|
|
| Next: If you thought your day was bad............. |
| Author |
Message |
ferasb
Joined: Feb 22, 2009
Posts: 20
|
 Posted: Wed May 13, 2009 8:56 pm Post subject: |
|
|
|
| Hi,
Notepad was one of the files that was affected by the virus and the exe file no longer loads because of an antivirus that I guess completely wiped the program off my PC. How do I replace it to run combofix?
|
|
|
| Back to top |
|
 |
greyknight17
Joined: Feb 03, 2003
Posts: 5674
Location: Brooklyn, NY
|
| Posted: Thu May 14, 2009 12:10 pm Post subject: |
|
|
How about if you rename Notepad.exe to Notepad.com? Notepad should be located in C:\Windows\.
If that still doesn't work, try the below:
Download the OTMoveIt3 by OldTimer.
- Before you save it, rename it to OTMoveIt3.com instead. Then save it to your desktop.
- Please double-click OTMoveIt3.com to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
| Code: |
:Processes
explorer
:Services
protect
spider
spidernt
msncache
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"reader_s"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"reader_s"=-
:Files
C:\38.tmp
C:\39.tmp
C:\3A.tmp
C:\3B.tmp
C:\3C.tmp
C:\3D.tmp
C:\3E.tmp
C:\3F.tmp
C:\40.tmp
C:\41.tmp
C:\42.tmp
C:\43.tmp
C:\44.tmp
c:\documents and settings\Owner\reader_s.exe
C:\ocqkmoc.exe
c:\windows\system32\2B.tmp
c:\windows\system32\2E.tmp
c:\windows\system32\3.tmp
c:\windows\system32\4.tmp
c:\windows\system32\5.tmp
c:\windows\system32\7.tmp
c:\windows\system32\7.tmp
c:\windows\system32\8.tmp
c:\windows\system32\drivers\protect.sys
c:\windows\system32\DRWEBSP.DLL
c:\windows\System32\reader_s.exe
c:\windows\system32\yezumoyu.exe
c:\progra~1\DrWeb
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
|
- Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
- Click the red MoveIt! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. |
|
| Back to top |
|
|
ferasb
Joined: Feb 22, 2009
Posts: 20
|
| Posted: Thu May 14, 2009 1:29 pm Post subject: |
|
|
| Unfortunately, that didn't help. Also, after running the program, I no longer have access to the internet. It says that I have "limited or no connectivity". |
|
| Back to top |
|
|
greyknight17
Joined: Feb 03, 2003
Posts: 5674
Location: Brooklyn, NY
|
| Posted: Fri May 15, 2009 11:40 am Post subject: |
|
|
I thought the internet was having problems earlier already when you posted it as being down?
The fix should not have touched the internet settings. Post the log file here from another computer if you can.
We are usually successful in most of the virus/malware removal. But in some cases, it may be too heavily infected and a format and reinstall of Windows is recommended. You may want to do this now...backup your data first before proceeding. |
|
| Back to top |
|
|
ferasb
Joined: Feb 22, 2009
Posts: 20
|
| Posted: Fri May 15, 2009 1:59 pm Post subject: |
|
|
Hi. The internet did end up coming back before, but now it hasn't come back since I ran the last fix.
Now, as far as reformatting my computer, I have a Compaq presario and it didn't come with any backup CDs or anything so I have to press F10 when it is loading to do the process, but I am getting this message: STOP: c000021a {Fatal System Error} The Windows Logon Process system terminated unexpectedly with a status of 0xc0000034 (0x00000000 0x00000000). The system has shut down.
I appreciate everything you have done to help me and I am hoping you can help me reformat my computer as I have never done this. Thanks so much. |
|
| Back to top |
|
|
greyknight17
Joined: Feb 03, 2003
Posts: 5674
Location: Brooklyn, NY
|
| Posted: Sat May 16, 2009 11:11 am Post subject: |
|
|
| That's not good. It looks like the recovery partition might be corrupted if you can't restore it using F10. This computer didn't come with any restore CDs? If not, see if you can obtain them at the HP website. |
|
| Back to top |
|
|
ferasb
Joined: Feb 22, 2009
Posts: 20
|
| Posted: Sat May 16, 2009 12:12 pm Post subject: |
|
|
| I did search this and they aren't offering the recovery disks anymore for it. Will it work with any old XP CD? I have a friend that has XP for a different brand of PC, will that work to set it up? I don't know how else to reformat it because no disks seem available. I might just end up taking it in for someone to do it for me. |
|
| Back to top |
|
|
greyknight17
Joined: Feb 03, 2003
Posts: 5674
Location: Brooklyn, NY
|
| Posted: Fri May 22, 2009 10:03 pm Post subject: |
|
|
If it's branded for another computer, it will most likely not work. Even if it will, the product key used may be a problem since some CDs will only work with their own PCs.
You might have to bite the bullet and take this one in then. If anything, try getting another XP CD for it also just in case this problem arises again. |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
| |
|
|
General