Homeland Virus User "A/B" issue
- Thread starter fisher_girl
- Start date
kuttus said:STEP 1: Run the below OTL fix
<ol><li>Start <>OTL.exe</></li>
<li>Copy/paste the following text written <>inside of the code box</> into the <>Custom Scans/Fixes</> box located at the bottom of OTL
<>NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system</></li>Code::OTL [2013/05/02 22:56:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\od\AppData\Roaming\mozilla\Firefox\Profiles\3n51itv5.default\extensions\staged [2013/02/25 03:19:23 | 000,021,487 | ---- | M] () (No name found) -- C:\Users\od\AppData\Roaming\mozilla\firefox\profiles\3n51itv5.default\extensions\plugin@yontoo.com.xpi [2013/02/10 05:10:55 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\od\AppData\Roaming\mozilla\firefox\profiles\3n51itv5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2011/10/29 00:32:31 | 000,001,945 | ---- | M] () -- C:\Users\od\AppData\Roaming\mozilla\firefox\profiles\3n51itv5.default\searchplugins\bing-zugo.xml O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. :commands [emptytemp] [reboot]
<li>Then click the <>Run Fix</> button at the top</li>
<li>Let the program run unhindered, reboot when it is done</li>
<li>Attach the new log produced by OTL (C:\_OTL)</li>
</ol>
<hr />
Please run Run Autoruns and send me the screenshots of the Tab Scheduled Task, Winlogon and Internet Explorer.
To Take Screen Of Your Screen.
Add this Saved File in your next Replay
- Press PRINT SCREEN (Print Scr) key on Your Keyboard.
- Now Open MS Paint
- Open Paint by clicking the Start button
, clicking All Programs, clicking Accessories, and then clicking Paint.
- In MS Paint Click Edit, and then click Paste.
- After this Save the File on your computer by Clicking on File --> Save
In case you didn't see my last reply I did attach the paint files. Also, and again I don't know if this matters, when I ran the "fix script" from user B a day ago, the reboot installed windows update files that were in download but I hadn't rebooted until that time.
Last edited by a moderator:
- Oct 5, 2012
- 2,697
---------------Shell Fix--------------------
STEP 1: Repair your Windows Registry from this infection malicious changes.
This infection has changed your Windows registry settings so that when you try to start the computer it will load the infections instead of your Windows Desktop.
STEP 1: Repair your Windows Registry from this infection malicious changes.
This infection has changed your Windows registry settings so that when you try to start the computer it will load the infections instead of your Windows Desktop.
- Download the WinlogOnFix.reg file to fix the malicious registry changes from This infection.
REGISTRYFIX.REG DOWNLOAD LINK (This link will automatically download the registry fix called WinlogonFix.reg) - Double-click on WinlogonFix.reg file to run it. Click “Yes” for Registry Editor prompt window,then click OK.
kuttus said:Me toooo......
I just restarted the computer after switching users. I was of course still logged on and got the message "someone is still connected to your computer, etc." I said "yes".
The computer restarted but once again I could not logon to user "A" without accessing Task Manager. I redid the steps for the registry and copied them to paint and am posting the steps and messages I received. (clicking yes or ok as appropriate).
I've simply restarted my computer. Should I actually power off? I'm afraid it won't start up again if I do. Anyway here is the paint as well as another one (which probably doesn't matter but I did see it said "file not found"
- Oct 5, 2012
- 2,697
Try to start the computer in Safe mode (User A) and check how it is working in safe mode?
<h3>STEP 1 : Start your computer in Safe Mode with Networking</h3>
<ol><li>Remove all floppy disks, CDs, and DVDs from your computer, and then <>restart your computer</>.</li>
<li><>Press and hold the F8 key as your computer restarts</>.Please keep in mind that you need to press the F8 key <>before the Windows start-up logo appears</>.
<em>Note</em>: With some computers, if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", <>tap the "F8 key" continuously</> until you get the Advanced Boot Options screen.</li>
<li>On the Advanced Boot Options screen, use the arrow keys to <>highlight Safe Mode with Networking</> , and then <>press ENTER</>.
<img title="Safe Mode with Networking screen" src="http://malwaretips.com/images/removalguide/safemode.jpg" alt="[Image: Safemode.jpg]" width="539" height="292" border="0" /></li>
</ol>
<hr />
<h3>STEP 1 : Start your computer in Safe Mode with Networking</h3>
<ol><li>Remove all floppy disks, CDs, and DVDs from your computer, and then <>restart your computer</>.</li>
<li><>Press and hold the F8 key as your computer restarts</>.Please keep in mind that you need to press the F8 key <>before the Windows start-up logo appears</>.
<em>Note</em>: With some computers, if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", <>tap the "F8 key" continuously</> until you get the Advanced Boot Options screen.</li>
<li>On the Advanced Boot Options screen, use the arrow keys to <>highlight Safe Mode with Networking</> , and then <>press ENTER</>.
<img title="Safe Mode with Networking screen" src="http://malwaretips.com/images/removalguide/safemode.jpg" alt="[Image: Safemode.jpg]" width="539" height="292" border="0" /></li>
</ol>
<hr />
Last edited by a moderator:
I will do that. I'm going to have to make sure I've got all the files I care about on back up discs. That will take some time and it is getting late here, so I'll have to return to this thread in many hours.
Thank you again for your time and passion for helping me and others with computer issues.
I hope safe mode works and will be exchanging messages with you within 24 hours.
Thank you again for your time and passion for helping me and others with computer issues.
I hope safe mode works and will be exchanging messages with you within 24 hours.
Now having problems with my cd rom disc drive. Cannot access it. It says it does not exist or is corrupted (error 39). Is this part of the virus? Now I have to give a rant.... Why do people think it's fun to mess with other people's computers using malware? What did I EVER do to them????.. OK.. sorry.. will take these hours to cool off. Back in several hours... after I stop crying. - f_g
I posted elsewhere on this site about a good zip program.. hopefully I can zip some selected files and attach them to an email, send them to a non-infected computer (they wont open them) and have them send them back when/if my computer is fixed. I discovered my "D" drive is corrupted as well. Don't know if this happened prior to this nasty virus or not. Will post again when/if I can zip those files.
I welcome any ideas my "D" "E" drives.
I welcome any ideas my "D" "E" drives.
Similar threads
- Locked
