[theosk]

can someone help me with that?

[Daveskater]

Some how I managed to forget that you have to stop services

Please proceed with Howard's instructions.


This thread is for the use of theosk only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our Malware Removal forum.

[bushwhacker]

Sorry, but theosk don't understand what the problem is.

I asked him to hand me the hijackthis log.

Found some malwares, few of them are quite serious. He is having some problems with pings, on the counter strike.

He is from Brazil and is on 2 MB connection, but it should be fine in our servers, instead he kept getting kicked out.

Anyone care to help him to deep clean it?

[Howard]

Hello and welcome to TST.

Please ignore all other instructions.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

perfmons Service (perfmons)
Routing Service (Routing)

Close the services window.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

perfs.exe
routing.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe

O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or folders(if there).

C:\WINDOWS\system32\perfs.exe
C:\WINDOWS\system32\routing.exe

Reboot into normal mode and rehide your protected OS files.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as Attachments into this thread, only after doing the above.

Also, let me know the results of the Panda Antirootkit scan.

Regards Howard

This thread is for the use of theosk only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our malware Removal forum.

[Howard]

Due to lack of feedback, this thread is now closed.

If you are the original poster and need this thread re-opened please contact a moderator or PM me.

Note: Only the original poster can do this, anyone else will be ignored.

Regards Howard