Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: help with a virus  (Read 18689 times)

0 Members and 1 Guest are viewing this topic.

evilfantasy

  • Malware Removal Specialist
  • Moderator


  • Genius
  • Calm like a bomb
  • Thanked: 493
  • Experience: Experienced
  • OS: Windows 11
Re: help with a virus
« Reply #45 on: January 02, 2008, 11:16:38 PM »
Open HijackThis and select Do a system scan only then place a check mark next to:

O4 - HKUS\S-1-5-18\..\Run: [Microsoft Telecoma Center] tellcoma.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Telecoma Center] tellcoma.exe (User 'Default user')


Close all windows except for HijackThis and click Fix checked

Exit Hijackthis.

----------

1) Please download Pocket Killbox

    Unzip it to the desktop

2) Please run Killbox.

3) Select "Delete on Reboot"

4) Open the text file with these instructions in it, and copy the file name in the quote box below to the clipboard by highlighting them and pressing Control-C:

Quote
C:\WINDOWS\System32\tellcoma.exe

5) Return to Killbox, go to the File menu, and choose "Paste from Clipboard"

6) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt Click "No" at the Pending Operations prompt



If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click HERE to download and run missingfilesetup.exe Then try Killbox again..

Let the system reboot.

Post a new HijackThis log.

blu_smiley

    Topic Starter


    Rookie

    Re: help with a virus
    « Reply #46 on: January 02, 2008, 11:57:37 PM »
    when i clicked "delete file" i got "pending file name operations registry data has been removed by external process"

    and then it doesnt reboot by itself

    evilfantasy

    • Malware Removal Specialist
    • Moderator


    • Genius
    • Calm like a bomb
    • Thanked: 493
    • Experience: Experienced
    • OS: Windows 11
    Re: help with a virus
    « Reply #47 on: January 03, 2008, 12:26:31 AM »
    Reboot the computer.

    After rebooting, open up Killbox again, click File -> Logs -> Actions History Log

    Copy and paste the contents of kb.log and post it in your next reply.


    If that doesn't work go to Start > Run and type: (or copy and paste)

    notepad systemdrive%\!Killbox\Logs\kb.log

    Copy and paste the contents of kb.log and post it in your next reply.


    Also run a new hijackthis scan and post the log.

    blu_smiley

      Topic Starter


      Rookie

      Re: help with a virus
      « Reply #48 on: January 03, 2008, 12:49:56 AM »
      kill box & hjt logs attached

      [file cleanup - saving space - attachment deleted by admin]

      evilfantasy

      • Malware Removal Specialist
      • Moderator


      • Genius
      • Calm like a bomb
      • Thanked: 493
      • Experience: Experienced
      • OS: Windows 11
      Re: help with a virus
      « Reply #49 on: January 03, 2008, 01:22:36 AM »
      This is definitely a nasty one. They are renamed to something else now.

      Open HijackThis and select Do a system scan only then place a check mark next to:

      O4 - HKUS\S-1-5-18\..\Run: [Microsoft Config 32] msconfigx32.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [Microsoft Config 32] msconfigx32.exe (User 'Default user')


      Close all windows except for HijackThis and click Fix checked

      Exit Hijackthis.



      Open Killbox.

      Click the button that says All Files

      Copy the files in the quote box below.

      Quote
      C:\WINDOWS\System32\tellcoma.exe
      C:\WINDOWS\System32\msconfigx32.exe

      In Killbox click File > Paste from clipboard

      Check the box to Replace On Reboot, then check the box under it Use Dummy.

      Then click the red X and allow reboot.

