Local Disk C storage issue.
Closed
TanmayS
Posts
14
Registration date
Wednesday September 10, 2014
Status
Member
Last seen
March 17, 2015
-
Mar 14, 2015 at 03:06 AM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Mar 17, 2015 at 04:09 PM
Ambucias Posts 47310 Registration date Monday February 1, 2010 Status Moderator Last seen February 15, 2023 - Mar 17, 2015 at 04:09 PM
Related:
- Local Disk C storage issue.
- Blackmagic disk speed test windows - Download - Diagnosis and monitoring
- Floppy disk fail 40 - Guide
- Hp usb disk storage format tool - Download - Storage
- Working of hard disk with diagram - Guide
- Safari cannot open the page because it is a local file - Guide
4 responses
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Mar 14, 2015 at 05:55 AM
Mar 14, 2015 at 05:55 AM
To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a log.
1. Open this link and download ZHPDiag2 :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message, ignore it.)
2. Save the file on your Desktop.
3. Double click on ZHPDiag.exe and follow the installation instructions.
(For Vista and Win 7 users, click right to ensure you execute with admin right)
The tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix after log analysis).
4. Double click on the short cut ZHPDiag on your Destktop.
5. If you need to change the language, click on the little house, (bottom right) and change to English
6. Click on Full.
Wait for the tool to finished (maybe a long time)
7. Close ZHPDiag.
8. To transmit the report, click on this link :
https://authentification.site
9. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
1. Open this link and download ZHPDiag2 :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message, ignore it.)
2. Save the file on your Desktop.
3. Double click on ZHPDiag.exe and follow the installation instructions.
(For Vista and Win 7 users, click right to ensure you execute with admin right)
The tool creates three icons ZHPDiag, MRB, and ZHPFix (If necessary,we will use ZHPFix after log analysis).
4. Double click on the short cut ZHPDiag on your Destktop.
5. If you need to change the language, click on the little house, (bottom right) and change to English
6. Click on Full.
Wait for the tool to finished (maybe a long time)
7. Close ZHPDiag.
8. To transmit the report, click on this link :
https://authentification.site
9. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Mar 15, 2015 at 05:40 AM
Mar 15, 2015 at 05:40 AM
Hi
Your computer is infected by a Rogue Trojan and several adware.
A rogue virus Trojan Horse is self protective, thus it will prevent any antivirus from functioning.
You must kill the evil processes which the virus is presently running amd preventing you from running any antivirus. If you don't it will keep reproducing the files for ever.
To kill the processes:
1. Download to your desktop and run Rogue Kill:
https://www.bleepingcomputer.com/download/rkill/dl/132/
2. You should now see a window that shows all of your desktop icons, including the rkill.com program.
3. Double-click on the rkill.com in order to automatically attempt to stop any processes associated with the Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step.
If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the Horse when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the processes . So, please try running Rkill until malware is no longer running.
As a matter of a fact, if you get messages, it is a sign that the virus is agonizing with excrutiating pain, so you can just grin while it is suffering!:)))
Please, DO NOT REBOOT your computer or the processes will come back to haunt you!
Download to your desktop Malwarebyte.
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Once on your desktop, we must still outwit the virus.
Right click on the MBAM icon and click on rename. Rename it kioskea.exe.
Install Malwarebyte and launch it. From the second tab, update it.
Pretty please, request a FULL system scan which should take more than hour. Once the scan is finish, delete all of item that were found.
It is very important that you let Malwarebyte run for as long as it takes, in some cases the creators of Malwarebyte suggest that you go do something like watch a rerun of "Gone with the Wind" or read Tolstoy's "War and Peace".
(Malwarebyte may reboot your computer, don't be alarmed. Should it happened, relaunch Malwarebyte to complete the FULL scan)
Once all this is completed, I always suggest to delete Malwarebyte as some people have reported that it may interfere with other antivirus applications.
Once you are done, restart.
Produce another ZHP Diag log and upload it on Speedyshare for me to look at.
Good luck
P.S. All of this typing gave me finger cramps, so I hope you appreciate the help.
Your computer is infected by a Rogue Trojan and several adware.
A rogue virus Trojan Horse is self protective, thus it will prevent any antivirus from functioning.
