Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: hello and need help please "reveton trojan"


(!)

jam1980uk's Avatar
jam1980uk jam1980uk is offline
Computer Specs
Member with 129 posts.
THREAD STARTER
 
Join Date: May 2012
Location: Bolton
Experience: Beginner
18-May-2012, 08:10 PM #46
wot does that tell you lol
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,568 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
18-May-2012, 08:22 PM #47
Tells me you may also have ZeroAccess rootkit infection, but lets plod on....

OK, see if we can replace ipsec.sys. Do the following:

Open Notepad, check the Format Menu and make sure Word Wrap is NOT selected. Then copy and paste the following from inside the code box to Notepad:

Code:
@echo off
copy /y C:\WINDOWS\ServicePackFiles\i386\ipsec.sys C:\WINDOWS\system32\drivers >>log.txt
notepad log.txt

Next, Click on the File Menu, then Save As ... and click on the drop down menu to change the file type to All Files.
Next navigate to your desktop, and enter the file name fixme.bat, and click Save.

You should now find a new file on your desktop named fixme.bat. Double click on fixme.bat. Windows 7 or Vista users right click and select "Run as Administrator" agree any alerts.

Then reboot.

Next,

Double click the reg file that you unzipped to the Desktop, agree the merge.

Then reboot.

Rerun Farbar Service Scanner exactly as before and post the log....
jam1980uk's Avatar
jam1980uk jam1980uk is offline
Computer Specs
Member with 129 posts.
THREAD STARTER
 
Join Date: May 2012
Location: Bolton
Experience: Beginner
18-May-2012, 08:28 PM #48
just rebooting wots zeroaccsess
jam1980uk's Avatar
jam1980uk jam1980uk is offline
Computer Specs
Member with 129 posts.
THREAD STARTER
 
Join Date: May 2012
Location: Bolton
Experience: Beginner
18-May-2012, 08:31 PM #49
Farbar Service Scanner Version: 17-05-2012
Ran by John (administrator) on 19-05-2012 at 01:29:47
Running from "G:\"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error: Google IP is unreachable
Attempt to access Yahoo IP returned error: Yahoo IP is unreachable

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
Bridge(11) BridgeMP(10) fssfltr(12) Gpc(3) IPSec(5) JSWSCIMD(9) NetBT(6) PSched(7) Tcpip(4) WSIMD(8)
0x0C00000005000000010000000200000003000000040000000600000007000000080000000 90000000A0000000B0000000C000000
IpSec Tag value is correct.
**** End of log ****
jam1980uk's Avatar
jam1980uk jam1980uk is offline
Computer Specs
Member with 129 posts.
THREAD STARTER
 
Join Date: May 2012
Location: Bolton
Experience: Beginner
18-May-2012, 08:33 PM #50
and thanks again i cant thank you enought for every thing you have done thank you
jam1980uk's Avatar
jam1980uk jam1980uk is offline
Computer Specs
Member with 129 posts.
THREAD STARTER
 
Join Date: May 2012
Location: Bolton
Experience: Beginner
18-May-2012, 08:41 PM #51
i gotta go bed now cant stay awake any more up at 5 again for work so ill check tommrow and post reply soon as i can shame you live so far i would have loved to buy you a pint thanks again and speak tommrow
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,568 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
18-May-2012, 08:42 PM #52
You`re very welcome....

You should have connection available now, run the following:

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2
  • Ensure that Combofix is saved directly to the Desktop <--- Very important
  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available Here if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,568 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
18-May-2012, 08:44 PM #53
Where are you from UK?
jam1980uk's Avatar
jam1980uk jam1980uk is offline
Computer Specs
Member with 129 posts.
THREAD STARTER
 
Join Date: May 2012
Location: Bolton
Experience: Beginner
19-May-2012, 08:56 AM #54
im in bolton m8 and please can you point me to a good free anti virus plz and how you learn all this stuff
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,568 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
19-May-2012, 09:05 AM #55
I`ll sort you out with good security set up when we`re finished, see if you can run Combofix... Bolton eh, ah well I guess someones gotta live there...lol
jam1980uk's Avatar
jam1980uk jam1980uk is offline
Computer Specs
Member with 129 posts.
THREAD STARTER
 
Join Date: May 2012
Location: Bolton
Experience: Beginner
19-May-2012, 09:06 AM #56
when i click on link it just give me a page with loads of symbols on it m8
jam1980uk's Avatar
jam1980uk jam1980uk is offline
Computer Specs
Member with 129 posts.
THREAD STARTER
 
Join Date: May 2012
Location: Bolton
Experience: Beginner
19-May-2012, 09:07 AM #57
its ok sorry found it
jam1980uk's Avatar
jam1980uk jam1980uk is offline
Computer Specs
Member with 129 posts.
THREAD STARTER
 
Join Date: May 2012
Location: Bolton
Experience: Beginner
19-May-2012, 09:11 AM #58
its runnng now m8 what that other infection you found m8
jam1980uk's Avatar
jam1980uk jam1980uk is offline
Computer Specs
Member with 129 posts.
THREAD STARTER
 
Join Date: May 2012
Location: Bolton
Experience: Beginner
19-May-2012, 09:15 AM #59
combo fix found that root infection trying to fix it now
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,568 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
19-May-2012, 09:23 AM #60
Do not touch your PC as CF runs!!!
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