      Post the Killbox log i the next post along with a new hijackthis log please.



      blu_smiley

        Topic Starter


        Rookie

        Re: help with a virus
        « Reply #50 on: January 03, 2008, 02:16:38 AM »
        i cant seem to get the new kb log?....i got to kb..click files...click logs then i click actions history log but it comes up with the previous kb log..
        am i doing something wrong?

        evilfantasy

        • Malware Removal Specialist
        • Moderator


        • Genius
        • Calm like a bomb
        • Thanked: 493
        • Experience: Experienced
        • OS: Windows 11
        Re: help with a virus
        « Reply #51 on: January 03, 2008, 02:24:16 AM »
        Did it seem like it worked this time?


        blu_smiley

          Topic Starter


          Rookie

          Re: help with a virus
          « Reply #52 on: January 03, 2008, 02:35:07 AM »
          what do you mean?

          evilfantasy

          • Malware Removal Specialist
          • Moderator


          • Genius
          • Calm like a bomb
          • Thanked: 493
          • Experience: Experienced
          • OS: Windows 11
          Re: help with a virus
          « Reply #53 on: January 03, 2008, 02:36:13 AM »
          Did killbox work with no errors?

          Post a new hijackthis log please.

          blu_smiley

            Topic Starter


            Rookie

            Re: help with a virus
            « Reply #54 on: January 03, 2008, 02:40:18 AM »
            it came up with the same message as before

            ---------

            hjt log attched

            [file cleanup - saving space - attachment deleted by admin]

            evilfantasy

            • Malware Removal Specialist
            • Moderator


            • Genius
            • Calm like a bomb
            • Thanked: 493
            • Experience: Experienced
            • OS: Windows 11
            Re: help with a virus
            « Reply #55 on: January 03, 2008, 02:56:15 AM »
            I have asked on the errors and it seems this is not uncommon for killbox to report this.


            The log is finally clean. How is the computer now?


            Let's clear out the programs we've been using to clean up your computer, they are not suitable for
            general malware removal and could cause damage if launched accidentally.

            Please download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop.

            1. Double click OTMoveIt2.exe to launch it.
            2. Click on the CleanUp! button.
            3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
            4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
            4. When finished exit out of OTMoveIt2


            Download and install CleanUp!

            Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
            Set the program up as follows:

            • Click Options...
            • Move the arrow down to Standard CleanUp!
            • Uncheck the following:
              • Delete Newsgroup cache
              • Delete Newsgroup Subscriptions
            • Click OK
              • Press the CleanUp! button to start the program. Reboot/logoff when prompted.

                Note: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility



                This is a good time to clear your infected system restore points and establish a new clean restore point:
                • Go to Start > All Programs > Accessories > System Tools > System Restore
                • Select Create a restore point, and click Next.
                • Next, go to Start > Run and type in cleanmgr
                • Select the More options tab
                • Next to System Restore click Clean up...
                This will remove all restore points except the new one you just created.


                Let me know how everything is now.

            blu_smiley

              Topic Starter


              Rookie

              Re: help with a virus
              « Reply #56 on: January 03, 2008, 03:25:25 AM »
              I think everything is ok now!
              I'll let you know if any of the symptoms appear again!!
              thanks so much for this!! Im sorry if i ve bee a pain ^^
              thank you thank you!!

              btw..how come i have a antivirus on my pc but it still doesnt help instead we have to go through all thses steps?

              evilfantasy

              • Malware Removal Specialist
              • Moderator


              • Genius
              • Calm like a bomb
              • Thanked: 493
              • Experience: Experienced
              • OS: Windows 11
              Re: help with a virus
              « Reply #57 on: January 03, 2008, 03:41:35 AM »
              Quote
              thanks so much for this!! Im sorry if i ve bee a pain ^^

              No problem, glad you stuck it out also.

              Quote
              how come i have a antivirus on my pc but it still doesnt help instead we have to go through all thses steps?

              Not sure how it got there. All it takes is one click and all sorts of stuff can get in. Antivirus can't always stop some of the well written virus out there.

              Quote
              I'll let you know if any of the symptoms appear again!!

              Absolutely, we will be here.

              Quote
              I think everything is ok now!

              Good, I hope it stays that way.


              To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?


              Safe surfing........