You must kill the evil processes which the virus is presently running amd preventing you from running any antivirus. If you don't it will keep reproducing the files for ever.
To kill the processes:
1. Download to your desktop and run Rogue Kill:
https://www.bleepingcomputer.com/download/rkill/dl/132/
2. You should now see a window that shows all of your desktop icons, including the rkill.com program.
3. Double-click on the rkill.com in order to automatically attempt to stop any processes associated with the Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step.
If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the Horse when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the processes . So, please try running Rkill until malware is no longer running.
As a matter of a fact, if you get messages, it is a sign that the virus is agonizing with excrutiating pain, so you can just grin while it is suffering!:)))
Please, DO NOT REBOOT your computer or the processes will come back to haunt you!
Download to your desktop Malwarebyte.
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Once on your desktop, we must still outwit the virus.
Right click on the MBAM icon and click on rename. Rename it kioskea.exe.
Install Malwarebyte and launch it. From the second tab, update it.
Pretty please, request a FULL system scan which should take more than hour. Once the scan is finish, delete all of item that were found.
It is very important that you let Malwarebyte run for as long as it takes, in some cases the creators of Malwarebyte suggest that you go do something like watch a rerun of "Gone with the Wind" or read Tolstoy's "War and Peace".
(Malwarebyte may reboot your computer, don't be alarmed. Should it happened, relaunch Malwarebyte to complete the FULL scan)
Once all this is completed, I always suggest to delete Malwarebyte as some people have reported that it may interfere with other antivirus applications.
Once you are done, restart.
Produce another ZHP Diag log and upload it on Speedyshare for me to look at.
Good luck
P.S. All of this typing gave me finger cramps, so I hope you appreciate the help.
TanmayS
Posts
14
Registration date
Wednesday September 10, 2014
Status
Member
Last seen
March 17, 2015
Mar 16, 2015 at 05:00 AM
Mar 16, 2015 at 05:00 AM
I appreciate you helping me more than you know. However, I think I haven't done the process like you said. So, here's the latest zhpddiag text after the malwarebyte scan- http://speedy.sh/vjyBQ/ZHPDiag.txt
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
>
TanmayS
Posts
14
Registration date
Wednesday September 10, 2014
Status
Member
Last seen
March 17, 2015
Mar 16, 2015 at 05:14 AM
Mar 16, 2015 at 05:14 AM
Stand-by
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Mar 16, 2015 at 05:45 AM
Mar 16, 2015 at 05:45 AM
Hi again,
There are 28 malware left.
In the future, to avoid being contaminated again, I strongly suggest you do not download anything from: 01net, CNET, BrotherSoft or Softonic.
Follow these steps in three phases to the letter:
Phase One
1. Go to your control panel/add remove program.
2. Locate: Reimage Repair
3. Remove it
4. close the panel
Phase Two
1. ZHP Diag Created ZHP Fix on your desktop, open ZHP Fix
2. Click on Import
(Warning the following script is custom made for you and must not be used by any other user reading this thread)
3. Copy and paste the following script in the ZHP Fix Window
Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
M2 - MFEP: RegExtension {9031880B-BFDF-F951-8186-F5B92464A61A} . (...) -- C:\Program Files (x86)\ver5SpeedCheck\184.xpi (.not file.)
[HKCU\Software\AppDataLow\Software\SpeedCheck]
[HKCU\Software\Reimage]
[HKCU\Software\UpdateStar]
[HKLM\Software\Reimage]
C:\Program Files (x86)\RelevantKnowledge
C:\Program Files (x86)\SupTab
C:\Program Files (x86)\ver5SpeedCheck
C:\ProgramData\WindowsMangerProtect
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
C:\Users\sony\AppData\Roaming\OpenCandy
HKLM\SOFTWARE\Microsoft\Tracing\StormWatch_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\StormWatch_RASMANCS
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494]
C:\Users\sony\AppData\Roaming\Mozilla\Firefox\Profiles\EP: RegExtension {9031880B-BFDF-F951-8186-F5B92464A61A} . (...) -- C:\extensions\Program Files (x86)\ver5SpeedCheck\184.xpi (.not file.)
