1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Redirects, Fake Malware Program, System Restore Disabled

Discussion in 'Malware and Virus Removal Archive' started by rjohns75, 2011/05/26.

Page 2 of 2
  1. 2011/06/04
    rjohns75

    rjohns75 Inactive Thread Starter

    Joined:
    2011/05/25
    Messages:
    17
    Likes Received:
    0
    This method didn't work because I couldn't locate the UserData folder. I unhide all files and searched for it and it couldn't be found. Also, I searched the web for other solutions and on mentioned going to Admin Tools. I went there and noticed that all of the tools were deleted.
     
    rjohns75,
    #21
  2. 2011/06/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    How exactly did you try to access Admin Tools?

    Also....

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box into the main textfield:
      Code:
      :folderfind
UserData
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
    broni,
    #22


  3. to hide this advert.

  4. 2011/06/04
    rjohns75

    rjohns75 Inactive Thread Starter

    Joined:
    2011/05/25
    Messages:
    17
    Likes Received:
    0
    I accessed Admin tools two ways; 1) run, control admintools and 2) Control Panel, Administrative Tools.

    The log from the scan is below. The folders identified by the scan are not visible in Windows Explorer even when I change the folder settings to show hidden files.


    SystemLook 04.09.10 by jpshortstuff
    Log created at 22:14 on 04/06/2011 by Robert
    Administrator - Elevation successful

    ========== folderfind ==========

    Searching for "UserData "
    C:\Documents and Settings\Robert\UserData d--hs-- [14:56 16/02/2006]
    C:\Documents and Settings\Robert\Application Data\Microsoft\Internet Explorer\UserData d--hs-- [00:10 23/01/2010]
    C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData d--hs-- [07:35 21/01/2010]

    -= EOF =-
     
    rjohns75,
    #23
  5. 2011/06/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    "UserData" is a system folder, so you have to also allow system files/folders view (same place, where you enable hidden files view).
     
    broni,
    #24
  6. 2011/06/04
    rjohns75

    rjohns75 Inactive Thread Starter

    Joined:
    2011/05/25
    Messages:
    17
    Likes Received:
    0
    The instructions from the link http://support.microsoft.com/kb/836914 says I the four folders under UserData should contain files. I changed the view opions to display hidden filed and unchecked "Hide protected operating system files" but all of the folders were empty. So I hope you don't have a problem with me jumping the gun but I ran SystemLook with this script:

    :filefind
    WindowsUpdate*

    to try to locate the WindowsUpdate file the instructions say I should delete. The log is as follows (I did not do anything other than run the SystemLook program.

    SystemLook 04.09.10 by jpshortstuff
    Log created at 22:57 on 04/06/2011 by Robert
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "WindowsUpdate* "
    C:\Documents and Settings\Robert\Local Settings\Temporary Internet Files\Content.IE5\LNSJ3DD4\windowsupdate_microsoft_com[1].htm --a---- 3191 bytes [02:24 05/06/2011] [02:24 05/06/2011] 33DC52C49FD093C115AE5C2807D6F2E5
    C:\Documents and Settings\Robert\Recent\WindowsUpdate.lnk --a---- 687 bytes [10:49 04/06/2011] [10:49 04/06/2011] 213FF6995A23896827D7E20907EF3ACE
    C:\WINDOWS\WindowsUpdate.log --a---- 1746409 bytes [19:02 10/08/2004] [02:37 05/06/2011] C85713BB492394141FBEEA7B6A3A418E

    -= EOF =-
     
    rjohns75,
    #25
  7. 2011/06/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Well, at this point....

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.

    Good luck!
     
    broni,
    #26
  8. 2011/06/04
    rjohns75

    rjohns75 Inactive Thread Starter

    Joined:
    2011/05/25
    Messages:
    17
    Likes Received:
    0
    Thank you very much for your assistance.
     
    rjohns75,
    #27
  9. 2011/06/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome :)
     
    broni,
    #28
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...