Printer showing offline permanently

Closed
Flapper Posts 25 Registration date Friday June 3, 2011 Status Member Last seen July 25, 2011 - Jun 8, 2011 at 10:06 AM
Flapper Posts 25 Registration date Friday June 3, 2011 Status Member Last seen July 25, 2011 - Jul 6, 2011 at 04:00 PM
Hello, Can someone please help,after clearing my pc of Malware I cannot use my printer
it permanently shows offline and i cannot access most of my installed programmes I have tried everything that has been suggested so far without any luck and now it is causing me a lot of grief because i cannot use my programmes I now run Stopzilla to keep my pc protected although the malware attack disabled antimalware and my avg
Thanking you in anticipation


Related:

17 responses

Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,173
Jun 8, 2011 at 03:42 PM
To help you, and identify the virus if any,I must make a diagnostic and to do so, I require a log. I should then be able to prescribe the proper medicinal compound.

Open this link and download ZHPDiag :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html


Register the file on your Desktop.

Double click on ZHPDiag.exe and follow the instructions.

the tool created two icons ZHPDiag and ZHPFix (we will use ZHPFix at the next step).

Double click on the short cut ZHPDiag on your Destktop.

Click on the Magnifying glass and run the analysys.

Wait for the tool to finished (maybe a long time)

Close ZHPDiag.


To transmit the report, click on this link :

https://authentification.site

Click on Parcourir and search the directory where you installed ZHPDiag (usually C:\Program Files\ZHPDiag).

Select the file ZHPDiag.txt.

Click on "upload »

Copy the url and post it here

Please also describe what you mean by you tried everything suggested so far.
1
Flapper Posts 25 Registration date Friday June 3, 2011 Status Member Last seen July 25, 2011
Jun 9, 2011 at 02:52 PM
https://authentification.site/files/28893390/ZHPDiag.txt

Thank you Ambucias i tried unhide.exe that didn't work ,i can see all my programmes,but if i click on all programmes they show empty.I was also instructed to switch off then switch on system restore.I have managed to get my printer working
Kindest regards
0
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,173
Jun 10, 2011 at 05:11 AM
Dear Flapper,

Sorry for the delay in my reply, I had signed out when I received your report.

Your system is badly infected by adware and a rogue trojan horse. There is a total of 86 malware pesting your system.

I found Bandoo for Firefox, Mywebsearch, PUP FBsearch, GamesBar adw, Price Gong, Try Media, iWinarcade, Babylon, Fast browser search, Search a lot and that's just to mention a few.

I suspect that Kaza is the main source of infection.

Where on earth did you get this: Rubber DuckY®Malwarebytes' Anti-Malware?

There are many evil processes presently running on your system which we will try to end but first, you must delete some infected applications otherwise, nothing will work:

Delete:

1. Bandoo
2. Bejeweled Blitz
3. GamesBar 2.0.1.12 -
4. Search Guard Plus
5. Zuma's Revenge

To kill the processes:

1. Download to your desktop and run Rogue Kill:

https://download.bleepingcomputer.com/grinler/rkill.com

2. You should now see a window that shows all of your desktop icons, including the rkill.com program.

3. Double-click on the rkill.com in order to automatically attempt to stop any processes associated with the Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step.

If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the Horse when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the processes . So, please try running Rkill until malware is no longer running.

Please, DO NOT REBOOT your computer or the processes will come back to haunt you!

Download to your desktop Malwarebyte.

https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/

Once on your desktop, we must still outwit the virus.

Right click on the MBAM icon and click on rename. Rename it kioskea.exe.

Install Malwarebyte and launch it. From the second tab, update it.

Pretty please, request a FULL system scan which should take more than hour. Once the scan is finish, delete all of item that were found.

It is very important that you let Malwarebyte run for as long as it takes, in some cases the creators of Malwarebyte suggest that you go do something like watch a rerun of "Gone with the Wind" or read Tolstoy's "War and Peace".

Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.

This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.

(Malwarebyte may reboot your computer, don't be alarmed. Should it happened, relaunch Malwarebyte to complete the FULL scan)

Once you have completed, please report on how your system is performing.

This may not be the end of it.

