apj101

I wouldnt format untill one of out mods ceewi or buzz have had a look, given that it seems they are the only ones who know what they are talking about.

__________________
TechZine
What did one snow man say to the other?
can you smell carrot?
The fight is won or lost far away from witnesses - behind the lines, in the gym, and out there on the road, long before I dance under those lights.

How you do anything, is how you do everything!

Nauru our homeland, the land we dearly love

GameMaster

Yes especially Buzz and his attempt to get rid of the Vundo notices using some RegCleaner
ceewi1 is a legend though...

I can say I know what I'm talking about. I don't know am I stupid or what, but I think I know a lot about helping other people ( cleaning viruses, mostly ). My only problem is that I didn't get a "license" to help people just because I was kicked from ALL universities for POSTING ON THIS FORUM.

Come on guys...if only ceewi1 is helping people on this forum, there would be a lot more unsolved cases...Taken that Buzz is not helping since I registered here.

__________________
dznutz:

cohen

I agree,

No sure what a regcleaner does

ceewi1, is a legend,

people like me and other new starters, at least get the starting stuff of the thread going and ceewi1 / punk / gamemaster finished it off.

__________________
Cohen

ceewi1

Buzz's approach to that thread had a great deal of merit. I'm sorry if you can't see the reasoning behind it, but frankly Buzz knows a lot more about this stuff than you do.

Reading through a 20 post thread to figure out what's been done since the first log usually takes a lot longer than just working the log from post 1. Also, ComboFix is not a one-size-fits-all anti-malware solution and needs to be used with care and only where appropriate.

Vizy93, while formatting will obviously resolve your problems, I am not yet convinced that it is necessary. If you have not yet formatted, please do the following:

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, Click Options > Change settings
• Choose the Scan-tab, remove the mark at Heuristic analysis.
• Back at the main window, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, look if you can click next icon next to the files found:
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
  This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
• After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new HijackThis log.

__________________

Cheap PSUs - 2% of system costs, responsible for 28% of system deaths

Vizy

Ceewi, i really appreciate you helping me out, but i needed a reformat anyways so i just went ahead and did it.

My computer is ok now, but i am worried about my external drive, where i basically have EVERYTHING of any importance on.

I did some googling and i found that for the virus:

win32/gaelicum

that i had to use this:

http://www.grisoft.com/ww.virus-removal.ndi-93721

It asked me to download two files and save them to the same folder. so i did that, and i ran the program. All my drives were clean. but it didn't scan my external. So then i went to the command line:

Then it scanned my external and said there were NO problems found. All my files seem to be ok... but i thought that the internetworm would've spread itself.

Is there ANY type of log that can show the status of my external??


Thanks alot ceewi

mep916

Don't be a smartass. Buzz has been helping people here long before you registered. Getting kicked out of universities was due to your own incompetence, and violating rules. Don't blame it on this community.

__________________
Core i7 920 @ 2.66 GHz || Cooler Master V8 || Foxconn BloodRage X58|| 896MB EVGA GTX 260 (55nm)|| 6GB G Skill DDR3 @ 1600MHz|| 2X 300GB WD Velociraptors (RAID 0) || 1TB Hitachi Deskstar || Cooler Master HAF 932 || 620W Corsair HX PSU || Windows 7 Ultimate/Vista Ultimate x64/Windows XP Pro

FOLDING FOR THE GOOD OF MANKIND:F@H Team 44358

Vizy

Oh and also,

please forgive me for making you waste your time by posting the cureit stuff. i still really appreciate it.

Sorry!

ceewi1

Not a problem. Gaelicum is a very dangerous file infector and a full format and reinstall is the best solution to it.

Even though regular anti-virus programs can't disinfect the files, they should be able to detect the virus and delete any infected files. I recommend running a full scan with your antivirus and/or use an online scanner such as BitDefender's to check the drive.

__________________

Cheap PSUs - 2% of system costs, responsible for 28% of system deaths

Vizy

Will do ceewi!

Thanks alot!