1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

System Tool Virus

Discussion in 'Virus & Other Malware Removal' started by KeenanCahillRI, Jan 19, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. KeenanCahillRI

    KeenanCahillRI Thread Starter

    Joined:
    Jan 19, 2011
    Messages:
    6
    Right, got this virus a few days ago and have been told a few different ways of trying to get rid of it, however, none have worked.

    I start my Laptop up in Safe Mode, with networking, and try to download RKill which I have been told I will need, however, whenever I try to run it, my screen goes blue, with the message from Windows about having to **** it down to prevent damage.

    When I try to d'load/run it with Windows in normal mode, I get the message 'The dependency service or group, failed to start' [​IMG]

    As you can tell, I'm useless with things like this, but my mate who has had the same virus (and got rid of it) told me what he did, but none of it has worked for me so he pointed me in this direction.

    Any help will be appreciated.

    KCRI
     
  2. KeenanCahillRI

    KeenanCahillRI Thread Starter

    Joined:
    Jan 19, 2011
    Messages:
    6
  3. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya KeenanCahillRI

    Proceed as follows :-

    Boot into Safe mode with networking then proceed as follows :-

    Step 1

    Check for proxy server settings in your browser, the following are the most common used.

    Internet Explorer:
    Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". ok, apply (only if applicable), ok.

    Firefox:
    Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.

    Chrome:
    Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.

    Safari
    • Launch Safari
    • Go to general settings menu
    • Then in Preferences/ Advanced
    • Then on line click Proxies change settings ...
    • Click Internet Options, then click the Connections tab, click Network Settings.
    • Disable option (uncheck) for the use of proxy server ...

    Step 2

    Please download Rkill and save to your Desktop.
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use Link 1 from the following list and so on in sequencial order until one runs successfully.
    Link 1

    Link 2

    Link 3

    Link 4

    Link 5

    Link 6
    • A log pops up at the end of the run. This log file is also located at C:\rkill.log. Please post this log in your reply.
    • If you get an alert from your own Security Program, accept it and allow Rkill to run, it is very safe and will not harm your system.
      If the alert is from the Infection Malware program (you`ll know by the name) leave the alert open and run the same Rkill version again. You may have to run it several times, it may take upto 9 to work.
    • If the tool does not run from any of the links provided, please let me know.

    Step 3

    [​IMG] Please download Malwarebytes Anti-Malware and save it to your desktop.
    Alernative D/L mirror
    Alternative D/L mirror

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    If that fix was successful boot into Normal mode, re-run Malwarebytes again as instructed above.

    Post all logs in reply please,

    Kevin
     
  4. KeenanCahillRI

    KeenanCahillRI Thread Starter

    Joined:
    Jan 19, 2011
    Messages:
    6
    Cheers for the reply, will give it a go
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    OK, let me know how you get on.....
     
  6. KeenanCahillRI

    KeenanCahillRI Thread Starter

    Joined:
    Jan 19, 2011
    Messages:
    6
    Ain't working on any of them links you provided mate (n)
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Are you running from Safe mode with networking? Did you check and reset (if required) the LAN settings in your browser?
    Which links are you referring to, the ones for RKill, if none of them work try Malwarebytes from Safe mode with networking
     
  8. KeenanCahillRI

    KeenanCahillRI Thread Starter

    Joined:
    Jan 19, 2011
    Messages:
    6
    Checked all the settings, they were as you said they should be.

    Then I downloaded all of the links, none worked, whenever I tried running one (as administrator as I'm on Vista) the laptop'd go onto a blue screen, telling me it's shutting down 'cause it's detected a problem, or something along those lines.

    I've got Malwarebytes on my comp already, do a scan, but it finds nothing...

    :(
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya KCRI,

    In steps 1 and 2, download the tools on a clean PC and save to a USB stick or CD then transfer to the Desktop of the infected system.

    Step 1
    • Please download exeHelper to your desktop.
    • Double-click on exeHelper.com to run the fix. Vista or Windows 7 users right click and select ┬ôRun as Administrator┬ö
    • A black window should pop up, press any key to close once the fix is completed.
    • Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
    Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

    Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

    Step 2

    Please download Rkill and save to your Desktop.
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If you get an alert from HDD that RKill is a threat, leave that alert open and re-run RKill again.

    Do not re-boot your system after steps 1 or 2.

    Step 3

    [​IMG] Please download Malwarebytes Anti-Malware and save it to your desktop.
    Alernative D/L mirror
    Alternative D/L mirror

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Post logs in reply if applicable...

    Kevin
     
  10. KeenanCahillRI

    KeenanCahillRI Thread Starter

    Joined:
    Jan 19, 2011
    Messages:
    6
    Just ran malwarebytes and it found an infection, here's (what I think is) the log, that you asked for

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org
    Database version: 5591
    Windows 6.0.6000
    Internet Explorer 7.0.6000.16982
    24/01/2011 21:46:50
    mbam-log-2011-01-24 (21-46-28).txt
    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 237971
    Time elapsed: 1 hour(s), 17 minute(s), 2 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    c:\Users\Username\Desktop\WiNlOgOn.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    That is RKill from link 6
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Your version of Malwarebytes has been updated and is current, it also ran without incident so lets give Combofix a try.

    Please visit this webpage for download links, and instructions for running the tool:

    Combofix

    Don`t forget Combofix must be saved to your desktop. <--Very important, do not run it from anywhere else

    Before saving Combofix to your Desktop rename it to Gotcha.exe as below:

    [​IMG]

    Ensure you have disabledyour Firewall and all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <---Very important

    Please include the C:\ComboFix.txt in your next reply for further review.

    Examples of how to disable realtime protection available at the following link :-

    Disable realtime protection

    Note: Do not click combofix's window with your mouse while it's running. That action may cause it to stall.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in your reply

    Kevin
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/975729

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice