some people have and had to restore their system from scratch. It worked for you after I have analysed your log.
Please ensure your system restore is activated and create a new restore point that you can name Ambucias, this was you know it's a good place to go back to in case of a future infection.
Please be careful with your bittorent peer to peer downloads they are one of the most popular source to propagate viruses. Should you download anything, always scan it with your antivirus before opening or running.
When you McAfee license comes to term, I suggest you look into purchasing F-Secure or Kaspersky.
You are totally welcome, now lets start a chain, help someone else with anything, it can be something simple like helping an old lady to cross the street, donate blood ...or a kidney.
Best regards
