Printer showing offline permanentlyClosed

Question

Hello, Can someone please help,after clearing my pc of Malware I cannot use my printer 
it permanently shows offline and i cannot access most of my installed programmes I have tried everything that has been suggested so far without any luck and now it is causing me a lot of grief because i cannot use my programmes I now run Stopzilla to keep my pc protected although the malware attack disabled antimalware and my avg  
Thanking you in anticipation 


Configuration: Windows XP / Internet Explorer 8.0

Ambucias · Answer

To help you, and identify the virus if any,I must make a diagnostic and to do so, I require a log.  I should then be able to prescribe the proper medicinal compound. 

Open this link and download ZHPDiag :  

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html  


Register the file on your Desktop.  

Double click on ZHPDiag.exe and follow the instructions.  

the tool created two icons ZHPDiag and ZHPFix (we will use ZHPFix at the next step).  

Double click on the short cut ZHPDiag on your Destktop.   

Click on the Magnifying glass and run the analysys.  

Wait for the tool to finished (maybe a long time)  

Close ZHPDiag.  


To transmit the report, click on this link :  

https://authentification.site  

Click on Parcourir and search the directory where you installed ZHPDiag (usually C:\Program Files\ZHPDiag).  

Select the file ZHPDiag.txt.  

Click on "upload »  

Copy the url and post it here

Please also describe what you mean by you tried everything suggested so far.

Ambucias · Answer

Dear Flapper,

Sorry for the delay in my reply, I had signed out when I received your report.

Your system is badly infected by adware and a rogue trojan horse.  There is a total of 86 malware pesting your system.

I found Bandoo for Firefox, Mywebsearch, PUP FBsearch, GamesBar adw, Price Gong, Try Media, iWinarcade, Babylon, Fast browser search, Search a lot and that's just to mention a few.

I suspect that Kaza is the main source of infection.

Where on earth did you get this: Rubber DuckY®Malwarebytes' Anti-Malware?

There are many evil processes presently running on your system which we will try to end but first, you must delete some infected applications otherwise, nothing will work:

Delete:

1. Bandoo
2. Bejeweled Blitz 
3. GamesBar 2.0.1.12 - 
4. Search Guard Plus 
5. Zuma's Revenge

To kill the processes: 

1. Download to your desktop and run Rogue Kill: 

https://download.bleepingcomputer.com/grinler/rkill.com 

2. You should now see a window that shows all of your desktop icons, including the rkill.com program. 

3. Double-click on the rkill.com in order to automatically attempt to stop any processes associated with the Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. 

If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the Horse when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the processes . So, please try running Rkill until malware is no longer running. 

Please, DO NOT REBOOT your computer or the processes will come back to haunt you! 

Download to your desktop Malwarebyte. 

https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/ 

Once on your desktop, we must still outwit the virus. 

Right click on the MBAM icon and click on rename. Rename it kioskea.exe. 

Install Malwarebyte and launch it. From the second tab, update it. 

Pretty please, request a FULL system scan which should take more than hour. Once the scan is finish, delete all of item that were found. 

It is very important that you let Malwarebyte run for as long as it takes, in some cases the creators of Malwarebyte suggest that you go do something like watch a rerun of "Gone with the Wind" or read Tolstoy's "War and Peace".

Once your computer is clean and working normally just to be on the safe side 
*Turn off system restore and wait 30 seconds, 
*Turn it back on and create a new restore point. 

This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed. 
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process. 
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging. 

(Malwarebyte may reboot your computer, don't be alarmed. Should it happened, relaunch Malwarebyte to complete the FULL scan) 

Once you have completed, please report on how your system is performing.  

This may not be the end of it.

Good luck

Flapper · Answer

Hi Ambucias.I did as instructed my Stopzilla keeps finding a Trojan (JAVA.DL.REXEC.A) I instructed it to destroy but on the next scan it is there again,after each scan I always reboot.Would it be worth doing another search to see if my system is clear at last, my guess is it isn't.Many thanks for your fantastic help.