Good luck
0
Flapper Posts 25 Registration date Friday June 3, 2011 Status Member Last seen July 25, 2011
Jun 13, 2011 at 10:07 AM
Hi Ambucias.I did as instructed my Stopzilla keeps finding a Trojan (JAVA.DL.REXEC.A) I instructed it to destroy but on the next scan it is there again,after each scan I always reboot.Would it be worth doing another search to see if my system is clear at last, my guess is it isn't.Many thanks for your fantastic help.
0
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,173
Jun 13, 2011 at 03:48 PM
Hello Flapper

Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan y
download link:

https://free.drweb.com/cureit//?lng=en

Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
*Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version

*Read the anti-virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.

*The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).

*If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.

*If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
*After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.

*In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.

*Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.

*Please be patient as this scan could take a long time to complete.

*When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.

*Click Select All, then choose Cure > Move incurable.

*In the top menu, click file and choose save report list.

*Save the DrWeb.csv report to your desktop.

*Exit Dr.Web Cureit when done.

*Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

Let me know if that trojan horse has gone to the glue factory.
0

Didn't find the answer you are looking for?

Ask a question
Flapper Posts 25 Registration date Friday June 3, 2011 Status Member Last seen July 25, 2011
Jun 14, 2011 at 11:19 AM
Hi Ambucias.I think several horses slain,when i rebooted Stopzilla was showing a warning low risk 20 LsassTrojans registry key HKLM\SYSTEM\CurrentContr. it means nothing to me but may be of value to you.Do I delete these ?.Please find report from Dr.Web.I eagerly await your reply.

SkillJamLoader.dll;C:\Documents and Settings\All Users\Application Data\SkillJam\SecurePlayer;Program.PopcapLoader.4;Incurable.Moved.;
acssetup.exe;C:\Program Files\Common Files\AOL\Backup\ACS\Current\UK;Trojan.MulDrop2.3621;Incurable.Moved.;
slghex.dll;C:\Program Files\Common Files\Sandlot Shared;Adware.SpywareStorm;Incurable.Moved.;
npCouponPrinter.dll;C:\Program Files\Mozilla Firefox\plugins;Adware.Coupons.34;Incurable.Moved.;
atlantis_bundle.exe;C:\Program Files\Oberon Media\Atlantis Bundle;Trojan.SMSSend.309;Deleted.;
Launch.exe;C:\Program Files\Oberon Media\Mahjong Quest 2;Trojan.Inject.6187;Incurable.Moved.;
DialerOEM.exe;C:\Program Files\Tiscali\Tiscali Internet;Trojan.Swizzor.based;Deleted.;
A0007107.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP17;Trojan.MulDrop2.3621;Incurable.Moved.;
A0007108.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP17;Trojan.SMSSend.309;Deleted.;
A0007109.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP17;Trojan.Inject.6187;Incurable.Moved.;
A0007110.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP17;Trojan.Swizzor.based;Deleted.;
0
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,173
Jun 14, 2011 at 03:57 PM
Flapper,

Lsass has been sometimes a worm but never a horse.

Lsass verifies the authenticity of users on the server or computer. If you system is now performing well, In your case, it may indicate a weakness at the security level.

I suggest that you rerun Malwarebyte as I indicated previously. After that please run this free but most efficient registry cleaner:

https://ccm.net/download/download-13339-eusing-free-registry-cleaner

Clean you cache and all temporary files.

Then, let me know how your system is performing with all this cavalry you have sent to slaughter. We will then see how we can reinforce your system if necessary. I can't remember if Stopzilla is your only way of defense but if it is, you are very vulnerable and you will again be preyed on.

Regards
0
Flapper Posts 25 Registration date Friday June 3, 2011 Status Member Last seen July 25, 2011
Jun 15, 2011 at 11:55 AM
Hi Ambucias. Ran in safe mode nothing malicious found by Anti-malware,seems much faster but browser seems sticky.I have AVG 9.0,super anti-spyware,anti-malware and now stopzilla running,but obviously nothing stopped the rubbish getting through to my pc.Am I doing something wrong?
Should I be doing something else to protect myself?If it is of any relevance I could not browse in safe mode. Also Stopzilla showed Java.DL.Rexec.A Trojan again.
Thanking you once again.
Flapper
0
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,173
Jun 15, 2011 at 04:13 PM
Hi Flapper,

It's probably a Stopzilla error to detect that perticular file somewhere in a quarantine.

You are running too many antiviruses, all have scanning engines and they may conflict with one another and let horse flies in. I suggest you ditch super antispyware and stopzilla. I trust that AVG provides you with a firewall as Windows. I would also flush Malwarebyte if you still have it. All of these security stuff will slow your browser.

