also @ TechSpot: Qualcomm shows off Mirasol, 1.5-inch panel shipping in products soon

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

PC not working-virus attacking it

Discussion in 'Virus and Malware Removal' started by whs1818, Jan 19, 2013.

Page 1 of 3

whs1818 Newcomer, in training Posts: 30

Recently my PC was infected with a virus. The virus will not let any program run, disabled my internet access (I have wireless), and it won't let me access any of the Windows Security folders. My anti-virus is at least a year out of date-closer to two probably. I am able to operate in safe mode but now with netorking or any of that. Please advise on what you would have me do to get rid of this virus. Thank you

whs1818, Jan 19, 2013

#1
Jay Pfoutz Malware Helper Posts: 4,286 +49
Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.

Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.

If you have already asked for help somewhere, please post the link to the topic you were helped.

We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!

Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please review the 4-Step instructions and post the logs back here for my review.

Also, include this scan:

Download AdwCleaner by Xplode onto your Desktop.

Double click on AdwCleaner.exe to run the tool.

Click on Delete.

A logfile will automatically open after the scan has finished.

Please post the content of that logfile in your reply.

You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
Jay Pfoutz, Jan 19, 2013

#2
Jay Pfoutz Malware Helper Posts: 4,286 +49

How is this working for you?

Jay Pfoutz, Jan 21, 2013

#3
whs1818 Newcomer, in training Posts: 30

I have not had a chance to get everything downloaded. Since I have no internet access I have to save to usb drive to get them on my computer. I will not be able to get to another computer until at least wednesday. Please bear with me. I will post the logs as soon as I am able. Thank you

whs1818, Jan 22, 2013

#4
Jay Pfoutz Malware Helper Posts: 4,286 +49

Okie dokie.

Jay Pfoutz, Jan 22, 2013

#5

whs1818 Newcomer, in training Posts: 30

I was only able to run these scans in safe mode. I tried doing them in normal mode but was not able to open the programs at all. My pc is now running really slow in normal mode. Do u want me to post the logs still or try running in normal mode again? Also, because I don't have internet access I was not able to check for updates to malwarebytes.

whs1818, Jan 24, 2013

#6

Jay Pfoutz Malware Helper Posts: 4,286 +49
Let's try the following set of tools:

RogueKiller Scan

Download RogueKiller from the following link and save it on your desktop:
TechSpot
Official Site (alternative)

Quit all programs

Start RogueKiller.exe.

Wait until Prescan has finished ...

Click on Scan

Wait for the end of the scan.

The report has been created on the desktop.

Click on the Delete button.

The report has been created on the desktop.

Next click on the ShortcutsFix

The report has been created on the desktop.

Please post:

All RKreport.txt text files located on your desktop.

Please download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3

Save it to your Desktop.

Double click the RKill desktop icon.

It will quickly run and launch a log. If it does not launch a log, try another download link until it does.

Please post its log in your next reply.

After it has run successfully, delete RKill.
Jay Pfoutz, Jan 25, 2013

#7
whs1818 Newcomer, in training Posts: 30

I will try downloading tomorrow. Am I to run these in normal mode? I was on my computer today in normal mode and wasn't able to open any program. I will click on a program and it will give me an hourglass, but it won't open up. I waited several minutes as my computer is running slow, but still nothing. If I am not able to run these in normal mode, should I run them in safe mode?

whs1818, Jan 28, 2013

#8
Jay Pfoutz Malware Helper Posts: 4,286 +49

You can try in Safe Mode. However you can get them to work. If not, let me know.

Jay Pfoutz, Jan 28, 2013

#9
whs1818 Newcomer, in training Posts: 30

Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 01/29/2013 08:55:47 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 2
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* AFD (AFD) is not Running.
Startup Type set to: System
* DHCP Client (Dhcp) is not Running.
Startup Type set to: Automatic
* DNS Client (Dnscache) is not Running.
Startup Type set to: Automatic
* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Manual
* Network Connections (Netman) is not Running.
Startup Type set to: Manual
* Security Center (wscsvc) is not Running.
Startup Type set to: Disabled
* Automatic Updates (wuauserv) is not Running.
Startup Type set to: Automatic
* AFD (AFD) is not Running.
Startup Type set to: System
* IPSEC driver (IPSec) is not Running.
Startup Type set to: System
* NetBios over Tcpip (NetBT) is not Running.
Startup Type set to: System
* TCP/IP Protocol Driver (Tcpip) is not Running.
Startup Type set to: System
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 01/29/2013 08:56:52 AM
Execution time: 0 hours(s), 1 minute(s), and 4 seconds(s)