Ambucias · Answer

Hello Flapper

Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan y
download link: 

https://free.drweb.com/cureit//?lng=en

Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
*Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version

*Read the anti-virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.

*The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).

*If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.

*If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
*After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.

*In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.

*Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.

*Please be patient as this scan could take a long time to complete.

*When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.

*Click Select All, then choose Cure > Move incurable.

*In the top menu, click file and choose save report list.

*Save the DrWeb.csv report to your desktop.

*Exit Dr.Web Cureit when done.

*Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

Let me know if that trojan horse has gone to the glue factory.

Flapper · Answer

Hi Ambucias.I think several horses slain,when i rebooted  Stopzilla  was showing a warning low risk 20 LsassTrojans registry key HKLM\SYSTEM\CurrentContr. it means nothing to me but may be of value to you.Do I delete these ?.Please find report from Dr.Web.I eagerly await your reply. 

SkillJamLoader.dll;C:\Documents and Settings\All Users\Application Data\SkillJam\SecurePlayer;Program.PopcapLoader.4;Incurable.Moved.; 
acssetup.exe;C:\Program Files\Common Files\AOL\Backup\ACS\Current\UK;Trojan.MulDrop2.3621;Incurable.Moved.; 
slghex.dll;C:\Program Files\Common Files\Sandlot Shared;Adware.SpywareStorm;Incurable.Moved.; 
npCouponPrinter.dll;C:\Program Files\Mozilla Firefox\plugins;Adware.Coupons.34;Incurable.Moved.; 
atlantis_bundle.exe;C:\Program Files\Oberon Media\Atlantis Bundle;Trojan.SMSSend.309;Deleted.; 
Launch.exe;C:\Program Files\Oberon Media\Mahjong Quest 2;Trojan.Inject.6187;Incurable.Moved.; 
DialerOEM.exe;C:\Program Files\Tiscali\Tiscali Internet;Trojan.Swizzor.based;Deleted.; 
A0007107.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP17;Trojan.MulDrop2.3621;Incurable.Moved.; 
A0007108.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP17;Trojan.SMSSend.309;Deleted.; 
A0007109.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP17;Trojan.Inject.6187;Incurable.Moved.; 
A0007110.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP17;Trojan.Swizzor.based;Deleted.;

Ambucias · Answer

Flapper,

Lsass has been sometimes a worm but never a horse.  

Lsass verifies the authenticity of users on the server or computer.  If you system is now performing well,  In your case, it may indicate a weakness at the security level.

I suggest that you rerun Malwarebyte as I indicated previously. After that please run this free but most efficient registry cleaner:

https://ccm.net/download/download-13339-eusing-free-registry-cleaner

Clean you cache and all temporary files.

Then, let me know how your system is performing with all this cavalry you have sent to slaughter.  We will then see how we can reinforce your system if necessary.  I can't remember if Stopzilla is your only way of defense but if it is, you are very vulnerable and you will again be preyed on.

Regards

Flapper · Answer

Hi Ambucias. Ran in safe mode nothing malicious found by Anti-malware,seems much faster but browser seems sticky.I have AVG 9.0,super anti-spyware,anti-malware and now stopzilla running,but obviously nothing stopped the rubbish getting through to my pc.Am I doing something wrong? 
Should I be doing something else to protect myself?If it is of any relevance I could not browse in safe mode. Also  Stopzilla showed Java.DL.Rexec.A Trojan again.
Thanking you once again. 
Flapper

Ambucias · Answer

Hi Flapper,

It's probably a Stopzilla error to detect that perticular file somewhere in a quarantine.

You are running too many antiviruses, all have scanning engines and they may conflict with one another and let horse flies in.  I suggest you ditch super antispyware and stopzilla.  I trust that AVG provides you with a firewall as Windows.  I would also flush Malwarebyte if you still have it.  All of these security stuff will slow your browser.

