Page 1 of 2

[Solved] Computer running after virus removal

Posted: Thu Mar 01, 2012 4:55 am
by robertgu
I need some help to clean out my computer.
I got a fake/av and i was able to remove it, but my computer is still running real slow.
These is what i use so far.
1.malwarebytes
2. spybot
3. combofix
4. superantispyware
5. TDSSKILLER

Re: Computer running after virus removal

Posted: Thu Mar 01, 2012 11:00 am
by Fred
Hi Robertgu.

Could we have a UVK log from your computer? It would allow us to better identify possible malware remnants and the performance problem.

See here for instructions.

Thanks.

Re: Computer running after virus removal

Posted: Thu Mar 01, 2012 3:52 pm
by robertgu
Fred wrote:Hi Robertgu.

Could we have a UVK log from your computer? It would allow us to better identify possible malware remnants and the performance problem.

See here for instructions.

Thanks.
Hello Fred,
I tried doing that last night but I could pass this error code.
I had to many characters

Why can’t I add attachments?
Attachment permissions are granted on a per forum, per group, or per user basis. The board administrator may not have allowed attachments to be added for the specific forum you are posting in, or perhaps only certain groups can post attachments. Contact the board administrator if you are unsure about why you are unable to add attachments.

Re: Computer running after virus removal

Posted: Thu Mar 01, 2012 5:39 pm
by Fred
I think the attachments are enabled for all the registered users.

I'm going to check it out and post back in a while.

Re: Computer running after virus removal

Posted: Thu Mar 01, 2012 6:33 pm
by Fred
Ok, Robert, the attachments are enabled. Images will now be displayed inline.

But you'll still have to zip the log file to be able to upload it.

Re: Computer running after virus removal

Posted: Thu Mar 01, 2012 7:53 pm
by robertgu
Fred wrote:Ok, Robert, the attachments are enabled. Images will now be displayed inline.

But you'll still have to zip the log file to be able to upload it.
I will send it to you when I get home tonight. Thanks

Re: Computer running after virus removal

Posted: Thu Mar 01, 2012 8:46 pm
by Essexboy
Monitoring

Re: Computer running after virus removal

Posted: Fri Mar 02, 2012 1:09 am
by robertgu
robertgu wrote:
Fred wrote:Ok, Robert, the attachments are enabled. Images will now be displayed inline.

But you'll still have to zip the log file to be able to upload it.
I will send it to you when I get home tonight. Thanks

Re: Computer running after virus removal

Posted: Fri Mar 02, 2012 10:54 am
by Fred
Hi Robert. Thanks for the logs.

I have an advise, though. You should never save the UVK log as a UVK commands script. You can not imagine the damage you'd cause to your system if you made UVK run that script. UVK creates the log as a text file in your desktop named UVKLog.txt. That's the log you should host.

Essexboy is taking care of this thread. He's a very experienced malware removal teacher and forum helper.

You're in good hands.

Have a nice day, both of you.

Re: Computer running after virus removal

Posted: Fri Mar 02, 2012 8:47 pm
by Essexboy
Hello

Open UVK and select Windows Services and Drivers
Image

Locate the following Driver kyick They are in alphabetical order
Ensure the the file associated with it is C:\WINDOWS\System32\drivers\joind.sys
Ensure that also delete file is ticked
Image
Then select Delete Service(s)

Once done can you let me know how the system is behaving

Re: Computer running after virus removal

Posted: Fri Mar 02, 2012 10:27 pm
by robertgu
Essexboy wrote:Hello

Open UVK and select Windows Services and Drivers
Image

Locate the following Driver kyick They are in alphabetical order
Ensure the the file associated with it is C:\WINDOWS\System32\drivers\joind.sys
Ensure that also delete file is ticked
Image
Then select Delete Service(s)

Once done can you let me know how the system is behaving
Hello Essexboy, I will follow your instructions when I get home from work today.

These are some of the problem I was having last night.
1. I can't upgrade to the latest UVK 3.0.0.0
2. malwarebytes and Microsoft will not update to the latest update definitions (0x80248014 forMS Security Essentials)
3. I also have an old hosts

Thanks

Re: Computer running after virus removal

Posted: Fri Mar 02, 2012 10:52 pm
by Essexboy
OK after you have run the driver deletion I will need to check out some registry locations using a different tool initially

run farbar service scanner

Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Re: Computer running after virus removal

Posted: Sat Mar 03, 2012 2:31 am
by robertgu
Hey Essexboy,
I don't see the file name you want me to delete, all I see is these two file kbdclass and ksecdd.

Please see attachment. thanks

Re: Computer running after virus removal

Posted: Sat Mar 03, 2012 2:35 am
by robertgu
Fred wrote:Ok, Robert, the attachments are enabled. Images will now be displayed inline.

But you'll still have to zip the log file to be able to upload it.
Thanks Fred for hard word and all that u do :mrgreen:

Re: Computer running after virus removal

Posted: Sat Mar 03, 2012 10:33 am
by Fred
You're welcome Robert. I try to do my best, but I still don't dedicate as much time to the site and the forum as I should.

You don't need to zip pictures to upload them, unless you don't want them to be displayed in the post.

Can you please tell us exactly what happens when you try to update to the latest UVK version? A screenshot, maybe?

Sorry if you've been having trouble to post. The service has been heavily loaded the last two days, because of the last update. Too many downloads.

Thanks.

Re: Computer running after virus removal

Posted: Sat Mar 03, 2012 11:54 am
by robertgu
Well Fred already have version 2.7.0. and everytime I open up uvk it asked me do I want to upgrade to version 3.0.0.1 Then I click on the yes button, so I click on the yes button so it starts to download til it get to the very end and proof it disapair me.
So I open up uvk again and tried it again and the same thing happen. I did it about seven time with no luck.
Thanks to Essexboy and Fred for your help

Re: Computer running after virus removal

Posted: Sat Mar 03, 2012 12:08 pm
by Fred
Have you tried to download and install the last version manually?

Re: Computer running after virus removal

Posted: Sat Mar 03, 2012 12:12 pm
by fRequEnCy
robertgu wrote:Well Fred already have version 2.7.0. and everytime I open up uvk it asked me do I want to upgrade to version 3.0.0.1 Then I click on the yes button, so I click on the yes button so it starts to download til it get to the very end and proof it disapair me.
So I open up uvk again and tried it again and the same thing happen. I did it about seven time with no luck.
Thanks to Essexboy and Fred for your help
I am unable to duplicate the upgrade not updating to the current version which is 3.0.0.0 not 3.0.0.1. Can you just try to manually download from the main site and install that way?

Re: Computer running after virus removal

Posted: Sat Mar 03, 2012 12:35 pm
by robertgu
Fred wrote:Have you tried to download and install the last version manually?
Fred I did had in mind but I thought I would wait and see if it was a some type of virus or trojan that preventing me to upgrade your software.

I'm also having problems downloading the latest definition for microsoft security essential
thanks

Re: Computer running after virus removal

Posted: Sat Mar 03, 2012 1:08 pm
by robertgu
fRequEnCy wrote:
robertgu wrote:Well Fred already have version 2.7.0. and everytime I open up uvk it asked me do I want to upgrade to version 3.0.0.1 Then I click on the yes button, so I click on the yes button so it starts to download til it get to the very end and proof it disapair me.
So I open up uvk again and tried it again and the same thing happen. I did it about seven time with no luck.
Thanks to Essexboy and Fred for your help
I am unable to duplicate the upgrade not updating to the current version which is 3.0.0.0 not 3.0.0.1. Can you just try to manually download from the main site and install that way?
Freqency, I was able to do it manually.Thanks