If you remove those applications, rerun the registry cleaner.

Finally I suggest that you defragment your hardisk.

That you end the fix.

Regards

P.S. Stay away from the peer to peer applications, that's where you opened the gate for the first stallion and mare to get in your system.
0
Flapper Posts 25 Registration date Friday June 3, 2011 Status Member Last seen July 25, 2011
Jun 16, 2011 at 02:51 AM
Thank you Ambucias what is peer to peer I am a novice in these things,also how will i get back my desktop icons?Thanks once again for your invaluable assistance,it is much appreciated.
0
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,173
Jun 16, 2011 at 05:16 AM
Good'ol Flap,

Now you tell me that you have lost your icons!

Peer to peer sites are those where people upload applications and that you can get them free. Such is the case for Kazaa which crawls in infestations of all kinds.

As for your icons:

Please follow these steps to get your icons back:

reboot your computer in the Safe mode with command prompt.

Once Windows loaded, command prompt (black window) opens. Type notepad and press Enter.

A notepad window opens. Type exactly the following text into notepad:

[Version]
Signature="$Chicago$"
Provider=Myantispyware.com

[DefaultInstall]
AddReg=regsec

[regsec]
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000020,0
HKLM, Software\Microsoft\Windows NT\CurrentVersion\Winlogon,Shell,0x00000020,"Explorer.exe"

Save this as fix.inf to your Desktop (remember to select Save as file type: All files in Notepad). Close Notepad.

In the command prompt type Explorer.exe and Press Enter. Windows Explorer opens. Locate the fix.inf, click right button and select Install. Close Windows Explorer.

In the command prompt type shutdown -r and press Enter. Your computer will be rebooted.

Have a splendid day
0
Flapper Posts 25 Registration date Friday June 3, 2011 Status Member Last seen July 25, 2011
Jun 16, 2011 at 09:14 AM
Hi Ambucias.I am sorry,but i did mention at the outset that I had lost my icons and all my programmes were there but showing empty.Once again many thanks I will now try and regain my icons.
kindest regards Flapper
0
Flapper Posts 25 Registration date Friday June 3, 2011 Status Member Last seen July 25, 2011
Jun 16, 2011 at 10:11 AM
Hi Ambucias.Did as you instructed but missing icons and all programmes showing empty I think these awful things have done lots of damage severing links to all my programmes.
Kindest regards
Flapper
0
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,173
Jun 16, 2011 at 03:56 PM
Hi Flapper

I don't know what you mean by your programmes showing empty, that is a computer expression I have never encounter. Please explain what you are doing and what you mean.

Also, what I would like you to do is to completely delete ZHP Diag and redownload again. I just want to ensure that no traces is left of the previous log is on the system. Run ZHP Diag again and post the log. Once you have done so, I will call upon jack4rall to have a look at it and we will team on your case.

Best regards
0
Flapper Posts 25 Registration date Friday June 3, 2011 Status Member Last seen July 25, 2011
Jun 16, 2011 at 05:23 PM
HI Ambucias On the task bar when first switched on click start and it opens a window with icons and a green arrow after ALL PROGRAMMES if you click on this it shows you all your programmes for example AVG9.0 if I click on this it shows empty,although it is protecting my pc.I also have PHOTOIMPRESSIONS which allows me to edit family photos this shows empty and its icon is also missing,I hope this gives you an insight into my dilemma

Best regards

Flapper
0
Flapper Posts 25 Registration date Friday June 3, 2011 Status Member Last seen July 25, 2011
Jun 16, 2011 at 05:51 PM
0
Ambucias Posts 47356 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 11,173
Jun 17, 2011 at 05:08 AM
Dear Flapper,

You uploaded the exe file for ZHP Diag instead of the log report.

I will see what Jack4rall has to say about the empty icons.

In the meantime, if you click right on start and left on Explorer. Scroll the left pane, spot "program files", click on the + sign, do you see Photo Impressions there?
0
Flapper Posts 25 Registration date Friday June 3, 2011 Status Member Last seen July 25, 2011
Jun 17, 2011 at 01:35 PM
Hi Ambucias.So sorry my inexperience is showing I will try again,I have a disk for photoimpressions i will re install it. When i right click Start it brings up explore NOT explorer.
Kindest regards
Flapper
0
jack4rall Posts 6428 Registration date Sunday June 6, 2010 Status Moderator Last seen July 16, 2020
Jun 17, 2011 at 11:12 AM
Hello,

First thanks to "Ambucias"

Try this 1

Check if the files are not in hidden mode.

