Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Ransom Virus removed but can't boot up
Message
<blockquote data-quote="SoDawg81" data-source="post: 95824" data-attributes="member: 4630"><p>Thanks for the quick response and great help. </p><p></p><p>First of all, I was able to run 'explorer.exe' from the task manager. This did NOT bring up my desktop, but did bring up the explorer window. From there I went to Desktop and then to IE to get to web. I input the address from your link for Malwarebytes Chameleon and got the download and unzipped. I did not see a 'help' file per se, but I did click on a file.. "Chameleon.chm" wich was a html file and that opened I Malwarebytes Chameleon window. Basically it said to click on the buttons one at a time to attempt to run chameleon. I clicked on all 12 buttons and they all came back and said 'tested', but did not open a dos window as it said 'if it worked'. I then went back to the zip file and just clicked on "mbam-chameleon.exe". This DID open a dos window and began running. It updated Malwarebytes as normal, then it said..."killing known malicious processes, please wait"... This lasted a LONG time, and now it just said "done' and now it is running Malwarebytes scan (I thought I was stuck when I started writing this)...</p><p></p><p>OK... so Malwarebytes found an object, and I removed it, and saved the logs per your instructions. I will attach logs. I hit reboot to finish removing items and I am back to a black/locked screen again. This time I did not get the rundll error re: the virus file I had deleted, so that .bat file is gone, but it looks like I still have something locking up the screen. I can get to 'explorer.exe' and that is where I am? Should I try to run chameleon again or ?</p><p></p><p>Logs:</p><p></p><p>Malwarebytes Anti-Malware 1.65.1.1000</p><p>www.malwarebytes.org</p><p></p><p>Database version: v2013.01.11.10</p><p></p><p>Windows 7 Service Pack 1 x64 NTFS</p><p>Internet Explorer 9.0.8112.16421</p><p>Greg Henning :: DESKTOP [administrator]</p><p></p><p>1/11/2013 11:20:52 AM</p><p>mbam-log-2013-01-11 (11-20-52).txt</p><p></p><p>Scan type: Quick scan</p><p>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</p><p>Scan options disabled: P2P</p><p>Objects scanned: 232900</p><p>Time elapsed: 13 minute(s), 35 second(s)</p><p></p><p>Memory Processes Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Memory Modules Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Keys Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Values Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Data Items Detected: 1</p><p>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Exploit.Drop.GSA) -> Bad: (C:\PROGRA~3\dsgsdgdsgdsgw.bat) Good: () -> Quarantined and repaired successfully.</p><p></p><p>Folders Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Files Detected: 4</p><p>C:\$Recycle.Bin\S-1-5-21-3334729812-3173734214-3854604701-1003\$RL8MD2Z.exe (Adware.HotBar) -> Quarantined and deleted successfully.</p><p>C:\ProgramData\dsgsdgdsgdsgw.bat (Exploit.Drop.GSA) -> Quarantined and deleted successfully.</p><p>C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Quarantined and deleted successfully.</p><p>C:\ProgramData\dsgsdgdsgdsgw.reg (Exploit.Drop.GSA) -> Quarantined and deleted successfully.</p><p></p><p>(end)</p><p></p><p>LOg2</p><p>Malwarebytes Anti-Malware 1.65.1.1000</p><p>www.malwarebytes.org</p><p></p><p>Database version: v2013.01.11.10</p><p></p><p>Windows 7 Service Pack 1 x64 NTFS</p><p>Internet Explorer 9.0.8112.16421</p><p>Greg Henning :: DESKTOP [administrator]</p><p></p><p>1/11/2013 11:20:52 AM</p><p>mbam-log-2013-01-11 (11-34-55).txt</p><p></p><p>Scan type: Quick scan</p><p>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</p><p>Scan options disabled: P2P</p><p>Objects scanned: 232900</p><p>Time elapsed: 13 minute(s), 35 second(s)</p><p></p><p>Memory Processes Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Memory Modules Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Keys Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Values Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Data Items Detected: 1</p><p>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Exploit.Drop.GSA) -> Bad: (C:\PROGRA~3\dsgsdgdsgdsgw.bat) Good: () -> No action taken.