whs1818, Jan 30, 2013

#10
whs1818 Newcomer, in training Posts: 30

RogueKiller V8.4.3 [Jan 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Safe mode
User : Administrator [Admin rights]
Mode : Scan -- Date : 01/29/2013 08:49:53
| ARK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : gredm ("C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Owner.WADE\Application Data\gredm.dll",mmx_support) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Run : deypsy ("C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Owner.WADE\Application Data\deypsy.dll",destroy_write_struct) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST3250824A +++++
--- User ---
[MBR] c2cc78721b7cc05186bc7f6e876ff08a
[BSP] c55164b1cd34950163365c1f0dc75a84 : Legit2 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 11261565 | Size: 232966 Mo
1 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 5498 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: SanDisk Cruzer Glide USB Device +++++
--- User ---
[MBR] 33a0f33fb7e7f518f64aedcb9dad35b0
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 7633 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1]_S_01292013_02d0849.txt >>
RKreport[1]_S_01292013_02d0849.txt

whs1818, Jan 30, 2013

#11
whs1818 Newcomer, in training Posts: 30

RogueKiller V8.4.3 [Jan 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Safe mode
User : Administrator [Admin rights]
Mode : Remove -- Date : 01/29/2013 08:50:51
| ARK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : gredm ("C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Owner.WADE\Application Data\gredm.dll",mmx_support) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Run : deypsy ("C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Owner.WADE\Application Data\deypsy.dll",destroy_write_struct) -> DELETED
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST3250824A +++++
--- User ---
[MBR] c2cc78721b7cc05186bc7f6e876ff08a
[BSP] c55164b1cd34950163365c1f0dc75a84 : Legit2 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 11261565 | Size: 232966 Mo
1 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 5498 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: SanDisk Cruzer Glide USB Device +++++
--- User ---
[MBR] 33a0f33fb7e7f518f64aedcb9dad35b0
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 7633 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[2]_D_01292013_02d0850.txt >>
RKreport[1]_S_01292013_02d0849.txt ; RKreport[2]_D_01292013_02d0850.txt

whs1818, Jan 30, 2013

#12
whs1818 Newcomer, in training Posts: 30

RogueKiller V8.4.3 [Jan 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Safe mode
User : Administrator [Admin rights]
Mode : Shortcuts HJfix -- Date : 01/29/2013 08:53:29
| ARK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 24 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 84 / Fail 0
My documents: Success 10 / Fail 10
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 329 / Fail 0
Backup: [NOT FOUND]
Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\CdRom1 -- 0x5 --> Skipped
[G:] \Device\Harddisk1\DP(1)0-0+e -- 0x2 --> Restored
[H:] \Device\Harddisk2\DP(1)0-0+9 -- 0x2 --> Restored
[I:] \Device\Harddisk3\DP(1)0-0+a -- 0x2 --> Restored
[J:] \Device\Harddisk4\DP(1)0-0+b -- 0x2 --> Restored
[K:] \Device\Harddisk5\DP(1)0-0+c -- 0x2 --> Restored
Finished : << RKreport[3]_SC_01292013_02d0853.txt >>
RKreport[1]_S_01292013_02d0849.txt ; RKreport[2]_D_01292013_02d0850.txt ; RKreport[3]_SC_01292013_02d0853.txt

whs1818, Jan 30, 2013

#13
whs1818 Newcomer, in training Posts: 30

All of these scans were ran in safe mode as I was unable to open anything in normal mode.

whs1818, Jan 30, 2013

#14
Jay Pfoutz Malware Helper Posts: 4,286 +49

TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Jay Pfoutz, Jan 30, 2013

#15
Jay Pfoutz Malware Helper Posts: 4,286 +49

Is this going okay?

Jay Pfoutz, Feb 1, 2013

#16
whs1818 Newcomer, in training Posts: 30

Haven't had a chance to get it downloaded yet. I wonder though, if I am only able to run these scans in safe mode, am I really going to be able to clean this virus/malware off of my PC?

whs1818, Feb 2, 2013

#17
Jay Pfoutz Malware Helper Posts: 4,286 +49

We should be able to get it all fixed. If it fusses with us, we can do boot scans, and work from outside of the operating system.

I'm not worried about it too much. Let me know how it goes or for any questions.

Jay Pfoutz, Feb 2, 2013

#18
whs1818 Newcomer, in training Posts: 30
The log is attached. Let me know the next step.
Attached Files:
- TDSSKiller.2.8.15.0_02.02.2013_17.04.42_log.txt
  
  File size:
  
  116.4 KB
  
  Views:
  
  1
whs1818, Feb 3, 2013

#19
Jay Pfoutz Malware Helper Posts: 4,286 +49
OTL Quick Scan

Please download OTL by OldTimer to your Desktop.

Close all windows and double click OTL.exe.

Click Quick Scan button and let the program run uninterrupted.

It will produce a log for you called OTL.txt, please post it in your next reply.

You may need to use two posts to get it all.
Jay Pfoutz, Feb 3, 2013

#20

Page 1 of 3

Topic Status:: Not open for further replies.

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.