If you remove those applications, rerun the registry cleaner.

Finally I suggest that you defragment your hardisk.

That you end the fix.

Regards

P.S. Stay away from the peer to peer applications, that's where you opened the gate for the first stallion and mare to get in your system.

Ambucias · Answer

Good'ol Flap,

Now you tell me that you have lost your icons!

Peer to peer sites are those where people upload applications and that you can get them free.  Such is the case for Kazaa which crawls in infestations of all kinds. 

As for your icons:

Please follow these steps to get your icons back: 

reboot your computer in the Safe mode with command prompt. 

Once Windows loaded, command prompt (black window) opens. Type notepad and press Enter. 

A notepad window opens. Type exactly the following text into notepad: 

[Version] 
Signature="$Chicago$" 
Provider=Myantispyware.com 

[DefaultInstall] 
AddReg=regsec 

[regsec] 
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000020,0 
HKLM, Software\Microsoft\Windows NT\CurrentVersion\Winlogon,Shell,0x00000020,"Explorer.exe" 

Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad). Close Notepad. 

In the command prompt type Explorer.exe and Press Enter. Windows Explorer opens. Locate the fix.inf, click right button and select Install. Close Windows Explorer. 

In the command prompt type shutdown -r and press Enter. Your computer will be rebooted.

Have a splendid day

Flapper · Answer

Hi Ambucias.I am sorry,but i did mention at the outset that I had lost my icons and all my programmes were there but showing empty.Once again many thanks I will now try and regain my icons.
kindest regards Flapper

Flapper · Answer

Hi Ambucias.Did as you instructed but missing icons and all programmes showing empty I think these awful things have done lots of damage severing links to all my programmes.
Kindest regards
Flapper

Ambucias · Answer

Hi Flapper

I don't know what you mean by your programmes showing empty, that is a computer expression I have never encounter.  Please explain what you are doing and what you mean.

Also, what I would like you to do is to completely delete ZHP Diag and redownload again.  I just want to ensure that no traces is left of the previous log is on the system.  Run ZHP Diag again and post the log.  Once you have done so, I will call upon jack4rall to have a look at it and we will team on your case.

Best regards

Flapper · Answer

HI Ambucias On the task bar when first switched on click start and it opens a window with icons and a green arrow after ALL PROGRAMMES if you click on this it shows you all your programmes for example AVG9.0 if I click on this it shows empty,although it is protecting my pc.I also have PHOTOIMPRESSIONS which allows me to edit family photos this shows empty and its icon is also missing,I hope this gives you an insight into my dilemma

Best regards

Flapper

Flapper · Answer

https://authentification.site/files/29013746/ZHPDiag.exe

Ambucias · Answer

Dear Flapper,

You uploaded the exe file for ZHP Diag instead of the log report.

I will see what Jack4rall has to say about the empty icons.

In the meantime, if you click right on start and left on Explorer.  Scroll the left pane, spot "program files", click on the + sign, do you see Photo Impressions there?

jack4rall · Answer

Hello,

First thanks to "Ambucias"

Try this 1

Check if the files are not in hidden mode.

Click on Start --> Run --> Type cmd and press Enter.

"Command Prompt" will be opened. Enter the following commands.

cd\           ----> Press Enter. Now your prompt changes to C:\>

attrib -h -r -s /s /d *.*  ---> Press Enter.

[You can copy the above command --> Right-click in the Command Prompt and

paste it.] 

Note: They are some folders where the user don't have access to it. So, Access

Denied message will appear. Just enter the above command and wait for the 

process to get completed.

Good Luck

Flapper · Answer

Hi jack4all it changed to C:\> then i put in the next line of command with the response"the syntax of the command is incorrect"
Kindest regards

Printer showing offline permanently

17 responses

Subscribe To Our Newsletter!