</p><p></p><p>Folders Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Files Detected: 4</p><p>C:\$Recycle.Bin\S-1-5-21-3334729812-3173734214-3854604701-1003\$RL8MD2Z.exe (Adware.HotBar) -> No action taken.</p><p>C:\ProgramData\dsgsdgdsgdsgw.bat (Exploit.Drop.GSA) -> No action taken.</p><p>C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> No action taken.</p><p>C:\ProgramData\dsgsdgdsgdsgw.reg (Exploit.Drop.GSA) -> No action taken.</p><p></p><p>(end)</p><p></p><p></p><p>Greg</p><p></p><p>thanks</p><p></p><p></p><p></p><p></p><p></p><p></p><p></p></blockquote><p></p>
[QUOTE="SoDawg81, post: 95824, member: 4630"] Thanks for the quick response and great help. First of all, I was able to run 'explorer.exe' from the task manager. This did NOT bring up my desktop, but did bring up the explorer window. From there I went to Desktop and then to IE to get to web. I input the address from your link for Malwarebytes Chameleon and got the download and unzipped. I did not see a 'help' file per se, but I did click on a file.. "Chameleon.chm" wich was a html file and that opened I Malwarebytes Chameleon window. Basically it said to click on the buttons one at a time to attempt to run chameleon. I clicked on all 12 buttons and they all came back and said 'tested', but did not open a dos window as it said 'if it worked'. I then went back to the zip file and just clicked on "mbam-chameleon.exe". This DID open a dos window and began running. It updated Malwarebytes as normal, then it said..."killing known malicious processes, please wait"... This lasted a LONG time, and now it just said "done' and now it is running Malwarebytes scan (I thought I was stuck when I started writing this)... OK... so Malwarebytes found an object, and I removed it, and saved the logs per your instructions. I will attach logs. I hit reboot to finish removing items and I am back to a black/locked screen again. This time I did not get the rundll error re: the virus file I had deleted, so that .bat file is gone, but it looks like I still have something locking up the screen. I can get to 'explorer.exe' and that is where I am? Should I try to run chameleon again or ? Logs: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2013.01.11.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Greg Henning :: DESKTOP [administrator] 1/11/2013 11:20:52 AM mbam-log-2013-01-11 (11-20-52).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 232900 Time elapsed: 13 minute(s), 35 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Exploit.Drop.GSA) -> Bad: (C:\PROGRA~3\dsgsdgdsgdsgw.bat) Good: () -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 4 C:\$Recycle.Bin\S-1-5-21-3334729812-3173734214-3854604701-1003\$RL8MD2Z.exe (Adware.HotBar) -> Quarantined and deleted successfully. C:\ProgramData\dsgsdgdsgdsgw.bat (Exploit.Drop.GSA) -> Quarantined and deleted successfully. C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Quarantined and deleted successfully. C:\ProgramData\dsgsdgdsgdsgw.reg (Exploit.Drop.GSA) -> Quarantined and deleted successfully. (end) LOg2 Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2013.01.11.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Greg Henning :: DESKTOP [administrator] 1/11/2013 11:20:52 AM mbam-log-2013-01-11 (11-34-55).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 232900 Time elapsed: 13 minute(s), 35 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 1 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Exploit.Drop.GSA) -> Bad: (C:\PROGRA~3\dsgsdgdsgdsgw.bat) Good: () -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 4 C:\$Recycle.Bin\S-1-5-21-3334729812-3173734214-3854604701-1003\$RL8MD2Z.exe (Adware.HotBar) -> No action taken. C:\ProgramData\dsgsdgdsgdsgw.bat (Exploit.Drop.GSA) -> No action taken. C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> No action taken. C:\ProgramData\dsgsdgdsgdsgw.reg (Exploit.Drop.GSA) -> No action taken. (end) Greg thanks [b][b][b][b][b][b][b][b][b][b][b][b][b][b][b][b][b][b][b][b][b][b][b][b][b][b][b][b][b][b][b][b][b][b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b][/b] [/QUOTE]
Insert quotes…
Verification
Post reply
Top