|
| | | 
Junior Member
 
Group: Forum Members
Last Login: 7/30/2008 5:30 AM
Posts: 148, Visits: 310 |
| Hello all,, I'm in need...
I can only talk in safe mode. My computer reboots over and over. I've only been able to identify (ppcbooster\ppcb_32.exe) using Ad aware. Spybot doesn't work. Hijack this doesn't work. I'm disabled at the moment. any advise would be greatly appreciated.
thanks
Jack
Zoom Zoom |
| |
| | | 
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 29,548, Visits: 54,734 |
| Welcome
If you have not disabled System Restore,boot your computer into Safe Mode with Command Prompt using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode with Command Prompt".
At the prompt copy and paste:
%systemroot%\system32\restore\rstrui.exe
Then press Enter.
Follow the onscreen instructions.
_______________________________________________
ASAP & UNITE member since 2006
 
|
| |
| | |
Junior Member
Group: Forum Members
Last Login: 7/30/2008 5:30 AM
Posts: 148, Visits: 310 |
| thanks Richie...
but I don't have a restore point or date.
regards
Jack
Zoom Zoom |
| |
| | |
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 29,548, Visits: 54,734 |
| Are you able to boot into 'Safe Mode with Networking',try doing the following:
Download SmitfraudFix (by S!Ri),to your desktop.
Alternate official download locations Here and Here.
Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".
Double click on Smitfraudfix.cmd
Select #2 and hit Enter to delete the infected files.
You will be prompted: 'Do you want to clean the registry?' answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): 'Replace infected file ?' answer Y (yes) and hit Enter to restore a clean file.
A reboot may be needed to finish the cleaning process.
The report can be found at the root of the system drive, usually at C:\rapport.txt
Post the Smitfraudfix report into your next reply.
Download RSIT by random/random and save it to your desktop.
Double click on the RSIT.exe icon  to run the program.
Click Continue at the disclaimer screen.
Once the scan has finished,two logs will open.
Please post the contents of both log.txt which will be maximized on your desktop,and info.txt which will be minimized to your taskbar.
Both logs can also be found in the folder C:\rsit
_______________________________________________
ASAP & UNITE member since 2006
|
| |
| | |
Junior Member
Group: Forum Members
Last Login: 7/30/2008 5:30 AM
Posts: 148, Visits: 310 |
| thanks Richie,
the first thing that happens is when I double click on SmitfraudFix it gives me an error saying that it encountered a problem. I'm not able to get pass that point.
thanks
Jack
Zoom Zoom |
| |
| | |
Senior Forum Moderator
Group: Moderators
Last Login: 8/9/2008 10:14 AM
Posts: 29,548, Visits: 54,734 |
| Try the following,if SDFix won't run try Combofix.
Download SDFix.exe by AndyManchesta and save it to your desktop.
* Double click on SDFix on your desktop,and install the fix to C:\
* You might want to print/copy the following as you need to be in Safe Mode from here on.
* Please then reboot your computer into Safe Mode by doing the following:
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually.
* Instead of Windows loading as normal, a menu with options should appear.
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.
* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the C:\SDFix folder,then copy and paste the contents of the results file Report.txt into your next reply.
Download Combofix by sUBs and save to your desktop.
Alternative Combofix download link HERE.
Note
It is important that it is saved directly to your desktop
Close any open browsers.
Click on Start/Run,copy and paste the following bold text into the 'Open:' space,then press OK [See image below]:
"%userprofile%\desktop\combofix.exe" /killall
Combofix.exe will start,please follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.
Do NOT post the ComboFix-quarantined-files.txt unless I ask.
*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and download Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.
Also try this:
Download RSIT by random/random and save it to your desktop.
Double click on the RSIT.exe icon to run the program.
Click Continue at the disclaimer screen.
Once the scan has finished,two logs will open.
Please post the contents of both log.txt which will be maximized on your desktop,and info.txt which will be minimized to your taskbar.
Both logs can also be found in the folder C:\rsit
_______________________________________________
ASAP & UNITE member since 2006
|
| |
| | |
Junior Member
Group: Forum Members
Last Login: 7/30/2008 5:30 AM
Posts: 148, Visits: 310 |
| Richie, Appearently I can't download any of these files. I click on it and I get a "page load error". is there a way that I can get the .exe file direct? thanks
Jack
Zoom Zoom |
| |
| | | | |
|
