SpyWare BeWare! ASAP
July 20, 2017, 11:26:57 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
   Home   Help Search Calendar Donations Login Register Chat  

Google It!
Pages: [1]   Go Down
Author Topic: WNW test  (Read 6987 times)
0 Members and 1 Guest are viewing this topic.
ASAP Members
Hero Member
Offline Offline

Gender: Male
Date Registered:June 06, 2004, 05:50:23 PM
Posts: 6663


« on: December 15, 2010, 07:25:46 PM »

  • Use at your own risk: Spyware Beware forum's does not take responsibility for any outcome of following these directions. Every computer is different, so we cannot guarantee the outcome.
  • Not for Google Redirects see HERE
  • For fake anti-virus programs look at this post HERE
  • Vista and Windows 7 users:
  • These tools MUST be run from the executable. (.exe) every time you run them.
  • With Admin Rights (Right click, choose "Run as Administrator")

When you find that your computer is so bogged down with malware and nothing works, please look through this When Nut'n Works Tutorial© and maybe one of the options will work.

1. The first thing we want to do is to download and run Malwarebytes' Anti-Malware (MBAM) which you probably can't do....that's why you're here.

Reboot your computer into Safe Mode with Networking using the instructions for your version of Windows found HERE

You may not be able to connect to the internet, here's how to fix that:
  • Open up Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options.
  • Another way to get to your Internet Properties:
    Go to your Start Button > Run > copy and paste this in: inetcpl.cpl > Click OK
  • Now click on the Connections
  • Now click on the Lan Settings
  • Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen. Then press the OK button to close the Internet Options screen.
  • Now that you have disabled the proxy server you will be able to browse the web again with Internet Explorer.

If that doesn't work and you still can't access the net...please try this:

  • Copy all the text in the code box into notepad.
  • Save it as fix.reg
  • Save as file type > All files
  • Save it to your desktop

Note: Fix.reg is available for download for registered users HERE.
Just download and unzip it on a clean computer and transfer it to the sick computer by using a usb flash drive.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]

If you did it right it will look like this except with a different name:

Now double click on it and allow it to merge into the registry.

Now we have to stop the malware from running:

The malware is preventing you from downloading any programs, running any files such as .exe (executable) and even preventing you from using safe mode or connecting to the internet. We will attempt to terminate the malware that's running on your computer and restore some of the functions by using rkill.
If needed you can download it to a usb flash drive and then transfer it to the sick computer.

rkill tutorial found here

There's 7 versions of rkill.

Please Note: The purpose of this tool is to stop certain processes and fix certain reg keys that stop you from using our normal clean up tools. It is NOT designed to remove infections in their entirety and not designed to fix all problems.
Don't reboot the computer after running rkill or the malware will restart.

Download links for rkill: (some are renamed)
rkill.exe  rkill.com  rkill.scr
iExplorer.exe eXplorer.exe  

When you find a version that does run, immediately download and run MBAM.

Here's how to rename MBAM to enable it to run if needed: Check HERE

Common Issues, Questions, and their Solutions for MBAM HERE HERE, HERE and HERE

The latest MBAM definitions update is available for download HERE if needed.

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.

Once the program has loaded, select "Perform Full Scan", then click Scan.

The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediatly.

Note: Some infections will prevent MBAM from running. If MBAM won't run, try renaming the file mbam-setup.exe to a random name, and then try again.
2. If that doesn't work....try running VIPRE Rescue Program
VIPRE Rescue Program is a new anti-malware utility that runs from the command prompt that will scan for and remove most malware including rootkits. It will run when other programs won't.
It now also work on 64-bit systems.

Please note: Windows must load for this scanner to work.

It's easy to use:

1. Download VIPRE Rescue to your desktop (it's a big download about 80mb.....takes about 4-5 minutes on broadband and always download a fresh copy as it is updated frequently)

2. Double click on the VIPRE Rescue icon, it will ask if you want to extract VIPRE Rescue Scanner to your computer, click yes.

3. The "WinZip Self- Extractor" window will pop-up, click Unzip
It should by default unzip to C:
Make sure the checkbox for "When done unzipping open: .\deep_scan.bat" is checked
After the files are unzipped, click OK

4. VIPRE Rescue will now run automatically and perform a deep (full) scan.

5. When it's done, type exit and press enter to close the program.

6. The log isn't that good but will be in the VIPRERESCUE folder and listed as a CSV file.

7. Now see if you can run MBAM.
Note: If you find that you can't download any programs to the infected computer, you can download VIPRERescue to a usb flash drive on another computer.
Then plug the drive into the infected computer, navigate to the drive and double click on VIPRERescue****.exe and follow the directions above starting at #2.

