mustardgas
New Member
As for opening malwarebytes in safe mode, the message is the safe as the one shown when I tried to open the HJT install- "...marked for deletion."
Go here and download rkill, click on the rkill.com or rkill.scr link and see if it will run. This should temporarily disable the active infection to where you can run malwarebytes.
http://www.technibble.com/rkill-repair-tool-of-the-week/
Just an offer here, if you are willing, I could remote into your system and help you that way.
For now just run malwarebytes not updated and lets see if it kills the process that is stopping it from getting updated. Post the log from malwarebytes after running it. You have one infection here and most likely many hidden still.
O4 - HKCU\..\Run: [edmpcdub] C:\Users\filmmaker\AppData\Local\vwhnyiffe\vdqvidf tssd.exe
I'm not exactly comfortable letting you have direct access to my computer.
To be honest, I feel a little strange having given you all the log information earlier, as I don't quite understand that stuff, and therefore don't know exactly what you or others could do with that info if you had malicious intent.
Definitely run a full scan.I tried a malwarebytes scan. Nothing was detected. But it was a quick scan. Should I try the full scan?
He's hoping that after Malwarebyte's Antimalware runs, you post your new HJT log and we tell you what else need to do, you will be able to get internet access. johnb35 will probably be back on in a bit. I'd be happy to guide you until then. Just run a full scan with Malwarebytes, then post your HJT log here and we'll go from there.How can I update it without an internet connection?
Don't blame you there. He's just trying to help out, but you don't know that...
Once again, I don't blame you. Better safe than sorry, right? But fear not - those logs are useless to anyone who has malicious intent - they simply show what processes, etc are running on your machine and browser variables. At best, someone could see that you're running a program that could be exploited (I don't see any), but they would have to know your IP address (which they would have to have server access to get), then get around what security (if any) your ISP has in place, past your router security and your firewall and actually know how to exploit said software. So... pretty harmless information there.
Thanks for the breakdown deanj20. I figured you guys were trustworthy (people have been submitting there logs for some time now after all). But you can never be too sure, right?
Definitely run a full scan.
Currently running full scan.
He's hoping that after Malwarebyte's Antimalware runs, you post your new HJT log and we tell you what else need to do, you will be able to get internet access. johnb35 will probably be back on in a bit. I'd be happy to guide you until then. Just run a full scan with Malwarebytes, then post your HJT log here and we'll go from there.
He's hoping that after Malwarebyte's Antimalware runs, you post your new HJT log and we tell you what else need to do, you will be able to get internet access. johnb35 will probably be back on in a bit. I'd be happy to guide you until then. Just run a full scan with Malwarebytes, then post your HJT log here and we'll go from there.
I had this POS virus hit my Vista laptop a few days ago.
1. http://www.myantispyware.com/2010/0...are-2010-vista-antivirus-2010-vista-guardian/
2. cut and paste all of this following text in Notepad and save it as a .reg file called "fix.reg" on your desktop.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
3. Double-click that .reg file. It will look like nothing has happened. Not true. Reboot and run Malwarebytes and do a FULL scan on your computer.
4. After you are done, search for av.exe or ave.exe and delete it in case Malwarebytes does not erase it for you. It should.
5. You should be just fine after this. A full virus scan would not hurt.
This worked perfectly for me. Good luck!
I had this POS virus hit my Vista laptop a few days ago.
1. http://www.myantispyware.com/2010/0...are-2010-vista-antivirus-2010-vista-guardian/
2. cut and paste all of this following text in Notepad and save it as a .reg file called "fix.reg" on your desktop.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
3. Double-click that .reg file. It will look like nothing has happened. Not true. Reboot and run Malwarebytes and do a FULL scan on your computer.
4. After you are done, search for av.exe or ave.exe and delete it in case Malwarebytes does not erase it for you. It should.
5. You should be just fine after this. A full virus scan would not hurt.
This worked perfectly for me. Good luck!
Is this completely hopeless?