[Inactive] Nasty Virus infection including fakeantivirus

nonaestet · Nov 25, 2010

Its the same tool, by the same author, but it burns to usb, and you set the pc to boot from usb.

nonaestet · Nov 25, 2010

Found a disk, burnt the disc, and after pressing one to install standard it gives me three more options.

nonaestet · Nov 25, 2010

it says mbr is not flagged as bootable, and it says i can flag it as bootable, delete the partition information and set as bootable, or just flag as bootable.

Broni · Nov 25, 2010

Let's try something else...

If you have Vista/7 DVD...

start with step 2

If you don't have Vista/7 DVD...

1. Create Vista/7 Recovery Disc.

Option 1 :
Vista: http://www.c4consulting.com.au/soluctions/vista/VISTA SOLUCTIONS.htm
Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

Option 2:
Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning ISO Images to a CD or DVD

2. Boot from created disk.

Vista users. At first screen click on Repair your computer:

Windows 7 users. At first screen click on Install now:

Select your language and click next:

Click the button for "Use recovery tools":

The following applies to both, Vista and Windows 7 users.

This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:

After this, it will present you with a list of options including startup repair, system restore and command prompt:

Select Command Prompt

Type in:
bootrec /FixMbr (<--- there is a "space" after "bootrec")
and then press Enter

Once completed then type Exit, press Enter and restart computer.

Post fresh MBRCheck log.

nonaestet · Nov 25, 2010

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: Intel Corp.
BIOS Manufacturer: INSYDE
System Manufacturer: TOSHIBA
System Product Name: Satellite L355
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 109):
0x82400000 \SystemRoot\system32\ntkrnlpa.exe
0x827A1000 \SystemRoot\system32\hal.dll
0x802C6000 \SystemRoot\system32\kdcom.dll
0x80266000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8025D000 \SystemRoot\system32\PSHED.dll
0x80255000 \SystemRoot\system32\BOOTVID.dll
0x8021A000 \SystemRoot\system32\CLFS.SYS
0x8051F000 \SystemRoot\system32\CI.dll
0x804A3000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8020D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80460000 \SystemRoot\system32\drivers\acpi.sys
0x80204000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80458000 \SystemRoot\system32\drivers\msisadrv.sys
0x80433000 \SystemRoot\system32\drivers\pci.sys
0x80424000 \SystemRoot\system32\drivers\volmgr.sys
0x80201000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8041A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8040A000 \SystemRoot\System32\drivers\mountmgr.sys
0x80403000 \SystemRoot\system32\DRIVERS\intelide.sys
0x807F2000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x807EB000 \SystemRoot\system32\DRIVERS\pciide.sys
0x807A1000 \SystemRoot\System32\drivers\volmgrx.sys
0x806D9000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x806D1000 \SystemRoot\system32\drivers\atapi.sys
0x806B3000 \SystemRoot\system32\drivers\ataport.SYS
0x806AA000 \SystemRoot\system32\drivers\msahci.sys
0x80679000 \SystemRoot\system32\drivers\fltmgr.sys
0x80669000 \SystemRoot\system32\drivers\fileinfo.sys
0x80660000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82CFC000 \SystemRoot\system32\drivers\ndis.sys
0x80635000 \SystemRoot\system32\drivers\msrpc.sys
0x82CC3000 \SystemRoot\system32\drivers\NETIO.SYS
0x82EF8000 \SystemRoot\System32\Drivers\Ntfs.sys
0x82C59000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82C23000 \SystemRoot\system32\drivers\volsnap.sys
0x80630000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x80619000 \SystemRoot\System32\drivers\partmgr.sys
0x8060A000 \SystemRoot\System32\Drivers\mup.sys
0x82ED3000 \SystemRoot\System32\drivers\ecache.sys
0x82C12000 \SystemRoot\system32\drivers\disk.sys
0x82EB2000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x80601000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B86F000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x82E05000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B864000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8B827000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B819000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B800000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E0CC000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8EBED000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8E0B9000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8E0AE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E00E000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8B9CA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8E003000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E168000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8EBB8000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8EB78000 \SystemRoot\system32\DRIVERS\storport.sys
0x8E15D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E146000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8EB5D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8EB3A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8B40A000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8EB27000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8B419000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8B9C8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8EA2D000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E9F0000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
0x8EBE3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8EA57000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E91C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8B5F0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8E102000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8E045000 \SystemRoot\System32\Drivers\Null.SYS
0x8E04C000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B93D000 \SystemRoot\System32\drivers\vga.sys
0x8E8FB000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8EA64000 \SystemRoot\System32\drivers\watchdog.sys
0x8E1C0000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8E8D0000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8E8C2000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8E10B000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F32F000 \SystemRoot\System32\drivers\tcpip.sys
0x8E8A9000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8E894000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8E880000 \SystemRoot\system32\DRIVERS\smb.sys
0x8E84E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8E837000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8F2E8000 \SystemRoot\system32\drivers\afd.sys
0x8E821000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8E813000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F2AD000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8E950000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F256000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F243000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x97400000 \SystemRoot\System32\win32k.sys
0x8E95A000 \SystemRoot\System32\drivers\Dxapi.sys
0x977E0000 \SystemRoot\System32\drivers\dxg.sys
0x97600000 \SystemRoot\System32\TSDDD.dll
0x97610000 \SystemRoot\System32\framebuf.dll
0x93065000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8E96E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8F4C2000 \SystemRoot\system32\DRIVERS\bowser.sys
0x99238000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9921A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x99FC7000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x93000000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x99E38000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x779D0000 \Windows\System32\ntdll.dll

Processes (total 24):
0 System Idle Process
4 System
328 C:\Windows\System32\smss.exe
392 csrss.exe
428 csrss.exe
436 C:\Windows\System32\wininit.exe
480 C:\Windows\System32\winlogon.exe
512 C:\Windows\System32\services.exe
524 C:\Windows\System32\lsass.exe
532 C:\Windows\System32\lsm.exe
680 C:\Windows\System32\svchost.exe
740 C:\Windows\System32\svchost.exe
780 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\svchost.exe
888 C:\Windows\System32\svchost.exe
908 C:\Windows\servicing\TrustedInstaller.exe
968 C:\Windows\System32\svchost.exe
1020 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\svchost.exe
1260 C:\Windows\System32\svchost.exe
1564 C:\Windows\explorer.exe
1708 C:\Windows\HelpPane.exe
2036 C:\Users\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000023`4c900000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVS-60RST0, Rev: 04.01G04

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

Broni · Nov 25, 2010

Good job

See, if you can boot to normal mode now.

Also delete your Combofix file, download fresh one and post new log (normal, or safe mode).

nonaestet · Nov 25, 2010

booting to normal mode works, but the updates pop up for a second. Systems still very slow in normal mode. Ill post the combo fix log soon.

Broni · Nov 25, 2010

Don't worry about any other issues for now.
The most important is that you can use normal mode now.

TechSpot

[Inactive] Nasty Virus infection including fakeantivirus

nonaestet Newcomer, in training

nonaestet Newcomer, in training

nonaestet Newcomer, in training

Broni Malware Annihilator

nonaestet Newcomer, in training

Broni Malware Annihilator

nonaestet Newcomer, in training

Broni Malware Annihilator