3. Try using SUPERAntiSpyware Portable Scanner.
It's easy to use, just download SAS Portable Scanner to the sick computer, double click on it and then run it.
If you can't download it on the sick computer, download it onto another computer and then put it on a usb pen drive or cd and run it from there.

Please note: Windows must load for this scanner to work and also the scanner is saved under a random filename so that malware infections won't block the scanner.
Please look over what was quarantined (especially files located in system32) before closing SAS, once you close the program the quarantined items are not easily restored.
The program and logs are located in a temp folder called SAS_SelfExtract, do a search for it.

4. Make a AVG Rescue CD:

"AVG rescue CD is basically a portable version of AVG anti-virus, which runs on linux distribution as bootable CD or bootable USB flash drive. This Rescue CD is equipped with AVG Antivirus , AVG Anti Spyware and some administrator recovery tool.
You can scan and remove computer virus without booting operating system first. It is suitable for recovering MS Windows and Linux operating systems (FAT32 and NTFS file systems) from virus and spyware attack. Meanwhile, Administrator toolset on AVG rescue disk are Windows Registry editor, a TestDisk utility for data recovering and lost partitions, a file browser for navigating folders, and a Ping tool for basic network diagnostics."

Please Note: Windows does not have to load for this scanner to work.

AVG Rescue CD Guide-check here

You can download  AVG rescue CD  HERE.
It's also located on ThisPage, make sure you download the .iso file.

Here's how it goes:

Download and install Active@ ISO Burner
Click HERE  for ISOBurner Instructions.
Install the program, and follow the next set of steps.

After you install Active@ ISO Burner, put a blank cd-r in your burner and double click on the AVG Rescue CD.iso you downloaded and Active@ ISO Burner should automatically open up.....now click BURN.

The program is very easy to use, you'll just be pressing Enter most of the time but here's how it goes:

1. After the rescue cd is made, boot-up the sick computer, put the rescue cd in and then restart it.
Note: In order to do so, the computer must be set to boot from the CD first. For information on how to do that....click HERE.

 2. At the Boot Menu: Choose AVG Rescue CD (1) and press Enter

3. Let it load, at the Disclaimer Screen......just choose I agree or not and press Enter

4. At the Update Screen, choose Yes and press EnterNext screen, Choose Update from Internet and press Enter

 5. At the  Update Priority Configuration window, choose Priority 2 Virus Database Update and press Enter

6. Let it update and when finished, Press any key to continue

7. You end up back at the Update Screen, choose Return and press Enter

8. Your at the Main Menu screen, choose Scan, press Enter

9. Scan Type Menu, choose Volumes Scan - Selected Volumes and press Enter

10. Scan Volumes, choose OK and press Enter

11. Scan Options, choose OK and press Enter

12. Run Scan, choose Yes and press Enter

13. When scan is complete, Press any key to continue

14. Info screen, choose OK and press Enter

15. To see the scan report, select Report File and press Enter
Please look over the list as some files can be crucial for the Windows system and deleting them can make it inoperative, if  in your not sure please Google the file or files.

16. Scan Results Menu, use the up and down keys and choose Select - Handle single or groups of infected files, press Enter
Go through the files and choose to Rename the infected file, don't choose Delete!
This is important....Rename<---

17. Read the Warning Screen, Yes and Enter

18. Back to Scan Results Menu, choose Back or Return to get to the Main Menu and then choose ---->Reboot System
Don't forget to take out the rescue cd.

19. All the malware files will be renamed to _INFECTED.arl, to find all of these files....
Go to Start > Search > All Files and Folders > type _INFECTED.arl and click search.
Example: malware.exe would be renamed to malware.exe_infected.arl

20. Note: If you find the cd doesn't load, it's most likely do to a bad download or bad burn, download the file again and burn it at a slower speed.

5. If none of the above options work and your computer still won't boot or is unusable.....please do this on a clean computer:

Note: OTLPE is just a tool that we use and is no value to you...so please don't use it yet, one of the malware team will instruct you on how and when to use it.

Download OTLPEStd.exe from  the link below: (it's a big download)

After you download it, put a blank cd-r in your burner and double click on the OTLPEStd.exe.
It will automatically burn an OTLPE image to the disk, when done...remove the disk, it will be used later. You will also need a usb flash drive and please don't use OTLPE without guidance.

If you are not a registered member...please register  HERE,
then.....Start a New Topic in the Malware Removal forum.
Please state that you followed this tutorial, the problems you are having and that you have made an OTLPE bootable disk and are waiting instructions on how to proceed from here.
One of the Malware Team will instruct you on the next steps.

Your questions or comments about the tutorial are welcome....please note that I can't diagnose your system here.

Good Luck and Thanks for using the forum.....MrC

My help is always free here but if you would like to show your appreciation, it will be much appreciated.
Thanks MrC
Pages: [1]   Go Up
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!