Jump to content

l3130

Members
  • Posts

    19
  • Joined

  • Last visited

Reputation

0 Neutral
  1. MrCharlie, Thanks for your help late last week getting my wife's laptop cleared of the virus/malware. Your quick replies made it easy for me to make progress in a timely manner. Several days have past and everything is working great. Thanks again for your 1st rate help!!!

  2. MrC Results of screen317's Security Check version 0.99.51 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! Norton Security Suite WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.0.1400 Java 6 Update 35 Java version out of Date! Adobe Reader X (10.1.4) ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  3. I let it run as instructed and it looks like it was legit. Malicious Software Removal Tool had the following detail: Malware: Trojan:DOS/Alureon.A Status: Partially Removed Is the Virus name above the one I was infected with? Thank you very much for your effort MrCharlie! You're a good man.
  4. MrCharlie, It looks like success! The first Malwarebytes scan after using tdsskiller identified 1 infection. It was successfully cleaned on reboot. Additional scans (both quick and full) report all is clear. I do have one final question. Shortly after reboot I get a User Account Control pop-up window with the following detail: Program Name: Microsoft Corp Verified publisher: Microsoft Corportation File Origin: Hard drive on this computer Program location "c:\windows\Syustem32\MRT.exe" /R /RE This seems highly suspicious and I've been hitting No each time to prevent it from running. If it is this virus trying to restart is there a way to prevent it from running? I'm overly cautious at this point as I value the time and effort you have given to help me with this problem and don't want to undo all the hard work.
  5. Thanks for your support and very quick response.Farbar is running know, so I should have the requested info posted for review tomorrow. Thanks again.
  6. My luck! When shutting down Windows decided to upgrade 30 items. (I had the computer turned off for several weeks knowing I had this virus) When the system finally loaded all the updates and restarted I got "USER ACCOUNT CONTROL" pop-up that I'm looking for guidance on. Crap!!!! I planned on typing all the info here, but the window closed to quickly for me to write all the details down. It looked like the hard disk was trying to change an MRE file or something. I'll proceed with the directions listed above and hope for the best.
  7. I didn't know there were options, so I didn't try anything after previewing the requirements of the Windows Installation Disk... Didn't want to start something I couldn't compelte for fear it would cause further problems. So I should download the farbar first and give the "To enter System Recovery Options from the Advanced Boot Options:" first? If the step above works I won't need the installation disk?
  8. I'm traveling and don't have access to Windows Installation Disks. So I'm guessing I can not perform this option and will have to wait for a few days to follow this step. Can this be any Windows 7 installation disk or something specific to this computer? (maybe someone local has something I can borrow)
  9. First off thanks for the clarification above. When rebooting in the final stage of cleaning (tdsskiller) a blue screen data dump error occurred. (not certain if this detail is meaningful). Results File ListParts by Farbar Version: 02-10-2012 Ran by Joni (administrator) on 10-10-2012 at 20:21:51 Windows 7 (X64) Running From: C:\Users\Joni\Desktop Language: 0409 ************************************************************ ========================= Memory info ====================== Percentage of memory in use: 40% Total physical RAM: 6038.17 MB Available physical RAM: 3573.94 MB Total Pagefile: 12074.53 MB Available Pagefile: 9036.34 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ======================= Partitions ========================= 1 Drive c: (OS) (Fixed) (Total:576.54 GB) (Free:527.95 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 596 GB 2048 KB Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 101 MB 31 KB Partition 2 Primary 19 GB 104 MB Partition 3 Primary 576 GB 19 GB ====================================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No There is no volume associated with this partition. ====================================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 RECOVERY NTFS Partition 19 GB Healthy System (partition with boot components) ====================================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 576 GB Healthy Boot ====================================================================================================== ========================================================== TDL4: custom:26000022 ****** End Of Log ****** Only 2 Files were created by tdsskiller TDSSKiller.2.8.10.0_10.10.2012_20.25.39_log.txt TDSSKiller.2.8.10.0_10.10.2012_20.29.32_log.txt
  10. I'm in the middle of following the instructions above and have a question. TDSSKiller found five threats: Unsigned file Service Bluetooth, Device Monitor (Skip) Unsigned File Service: Bluetooth Medium Service (Skip) Unsigned File Service: Bluetooth OBEX Service (Skip) Rootkit.Boot. Pihar.c Physical Drive: \Device\Harddisk0\DR0 Malware Object High Risk (Cure) TDSS File System Physical Drive; \Device\Harddisk0\DR0 Suspicious object, medium Risk (Skip) Do I change the Rootkit.Boot. Pihar.c.... Defualt from Cure to Skip? or leave it at Cure. (The earlier directions implied to change it to skip for anything with the Device\Harddisk0\DR0, but this seems counterintuitative given it is listed as High Risk.
  11. Here's the RKrepot.... RogueKiller V8.1.1 [10/03/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Joni [Admin rights] Mode : Scan -- Date : 10/10/2012 17:12:13 ¤¤¤ Bad processes : 1 ¤¤¤ [sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK6475GSX +++++ --- User --- [MBR] 766f35feb751050c1141c93f447de2a9 [bSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 590375 Mo User != LL1 ... KO! --- LL1 --- [MBR] 13f51560750c6197d8d05164a795e359 [bSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code Partition table: 1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 590375 Mo User != LL2 ... KO! --- LL2 --- [MBR] 13f51560750c6197d8d05164a795e359 [bSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code Partition table: 1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 590375 Mo Finished : << RKreport[1].txt >> RKreport[1].txt
  12. MrCharlie, Thanks for offering your help and support. I want to make certain I fully understand “Quit all running programs”. 1) Does this mean all the applications that appear in Windows Task Manager, Application? or 2) does this mean to terminate antivirus programs (Norton in this case) and others that start automatically, but don’t show in Windows Task Manager, Application? If number 2, I'm not exactly certain how to identify all of them. Thanks,
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.