[Solved] Computer running after virus removal

This forum is intended to help the users to disinfect their computers.
robertgu
Posts: 45
Joined: Wed Feb 15, 2012 4:38 pm

[Solved] Computer running after virus removal

Post by robertgu »

I need some help to clean out my computer.
I got a fake/av and i was able to remove it, but my computer is still running real slow.
These is what i use so far.
1.malwarebytes
2. spybot
3. combofix
4. superantispyware
5. TDSSKILLER
Fred
Site Admin
Posts: 2357
Joined: Sat Jul 30, 2011 12:05 pm
Location: Red coast, France
Contact:

Re: Computer running after virus removal

Post by Fred »

Hi Robertgu.

Could we have a UVK log from your computer? It would allow us to better identify possible malware remnants and the performance problem.

See here for instructions.

Thanks.
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.

Fred
robertgu
Posts: 45
Joined: Wed Feb 15, 2012 4:38 pm

Re: Computer running after virus removal

Post by robertgu »

Fred wrote:Hi Robertgu.

Could we have a UVK log from your computer? It would allow us to better identify possible malware remnants and the performance problem.

See here for instructions.

Thanks.
Hello Fred,
I tried doing that last night but I could pass this error code.
I had to many characters

Why can’t I add attachments?
Attachment permissions are granted on a per forum, per group, or per user basis. The board administrator may not have allowed attachments to be added for the specific forum you are posting in, or perhaps only certain groups can post attachments. Contact the board administrator if you are unsure about why you are unable to add attachments.
Fred
Site Admin
Posts: 2357
Joined: Sat Jul 30, 2011 12:05 pm
Location: Red coast, France
Contact:

Re: Computer running after virus removal

Post by Fred »

I think the attachments are enabled for all the registered users.

I'm going to check it out and post back in a while.
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.

Fred
Fred
Site Admin
Posts: 2357
Joined: Sat Jul 30, 2011 12:05 pm
Location: Red coast, France
Contact:

Re: Computer running after virus removal

Post by Fred »

Ok, Robert, the attachments are enabled. Images will now be displayed inline.

But you'll still have to zip the log file to be able to upload it.
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.

Fred
robertgu
Posts: 45
Joined: Wed Feb 15, 2012 4:38 pm

Re: Computer running after virus removal

Post by robertgu »

Fred wrote:Ok, Robert, the attachments are enabled. Images will now be displayed inline.

But you'll still have to zip the log file to be able to upload it.
I will send it to you when I get home tonight. Thanks
Essexboy
Posts: 10
Joined: Sun Sep 11, 2011 4:01 pm

Re: Computer running after virus removal

Post by Essexboy »

Monitoring
Image
robertgu
Posts: 45
Joined: Wed Feb 15, 2012 4:38 pm

Re: Computer running after virus removal

Post by robertgu »

robertgu wrote:
Fred wrote:Ok, Robert, the attachments are enabled. Images will now be displayed inline.

But you'll still have to zip the log file to be able to upload it.
I will send it to you when I get home tonight. Thanks
Attachments
COMPUTER LOGS.zip
UVK LOG
MALWAREBYTES LOG
(279.81 KiB) Downloaded 716 times
Fred
Site Admin
Posts: 2357
Joined: Sat Jul 30, 2011 12:05 pm
Location: Red coast, France
Contact:

Re: Computer running after virus removal

Post by Fred »

Hi Robert. Thanks for the logs.

I have an advise, though. You should never save the UVK log as a UVK commands script. You can not imagine the damage you'd cause to your system if you made UVK run that script. UVK creates the log as a text file in your desktop named UVKLog.txt. That's the log you should host.

Essexboy is taking care of this thread. He's a very experienced malware removal teacher and forum helper.

You're in good hands.

Have a nice day, both of you.
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.

Fred
Essexboy
Posts: 10
Joined: Sun Sep 11, 2011 4:01 pm

Re: Computer running after virus removal

Post by Essexboy »

Hello

Open UVK and select Windows Services and Drivers
Image

Locate the following Driver kyick They are in alphabetical order
Ensure the the file associated with it is C:\WINDOWS\System32\drivers\joind.sys
Ensure that also delete file is ticked
Image
Then select Delete Service(s)

Once done can you let me know how the system is behaving
Image
robertgu
Posts: 45
Joined: Wed Feb 15, 2012 4:38 pm

Re: Computer running after virus removal

Post by robertgu »

Essexboy wrote:Hello

Open UVK and select Windows Services and Drivers
Image

Locate the following Driver kyick They are in alphabetical order
Ensure the the file associated with it is C:\WINDOWS\System32\drivers\joind.sys
Ensure that also delete file is ticked
Image
Then select Delete Service(s)

Once done can you let me know how the system is behaving
Hello Essexboy, I will follow your instructions when I get home from work today.

These are some of the problem I was having last night.
1. I can't upgrade to the latest UVK 3.0.0.0
2. malwarebytes and Microsoft will not update to the latest update definitions (0x80248014 forMS Security Essentials)
3. I also have an old hosts

Thanks
Essexboy
Posts: 10
Joined: Sun Sep 11, 2011 4:01 pm

Re: Computer running after virus removal

Post by Essexboy »

OK after you have run the driver deletion I will need to check out some registry locations using a different tool initially

run farbar service scanner

Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
Image
robertgu
Posts: 45
Joined: Wed Feb 15, 2012 4:38 pm

Re: Computer running after virus removal

Post by robertgu »

Hey Essexboy,
I don't see the file name you want me to delete, all I see is these two file kbdclass and ksecdd.

Please see attachment. thanks
Attachments
uvkprintscreen.zip
print screen
(169.53 KiB) Downloaded 670 times
robertgu
Posts: 45
Joined: Wed Feb 15, 2012 4:38 pm

Re: Computer running after virus removal

Post by robertgu »

Fred wrote:Ok, Robert, the attachments are enabled. Images will now be displayed inline.

But you'll still have to zip the log file to be able to upload it.
Thanks Fred for hard word and all that u do :mrgreen:
Fred
Site Admin
Posts: 2357
Joined: Sat Jul 30, 2011 12:05 pm
Location: Red coast, France
Contact:

Re: Computer running after virus removal

Post by Fred »

You're welcome Robert. I try to do my best, but I still don't dedicate as much time to the site and the forum as I should.

You don't need to zip pictures to upload them, unless you don't want them to be displayed in the post.

Can you please tell us exactly what happens when you try to update to the latest UVK version? A screenshot, maybe?

Sorry if you've been having trouble to post. The service has been heavily loaded the last two days, because of the last update. Too many downloads.

Thanks.
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.

Fred
robertgu
Posts: 45
Joined: Wed Feb 15, 2012 4:38 pm

Re: Computer running after virus removal

Post by robertgu »

Well Fred already have version 2.7.0. and everytime I open up uvk it asked me do I want to upgrade to version 3.0.0.1 Then I click on the yes button, so I click on the yes button so it starts to download til it get to the very end and proof it disapair me.
So I open up uvk again and tried it again and the same thing happen. I did it about seven time with no luck.
Thanks to Essexboy and Fred for your help
Fred
Site Admin
Posts: 2357
Joined: Sat Jul 30, 2011 12:05 pm
Location: Red coast, France
Contact:

Re: Computer running after virus removal

Post by Fred »

Have you tried to download and install the last version manually?
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.

Fred
fRequEnCy
Posts: 21
Joined: Mon Jan 23, 2012 8:03 pm

Re: Computer running after virus removal

Post by fRequEnCy »

robertgu wrote:Well Fred already have version 2.7.0. and everytime I open up uvk it asked me do I want to upgrade to version 3.0.0.1 Then I click on the yes button, so I click on the yes button so it starts to download til it get to the very end and proof it disapair me.
So I open up uvk again and tried it again and the same thing happen. I did it about seven time with no luck.
Thanks to Essexboy and Fred for your help
I am unable to duplicate the upgrade not updating to the current version which is 3.0.0.0 not 3.0.0.1. Can you just try to manually download from the main site and install that way?
robertgu
Posts: 45
Joined: Wed Feb 15, 2012 4:38 pm

Re: Computer running after virus removal

Post by robertgu »

Fred wrote:Have you tried to download and install the last version manually?
Fred I did had in mind but I thought I would wait and see if it was a some type of virus or trojan that preventing me to upgrade your software.

I'm also having problems downloading the latest definition for microsoft security essential
thanks
robertgu
Posts: 45
Joined: Wed Feb 15, 2012 4:38 pm

Re: Computer running after virus removal

Post by robertgu »

fRequEnCy wrote:
robertgu wrote:Well Fred already have version 2.7.0. and everytime I open up uvk it asked me do I want to upgrade to version 3.0.0.1 Then I click on the yes button, so I click on the yes button so it starts to download til it get to the very end and proof it disapair me.
So I open up uvk again and tried it again and the same thing happen. I did it about seven time with no luck.
Thanks to Essexboy and Fred for your help
I am unable to duplicate the upgrade not updating to the current version which is 3.0.0.0 not 3.0.0.1. Can you just try to manually download from the main site and install that way?
Freqency, I was able to do it manually.Thanks
Post Reply