Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
TDSSkiller and combofix do not work on my computer, what next?
Message
<blockquote data-quote="Fiery" data-source="post: 90735" data-attributes="member: 9"><p>Hello,</p><p></p><p>It is good that you don't connect to the internet as the malware may download more stuff as we remove them.</p><p></p><p>The FRST log looks way better now. Below I have listed the instructions <strong>in the order</strong> that I want you to <strong>attempt</strong> them. <span style="color: #FF0000">DO NOT</span> attempt another option if the previous one worked successfully (by successfully, I mean the program ran smoothly without being stopped).</p><p></p><p></p><p><strong><u>Option 1: </u></strong></p><p>On the clean computer, open notepad and copy & paste the following:</p><p></p><p></p><p>and save it as <span style="color: #FF0000"><strong>fixlist.txt</strong></span> onto your flash drive. Then try booting to system recovery and to command prompt as before or with the CD (Follow the FRST instructions I gave you previously). If you are able to start FRST in system recovery, click <strong>Fix</strong>. Post the generated log. If you can't try option 2.</p><p></p><p>===================================</p><p><u><strong>Option 2</strong></u></p><p>On a clean computer, download a new copy of Combofix onto your flash drive but rename it to <strong>Nigel.exe</strong>. Transfer the copy onto the infected PC's <strong>Desktop</strong>. Also, download a copy of rKill to your desktop as well and transfer it over to the infected one. (You may want to download all 3 versions in case 1 doesn't work).</p><p></p><p>Download and run <span style="color: blue"><strong>RKill</strong></span></p><p><a href="http://download.bleepingcomputer.com/grinler/rkill.com" target="_blank"><u><span style="color: blue">Download mirror 1</span></u></a> - <a href="http://download.bleepingcomputer.com/grinler/rkill.exe" target="_blank"><u><span style="color: blue">Download mirror 2</span></u></a> - <a href="http://download.bleepingcomputer.com/grinler/iExplore.exe" target="_blank"><u><span style="color: blue">Download mirror 3</span></u></a></p><p></p><p></p><ul> <li data-xf-list-type="ul">Transfer it to your Desktop.</li> <li data-xf-list-type="ul">Double click the RKill desktop icon.</li> <li data-xf-list-type="ul">It will quickly run. If it does not run, try another download link from above.</li> </ul><p><img title="RKILL Command prompt" src="http://malwaretips.com/images/removalguide/rkill2.png" alt="[Image: run-rkill-2.png]" width="507" height="256" border="0" /></p><ul> <li data-xf-list-type="ul">When Rkill has completed its task, it will <<strong>>generate a log</<strong>>. You can then <<strong>>proceed with the rest of the guide</<strong>>.</strong></strong></strong></strong></li> </ul><p><strong><strong><strong><strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><img title="RKILL LOG" src="http://malwaretips.com/images/removalguide/rkill3.png" alt="[Image: XP Defender 2013 rkill3.jpg]" width="414" height="187" border="0" /></li></strong></strong></strong></strong></p><p><strong><strong><strong><strong></ol><br></strong></strong></strong></strong></p><p><strong><strong><strong><strong><br><<strong>>WARNING: Do not reboot your computer after running RKill as the malware process will start again , preventing you from properly performing the next step.</<strong>></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><span style="color: #FF0000">Before you run combofix: Please let combofix run for an hour or two atleast if it hangs on the "might take ten minutes, but maybe longer" step. This infection is severe so let it run and be patient.</span></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong>Open up Notepad and paste the following:</strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong></strong></strong></strong></strong></strong></strong></p><p> <strong><strong><strong><strong><strong><strong>* Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe</strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong> * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!</strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong> * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.</strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong> * Now use your mouse to drag CFscript.txt on top of ComboFix.exe</strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><img src="http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif" alt="" class="fr-fic fr-dii fr-draggable " style="" /></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong> * Follow the prompts.</strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong> * When it finishes, a log will be produced named c:\combofix.txt</strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong> * I will ask for this log below</strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong>===========================</strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong><u><strong>Option 3</strong></u></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong>Similar to option 1, but NOT in system recovery. Do this is normal mode.</strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong>Open notepad and copy & paste the following:</strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong>and save it as <span style="color: #FF0000"><strong>fixlist.txt</strong></span> onto your flash drive.</strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong>Plug it into your infect PC, open FRST and click <strong>fix</strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong></strong></strong></strong></strong></strong></strong></p><p><strong><strong><strong><strong><strong><strong>Post the log afterwards.</strong></strong></strong></strong></strong></strong></p></blockquote><p></p>
[QUOTE="Fiery, post: 90735, member: 9"] Hello, It is good that you don't connect to the internet as the malware may download more stuff as we remove them. The FRST log looks way better now. Below I have listed the instructions [b]in the order[/b] that I want you to [b]attempt[/b] them. [color=#FF0000]DO NOT[/color] attempt another option if the previous one worked successfully (by successfully, I mean the program ran smoothly without being stopped). [b][u]Option 1: [/u][/b] On the clean computer, open notepad and copy & paste the following: and save it as [color=#FF0000][b]fixlist.txt[/b][/color] onto your flash drive. Then try booting to system recovery and to command prompt as before or with the CD (Follow the FRST instructions I gave you previously). If you are able to start FRST in system recovery, click [b]Fix[/b]. Post the generated log. If you can't try option 2. =================================== [u][b]Option 2[/b][/u] On a clean computer, download a new copy of Combofix onto your flash drive but rename it to [b]Nigel.exe[/b]. Transfer the copy onto the infected PC's [b]Desktop[/b]. Also, download a copy of rKill to your desktop as well and transfer it over to the infected one. (You may want to download all 3 versions in case 1 doesn't work). Download and run [color=blue][b]RKill[/b][/color] [url=http://download.bleepingcomputer.com/grinler/rkill.com][u][color=blue]Download mirror 1[/color][/u][/url] - [url=http://download.bleepingcomputer.com/grinler/rkill.exe][u][color=blue]Download mirror 2[/color][/u][/url] - [url=http://download.bleepingcomputer.com/grinler/iExplore.exe][u][color=blue]Download mirror 3[/color][/u][/url] [list][*]Transfer it to your Desktop. [*]Double click the RKill desktop icon. [*]It will quickly run. If it does not run, try another download link from above.[/list] <img title="RKILL Command prompt" src="http://malwaretips.com/images/removalguide/rkill2.png" alt="[Image: run-rkill-2.png]" width="507" height="256" border="0" /> [list] [*]When Rkill has completed its task, it will <[b]>generate a log</[b]>. You can then <[b]>proceed with the rest of the guide</[b]>.[/b][/b][/b][/b][/list][b][b][b][b] <img title="RKILL LOG" src="http://malwaretips.com/images/removalguide/rkill3.png" alt="[Image: XP Defender 2013 rkill3.jpg]" width="414" height="187" border="0" /></li> </ol><br> <br><[b]>WARNING: Do not reboot your computer after running RKill as the malware process will start again , preventing you from properly performing the next step.</[b]> [color=#FF0000]Before you run combofix: Please let combofix run for an hour or two atleast if it hangs on the "might take ten minutes, but maybe longer" step. This infection is severe so let it run and be patient.[/color] Open up Notepad and paste the following: * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe * At this point, you MUST EXIT ALL BROWSERS NOW before continuing! * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop. * Now use your mouse to drag CFscript.txt on top of ComboFix.exe [img]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img] * Follow the prompts. * When it finishes, a log will be produced named c:\combofix.txt * I will ask for this log below =========================== [u][b]Option 3[/b][/u] Similar to option 1, but NOT in system recovery. Do this is normal mode. Open notepad and copy & paste the following: and save it as [color=#FF0000][b]fixlist.txt[/b][/color] onto your flash drive. Plug it into your infect PC, open FRST and click [b]fix[/b] Post the log afterwards.[/b][/b][/b][/b][/b][/b] [/QUOTE]
Insert quotes…
Verification
Post reply
Top