1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help please - known virus (trojan HDD doctor Recovery anti-virus)

Discussion in 'Virus & Other Malware Removal' started by Phill555, Mar 6, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. Phill555

    Phill555 Thread Starter

    Joined:
    Mar 6, 2011
    Messages:
    14
    Hi, I have the same issue as thread " Solved: trojan HDD doctor Recovery anti-virus" started by "ryndael".

    Unfortunately this virus stops me accessing my laptop (details below) so I can't give you guys all the info you would like, and I'm posting this using my bloody iPhone.

    Windows Vista Premium SP2
    CPU: Duot5750
    HD: 250
    Memory: 3gb
    Asus X71 series

    Anyway, glad this virus seems as though it can be solved however, following the thread I get stuck here:

    "Rebooted, opened task manager, and executed windows explorer from there in order to get my services running. This gets my comp pretty much back to normal. I can get online and do everything I should be able to."

    I can't get online, it says I don't have permission to access it (tried running as administrator). What do I do? Am I right in thinking if I can get online I will be able to (as named thread states) "UPDATE: It was obviously some sort of rootkit. A free trial of UnHackMe zapped it finally".

    I would be so grateful for some help...and I apologise if this is posted incorrectly?

    Phill
     
  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Can you boot into Safemode with Networking? Re-boot system, continuously tap F8 until you see the Windows Advanced Menu, from the options select Safe Mode with Networking. Does that work for you?

    Kevin
     
  3. Phill555

    Phill555 Thread Starter

    Joined:
    Mar 6, 2011
    Messages:
    14
    Hi, yes I can.
     
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya Phill,

    Stay in safe mode with networking and proceed as follows :-

    Step 1

    Please download Rkill and save to your Desktop.
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If you get an alert from HDD that RKill is a threat, leave that alert open and re-run RKill again.

    Step 2

    [​IMG] Please download Malwarebytes Anti-Malware and save it to your desktop.
    Alernative D/L mirror
    Alternative D/L mirror

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    If Malwarebytes asks for a re-boot do so, but this time boot into normal mode. Re-run MB quick scan, check for updates first.

    Post log from Safe mode run and Normal mode run and give update on system, any change?

    Kevin
     
  5. Phill555

    Phill555 Thread Starter

    Joined:
    Mar 6, 2011
    Messages:
    14
    Hi, sorry if this is stupid but, how do I get on to my browser? I use firefox, when I double click it says I have insufficient privileges ??

    Thanks for the replies
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Can you try internet explorer?
     
  7. Phill555

    Phill555 Thread Starter

    Joined:
    Mar 6, 2011
    Messages:
    14
    No message reads "windows cannot access the specified device path or file. You may not have the appropriate permissions to access the item."

    Take it this is bad news? Do I need to kill something else off?
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Do you have access to another computer?
     
  9. Phill555

    Phill555 Thread Starter

    Joined:
    Mar 6, 2011
    Messages:
    14
    Yes I do.
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Download the following two tools on the clean PC and save to a usb stick or similar to transfer to the desktop of the infected PC

    userinit.exe One-shot Download Link

    RKill


    When you have both tools on the desktop of the infected PC double click on the userinit.exe One shot to run it, Vista or Win 7 right click and run as Administartor. When it has run you will get a message telling you its finished.

    Next,

    Run RKill as above,

    Do not re-boot after the first two tools...

    Next,

    [​IMG] Please download Malwarebytes Anti-Malware and save it to your desktop.
    Alernative D/L mirror
    Alternative D/L mirror

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Post the log in your reply


    Kevin
     
  11. Phill555

    Phill555 Thread Starter

    Joined:
    Mar 6, 2011
    Messages:
    14
    Thanks, RKill failed.

    This is what it said:

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.
    Rkill was run on 07/03/2011 at 23:04:16.
    Operating System: Windows Vista (TM) Home Premium

    Processes terminated by Rkill or while it was running:
    C:\Users\Phill\Desktop\Phill Virus Clean\userinit.exe

    Rkill completed on 07/03/2011 at 23:04:20.
     
  12. Phill555

    Phill555 Thread Starter

    Joined:
    Mar 6, 2011
    Messages:
    14
    Also malwarebytes failed.
     
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Was the system running in safe mode with networking?
     
  14. Phill555

    Phill555 Thread Starter

    Joined:
    Mar 6, 2011
    Messages:
    14
    Hi Kevin,

    Yes it was. I've tried again today. RKill runs. Then the other one says the programme has stopped working and it fails.

    This is soooo annoying. Can I just wipe it?
     
  15. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya Phill555,

    Download the following on a clean PC and transfer to the infected one:

    • Please download exeHelper and save to a usb stick orother media.
    • Transfer to the infected system Desktop. (Booted Safe Mode with Networking)
    • Double-click on exeHelper.com to run the fix. Vista or Windows 7 users right click and select ┬ôRun as Administrator┬ö
    • A black window should pop up, press any key to close once the fix is completed.
    • Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
    Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

    Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

    Next,

    Run RKill that you d/l previously, then run update and run Malwarebytes... any good?

    Kevin
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/984475

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice