Karl`s PC Help Forums Last active: Never
Not logged in [Login ]
Go To Bottom

In memory of Karl Davis, founder of this board, who made his final journey 12th June 2007

Post Reply
Who Can Post? All users can post new topics and all users can reply.
Username   Need to register?
Password:   Forgot password?
Subject: (optional)
Icon: [*]
Formatting Mode:

Insert Bold text Insert Italicised text Insert Underlined text Insert Centered text Insert a Hyperlink Insert E-mail Hyperlink Insert an Image Insert Code Formatted text Insert Quoted text Insert List
HTML is Off
Smilies are On
BB Code is On
[img] Code is On
:) :( :D ;)
:cool: :o shocked_yellow :P
confused2 smokin: waveysmiley waggyfinger
brshteeth nananana lips_sealed kewl_glasses
Show All Smilies

Disable Smilies?
Use signature?
Turn BBCode off?
Receive email on reply?
The file size of the attachment must be under 200K.
Do not preview if you have attached an image.

Topic Review

[*] posted on 6-6-2011 at 16:53
It is indeed Pancake. I've been singing your praises everywhere. kewl_glasses
John Barnes

[*] posted on 6-6-2011 at 07:23
Ok Mary it was that black desktop that threw me.jmb

[*] posted on 6-6-2011 at 07:08
I think its 'case closed'?

[*] posted on 6-6-2011 at 05:58
It's sorted now John. The malware had taken over administrator privileges which is why I couldn't change the background. It's definitely genuine Windows 7 unless Tesco are going down the route of selling black market stuff. :)
John Barnes

[*] posted on 6-6-2011 at 01:23
Mary/ not being facetious here. but if your system is windows 7 and you have downloaded and installed KB 971033 and or KB253352 update, or been putting service pack 1 on, and it has left you with a black desktop there is a good chance you are running a non genuine windows 7.jmb

ps you can change the desktop theme away from the black by just clicking on windows themes

[*] posted on 5-6-2011 at 11:21
Thanks Pancake. If you're ever in Scotland I'll treat you to your tea! :)

[*] posted on 5-6-2011 at 11:06
Ok.All done.I see no more malware.Log looks good! All those detections are either in quarantine or system restore, both of which we'll be cleaning out in just a minute. Congratulations, well done.

Go to :
Start > Run then copy and paste the following highlighted (blue) text below into the box and click OK.

ComboFix /uninstall

Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer. OTC is a small program that removes all the leftover tools and logs from cleanup of malware.

Please download OTC to your desktop.

Double-click OTC to run it. (Vista users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Here are some tips to reduce the potential for malware infection in the future; I strongly suggest that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.


Malware Prevention

How Did I Get Infected

More Tips on Prevention


[*] posted on 5-6-2011 at 10:53
Originally posted by Faolan

Catalyst is AMD's graphics drivers you can get them here:


I can't get online unless in safe mode and this won't download unless in normal mode. A system rebuild isn't going to be possible for me. I'm not a techy.

[*] posted on 5-6-2011 at 10:26
One or two scary moments there:

- - End Of File - - 6DEC4881F31171443DCA3DC013D12CEB

[*] posted on 5-6-2011 at 10:12
If you have problems with this, and I went through the above on a recent system and I found it screwed up a lot of Windows settings and forced me to do a rebuild. It was far quicker to do this and try to fix the numerous problems.

Catalyst is AMD's graphics drivers you can get them here:


Also make sure your Java is up to date as is Flash, the attacks seem to come from these two vectors.

There has been a lot of search engine poisoning lately leading to Google and Bing to serve up malware in the image searches. There is little you can do about it apart from locking your system down.

If you use Opera you can also block JavaScript globally and allow on a site by site basis and/or use NoScript, NoScript is also available for Firefox.

[*] posted on 5-6-2011 at 09:47
Ok.Just run the Combofix now.

[*] posted on 5-6-2011 at 09:45
Have rebooted. Will now only allow me to go online in safe mode. I gave it 10 minutes using normal mode but kept getting a message about "Catalyst command centre" having stopped working and Windows was looking for a solution.

The only new thing I had done recently on the computer was set up a gmail account btw.

Internet booted up quickly in safe mode.

[*] posted on 5-6-2011 at 09:09
Malwarebytes' Anti-Malware

Database version: 6774

Am about to reboot.

[*] posted on 5-6-2011 at 08:34
Downloading. Will get back to you.

hijackthins won't write to notepad btw

[*] posted on 5-6-2011 at 00:27
Lets make sure its clean.....

Please download Malwarebytes' Anti-Malware from one of these places:

Majorgeeks or Besttechie

Double Click mbam-setup.exe to install the application.

[color=red]* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.[/color]
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.Do so.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply.


[color=red]Download Combofix [/color]from Bleepingcomputer or Geekstogo [color=red]and place it on your Desktop[/color]

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Combofix may be slow to start and appear to be doing nothing before it starts scanning.Just leave it,it will start.

You can get help on disabling your protection programs here : http://www.bleepingcomputer.com/forums/topic114351.html

Please include the C:\ComboFix.txt in your next reply for further review.

Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a qualified helper


[*] posted on 5-6-2011 at 00:19
Thanks for the suggestion John.

Norton seems to have quarantined the trojan. My only problem is that my desktop display is in black and has been disabled. I don't seem to be able to change it despite being the admin.

It's all part of the scam to make you think that you do have a critical problem on your computer.
John Barnes

[*] posted on 4-6-2011 at 23:28
have downloaded and run malware bytes this will sort out any malware on your computer jmb

[*] posted on 4-6-2011 at 21:24
Norton is saying that "TrojanFakeAV" has been quarantined and that it is "partially resolved". Norton still scanning.

[*] posted on 4-6-2011 at 21:10
I've been infected with malware I think. When I open the laptop normally I get various error messages such as critical use of hard drive/failure to read hard drive/loss of data etc. A "Windows Recovery Defrag" window opens up and it seems to be one of those that "runs" and discovers corrupted files which it will fix for a fee.

When I try to run Hijackthis it shuts down. Norton won't get past Backdoor.

In Safemode with networking Norton is currently running and has shown up no problems so far but hijackthis won't run.

Any suggestions Pancake?