Click on Start --> Run --> Type cmd and press Enter.

"Command Prompt" will be opened. Enter the following commands.

cd\ ----> Press Enter. Now your prompt changes to C:\>

attrib -h -r -s /s /d *.* ---> Press Enter.

[You can copy the above command --> Right-click in the Command Prompt and

paste it.]

Note: They are some folders where the user don't have access to it. So, Access

Denied message will appear. Just enter the above command and wait for the

process to get completed.

Good Luck
0
Flapper Posts 25 Registration date Friday June 3, 2011 Status Member Last seen July 25, 2011
Jun 17, 2011 at 01:35 PM
Hi jack4all.Thank you for your help when command prompt comes up instead of C: I get C:\Documents and settings\mary> and when i put in cd\----> I get the message "the syntax of the command is incorrect.Hope you can help
0
jack4rall Posts 6428 Registration date Sunday June 6, 2010 Status Moderator Last seen July 16, 2020
Jun 17, 2011 at 01:53 PM
Hello,
Try once again by entering the command
cd \
Press Enter
OR enter the command cd .. and press Enter
Now your prompt changes to C:\Documents and settings>
Enter the above command once again and press Enter. Now your prompt changes to C:\>
Then enter the attrib command as given above.
Good Luck
0
Flapper Posts 25 Registration date Friday June 3, 2011 Status Member Last seen July 25, 2011
Jun 17, 2011 at 02:33 PM
Hi jack4all it changed to C:\> then i put in the next line of command with the response"the syntax of the command is incorrect"
Kindest regards
0
jack4rall Posts 6428 Registration date Sunday June 6, 2010 Status Moderator Last seen July 16, 2020
Jun 18, 2011 at 12:51 AM
Hello,
Try this 1
Check the command that you have entered. When the prompt changes to C:\> enter the command attrib -h -r -s /s /d *.*
You can copy the above command --> Right-click in the Command Prompt and paste it.
OR
Click on start --> run --> type control folders and press enter. Folder Options will be opened.
Click on view tab --> select the option "show hidden files and folders" and uncheck the check box
"hide protected operating system files" and click on OK.
If the files are still missing that verify once again and check if the above given options are already in selected mode.
OR
Click on the below hyperlink "Download" and download the file
Download
Double-click on it --> Click on OK --> Click on "Next" --> Accept the license agreement and click on "Next" --> Click on "Browse" button --> Select your drive where you want to extract the file and click on "New Folder" --> When the new folder appears, name that folder and select it --> Click on
OK --> Click on "Install" --> Click on "Finish". Now navigate to the location where you have extracted the files by creating a new folder --> Open that folder --> Double-click on "FreeCommanderPortable". When the FreeCommanderPortable window appears, you can see
the drives. Just navigate to your location where the files seems to be hidden.
This application will show all the files even if they are in hidden mode.
Good Luck
0
Flapper Posts 25 Registration date Friday June 3, 2011 Status Member Last seen July 25, 2011
Jun 28, 2011 at 02:59 PM
Hi jack4rall message comes up access denied,sorry for the delay been away on holiday.
Kindesr regards
0
jack4rall Posts 6428 Registration date Sunday June 6, 2010 Status Moderator Last seen July 16, 2020
Jun 28, 2011 at 03:01 PM
Hello,
Try this 1
Download the application "FreeCommanderPortable" from the above link and follow the instructions.
Good Luck
0
Flapper Posts 25 Registration date Friday June 3, 2011 Status Member Last seen July 25, 2011
Jun 28, 2011 at 03:34 PM
Hi jack4rall cannot find them I tried reloading my Photoimpressions from the disc but nothing happens.Methinks the trojans did their damage.

Kindest regards
0
jack4rall Posts 6428 Registration date Sunday June 6, 2010 Status Moderator Last seen July 16, 2020
Jun 30, 2011 at 12:26 PM
Hello,
Try this 1
Open the tool given by "Ambucias"
https://ccm.net/forum/affich-596960-printer-showing-offline-permanently#1
But first select the additional options by going to "Options(Screwdriver icon)"
[] Redirection of the file HOSTS
[] Last file created in windows prefetcher.
[] Last modified or created user files.
Now perform scanning, upload the file and paste the link here.
Good Luck
0