Author Topic: killer do not erase a file  (Read 7160 times)

0 Members and 1 Guest are viewing this topic.

December 21, 2015, 06:17:06 pm

zutjpc1

  • Newbie

  • Offline
  • *

  • 6
  • Reputation:
    0
    • View Profile
killer do not erase a file
« on: December 21, 2015, 06:17:06 pm »
Hi Curson
It's 15 days that roguekiller could'nt erase the file, my win7 64 bits is not virtualized but I have a multiboot and a virtual drive.

Sincerely JP Claudel

Reply #1December 21, 2015, 07:56:23 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2333
  • Reputation:
    82
    • View Profile
Re: killer do not erase a file
« Reply #1 on: December 21, 2015, 07:56:23 pm »
Hi JP Claudel,

Please download Farbar Recovery Scan Tool (x64) and save it to your Desktop.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST64.exe). Please also attach that along with the FRST.txt into your reply.
Regards.

Reply #2December 22, 2015, 08:42:14 am

zutjpc1

  • Newbie

  • Offline
  • *

  • 6
  • Reputation:
    0
    • View Profile
Re: killer do not erase a file
« Reply #2 on: December 22, 2015, 08:42:14 am »
Hi Curson, file executed, here are both files done.
Sincerely JP Claudel

Reply #3December 22, 2015, 09:01:36 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2333
  • Reputation:
    82
    • View Profile
Re: killer do not erase a file
« Reply #3 on: December 22, 2015, 09:01:36 pm »
Hi JP Claudel,

Your system seems damaged.
Quote
Error: (12/22/2015 07:29:17 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: CLAUDEL-PC)
Description: Windows ne peut pas vous ouvrir une session car votre profil ne peut pas être chargé. Vérifiez que vous êtes connecté au réseau et que le réseau fonctionne correctement.

 DÉTAIL - Seule une partie d’une requête ReadProcessMemory ou WriteProcessMemory a été effectuée.

Error: (12/22/2015 07:29:17 AM) (Source: Service Control Manager) (EventID: 7005) (User: )
Description: L’appel LoadUserProfile a échoué avec l’erreur :
%%299

Error: (12/22/2015 07:26:57 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se charger :
fwdrv
khips
Please keep in mind that the repair process described below won't solve this

Uninstall the following software using Add/Remove programs :
Quote
SpyHunter
Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system !

Run FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply.

Regards.

Reply #4December 23, 2015, 04:07:07 pm

zutjpc1

  • Newbie

  • Offline
  • *

  • 6
  • Reputation:
    0
    • View Profile
Re: killer do not erase a file
« Reply #4 on: December 23, 2015, 04:07:07 pm »
Hello Curson,

My system is not damaged, I use Eset Smart security and make a fake name in case somebody still the computer and when the computer is log on the net, it  can be see with IP adress and give the geographic position.

I am connected by Lan on my job! and this file still there 852B5DBA012429CE.ads!?!

I will be out the net until monday 28th.

Happy Christmas
JPC

Reply #5December 23, 2015, 08:59:23 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2333
  • Reputation:
    82
    • View Profile
Re: killer do not erase a file
« Reply #5 on: December 23, 2015, 08:59:23 pm »
Hi JP Claudel,

I need the fixlog.txt file. Could you please attach it in your next reply ?
Happy Christmas to you.

Regards.

Reply #6December 24, 2015, 12:52:22 am

zutjpc1

  • Newbie

  • Offline
  • *

  • 6
  • Reputation:
    0
    • View Profile
Re: killer do not erase a file
« Reply #6 on: December 24, 2015, 12:52:22 am »
Hi Curson,

I had to go back on my saveguard from yesterday because about I had *.Bak file in the register (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList)that i modify, mistake from my part, so I have 3 files to propose you.

Happy Christmas
JPC


Reply #7December 28, 2015, 12:20:10 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2333
  • Reputation:
    82
    • View Profile
Re: killer do not erase a file
« Reply #7 on: December 28, 2015, 12:20:10 pm »
Hi JP Claudel,

What happened ?
Please generate a new RogueKiller report and attach it wih your next reply.

Regards.

Reply #8December 28, 2015, 06:09:12 pm

zutjpc1

  • Newbie

  • Offline
  • *

  • 6
  • Reputation:
    0
    • View Profile
Re: killer do not erase a file
« Reply #8 on: December 28, 2015, 06:09:12 pm »
Hi Curson!

tell me if you need more!
Regards
JPC

Reply #9December 30, 2015, 03:43:55 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2333
  • Reputation:
    82
    • View Profile
Re: killer do not erase a file
« Reply #9 on: December 30, 2015, 03:43:55 pm »
Hi JP Claudel,

These ADS are legit.
It's difficult to determine their function but the source must be a security software.
You can now safetly remove FRST and the files related.

Regards.

Reply #10December 30, 2015, 04:23:15 pm

zutjpc1

  • Newbie

  • Offline
  • *

  • 6
  • Reputation:
    0
    • View Profile
Re: killer do not erase a file
« Reply #10 on: December 30, 2015, 04:23:15 pm »
Hi Curson,

Pb Resolved, I download ADSspy.exe on "assiste.com" restart the computer in "Safe Mode without network" and start ADSspy and removed It without Pb, because in admin mode I coul'nt erase it bescause it was Used by the system!?!
I don't know.

Sincerely, I Thank you for your help! and have a good year 2016.
JP Claudel

Reply #11December 30, 2015, 06:55:13 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2333
  • Reputation:
    82
    • View Profile
Re: killer do not erase a file
« Reply #11 on: December 30, 2015, 06:55:13 pm »
Hi JP Claudel,

You are welcome.
I'm glad to hear your problem is now solved.

Good year 2016 to you. :)
Regards.