|
#107
April 24th, 2012, 01:51 AM
|
||||
|
||||
|
Go to Start Search, type cmd.exe in the Start Search box. Cmd.exe will appear at the top of the Menu. Rightclick on it and choose "Run as administrator". At the prompt copy/paste the following, pressing Enter after each:
net user administrator /active:yes You should get a confirmation that succeeded. Then type exit and press Enter to close that Window. Reboot to Safe Mode. At startup tap the F8 key about once per half-second, then select Safe Mode with Networking from the menu that will appear. You should now see the icon to log in to the Administrator account. Do that, then right click Computer, left click Explore/Open, and navigate to the Users folder - your normal user account, locate and try to run Gmer's normal scan then (Desktop, Downloads or wherever you have been running it from). 
|
|
#110
April 24th, 2012, 02:34 AM
|
|||
|
|||
|
Whenever I do a GMER scan a window will come up and say Windows has to close the scan because a problem has occurred. Then it says a solution is being looked for. I press okay, the scan is closed. Sometimes that happens, other times in normal mode, an icon in the bottom right hand corner will come up and say the file GMER is a corrupt file.
|
|
#111
April 24th, 2012, 02:43 AM
|
||||
|
||||
|
Let's check if active unseen malware is calling out there. Have active Internet access to do the following.
Go here and download TCPView, unzip that downloaded file and click the Tcpview.exe from that to run TCPView. Before doing that close all browsers. Once TCPView opens, click Options - Always On Top. The open whatever browser you use, and watch the TCPView display. What you are looking for is multiple obvious connections to various websites. Not yming (Yahoo) or just IP addresses (example - 257.09.223.187), but a bunch of activity that seems to be hitting many web sites all at once.
|
|
#113
April 24th, 2012, 03:25 AM
|
||||
|
||||
|
I sense you are understanding it right. It's busy list, but when TDL4/ZAcess is active there, the activity would jump out like a neon sign. So it's at least neutralized.
Try SRENg2 from Admin Safe Mode. Also run Gmer, by this time before clicking Scan, uncheck Services.
|
|
#114
April 24th, 2012, 04:19 AM
|
|||
|
|||
|
Tried to run both in safe mode, same messages cam up. Says Since System Engineer Repair 2.6, System Engineer Repair has broken down into SREngLdr module and SREngCore module. SREngCore Module will automatically generated by SREngLdr module when System Repair Engineer running.
GMER Scan still same message as well.
|
|
#115
April 24th, 2012, 04:23 AM
|
||||
|
||||
|
Late where I am, but one other thing to check please. Run SREng2 again. Where the actual SREngLdr.exe is located, running it should then create a second .exe file in the same location. Once you see it, click on that and see if SREng runs then.
|
|
#120
April 26th, 2012, 01:21 AM
|
||||
|
||||
|
I believe we did it already, but do need to locate this one hold-out.
Open Gmer again. Once it has completed it's opening scan, this time just right click in the white space in the display and select Options - Only non MS files. Then click Scan and allow Gmer to run a different scan. Once that completes click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
|
 |
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
All times are GMT +1. The time now is 10:59 AM.