C:\Windows\Reimage.ini
4. Click on GO
5. Close ZHP Fix
Phase Three
Download and run Adwcleaner which is available here:
https://ccm.net/downloads/security-and-maintenance/6911-adwcleaner/
There, your machine should be clean.
Let me know
There are 28 malware left.
In the future, to avoid being contaminated again, I strongly suggest you do not download anything from: 01net, CNET, BrotherSoft or Softonic.
Follow these steps in three phases to the letter:
Phase One
1. Go to your control panel/add remove program.
2. Locate: Reimage Repair
3. Remove it
4. close the panel
Phase Two
1. ZHP Diag Created ZHP Fix on your desktop, open ZHP Fix
2. Click on Import
(Warning the following script is custom made for you and must not be used by any other user reading this thread)
3. Copy and paste the following script in the ZHP Fix Window
Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
M2 - MFEP: RegExtension {9031880B-BFDF-F951-8186-F5B92464A61A} . (...) -- C:\Program Files (x86)\ver5SpeedCheck\184.xpi (.not file.)
[HKCU\Software\AppDataLow\Software\SpeedCheck]
[HKCU\Software\Reimage]
[HKCU\Software\UpdateStar]
[HKLM\Software\Reimage]
C:\Program Files (x86)\RelevantKnowledge
C:\Program Files (x86)\SupTab
C:\Program Files (x86)\ver5SpeedCheck
C:\ProgramData\WindowsMangerProtect
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
C:\Users\sony\AppData\Roaming\OpenCandy
HKLM\SOFTWARE\Microsoft\Tracing\StormWatch_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\StormWatch_RASMANCS
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494]
C:\Users\sony\AppData\Roaming\Mozilla\Firefox\Profiles\EP: RegExtension {9031880B-BFDF-F951-8186-F5B92464A61A} . (...) -- C:\extensions\Program Files (x86)\ver5SpeedCheck\184.xpi (.not file.)
C:\Windows\Reimage.ini
4. Click on GO
5. Close ZHP Fix
Phase Three
Download and run Adwcleaner which is available here:
https://ccm.net/downloads/security-and-maintenance/6911-adwcleaner/
There, your machine should be clean.
Let me know
TanmayS
Posts
14
Registration date
Wednesday September 10, 2014
Status
Member
Last seen
March 17, 2015
Mar 16, 2015 at 07:18 AM
Mar 16, 2015 at 07:18 AM
I couldn't find the Reimage Repair in the control panel but I did find an .exe file. Should I delete it manually?
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
>
TanmayS
Posts
14
Registration date
Wednesday September 10, 2014
Status
Member
Last seen
March 17, 2015
Mar 16, 2015 at 04:17 PM
Mar 16, 2015 at 04:17 PM
Yes, please do!
TanmayS
Posts
14
Registration date
Wednesday September 10, 2014
Status
Member
Last seen
March 17, 2015
>
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
Mar 17, 2015 at 08:43 AM
Mar 17, 2015 at 08:43 AM
Okay. I've finished doing everything you've mentoined here and then I ran a final ZHP diagnosis and here's the link; http://speedy.sh/ma62n/ZHPDiag.txt
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Mar 17, 2015 at 04:09 PM
Mar 17, 2015 at 04:09 PM
Hello again Tanmay,
According to your latest report, your machine is now as clean as a whistle. Job well done!
However, I wish to warn against peer-to-peer files downloading. (utorrent and bit.torrent) a great number contain viruses and that is where pirates, hackers and malware designers love to upload their junk. If you authorize the download and installation, Kaspersky, although an excellent antivirus, will not argue with your orders.
Your Adobe Flash Player needs to be updated.
Best regards
Ambucias
Moderator and Virus/Security Contributor
According to your latest report, your machine is now as clean as a whistle. Job well done!
However, I wish to warn against peer-to-peer files downloading. (utorrent and bit.torrent) a great number contain viruses and that is where pirates, hackers and malware designers love to upload their junk. If you authorize the download and installation, Kaspersky, although an excellent antivirus, will not argue with your orders.
Your Adobe Flash Player needs to be updated.
Best regards
Ambucias
Moderator and Virus/Security Contributor
Mar 15, 2015 at 03:50 AM
Will that do it?
Mar 15, 2015 at 05:23 AM
Please stand-by for my detailed instructions.