Inactive "Hard drive clusters partly damaged" virus

Sry this is a work computer and i get little time to spend doing this but i am going to re-start since re-reading your latest post.

Here is the url from previous thread...

https://www.techspot.com/vb/topic173209.html


Logs coming next...

Okay.

DDS didnt scan correctly...it just continues to run/scan until computer eventually freezes. Avast is still active but all 'real time protection' is shut down. I couldnt figure out how to complete exit out of Avast.

And also do you need a new Maleware Log? That one is a week old.

Please observe forum rules.
If your topic gets closed due to inactivity you should PM your original helper (that would be me in this case) to reopen it.
Your original topic is 4 weeks old so you'll have to start over and post all required logs.
PM me if you need your original topic to be reopened: https://www.techspot.com/vb/showthread.php?p=1118116

Okay, this is very confusing. I'm not going to keep a thread open for 2 weeks because you can't get to the system. Two weeks apart for scan and logs is too long:

2. Start over with the cleaning:>> your decision.
Description of problems as they exist now: > none given> I need a description of the problems NOW
URL reference to previous thread: > Closing old thread
Run the remaining preliminary scans again: Start over now:


If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Click to expand...

Note: You do not need to disable the AV for these scans. I will instruct you in when and how to do it as needed. I do not want a log from the AV you have now.
=========================================
If this is not clear:
1 Update and run a new scan with Malwarebytes.
2. You do not need to run GMER again.
3. Run this first.
Please download this file: xp_scr_fix.

Unpack (unzip) the file onto your desktop and double-click it. You will be asked if you wish to merge the file with you registry, say Yes.
-------------------
3. Now run DDS. You should then be able to run DDS.scr.It's the .scr file extension causing the problem.
If it still won't run, let me know.
============================================
Leave logs for Malwarebytes and 2 for DDS in your next reply.
==========================================
Unless you tell me what is happening with the system now, I cannot help you. Forget you posted this problem a month ago. Forget you abandoned that thread. You are starting over, you are running only the scans I give you. You will have to reply back within 5 days.
=========================================
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• Follow the order of the tasks I give you. Order is crucial in cleaning process.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.
• Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed.
=====================================

I'll keep the other topic closed then.

Updated Maleware Log

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8397

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/19/2011 1:19:56 PM
mbam-log-2011-12-19 (13-19-56).txt

Scan type: Full scan (C:\|)
Objects scanned: 259308
Time elapsed: 1 hour(s), 52 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\administrator\application data\Sun\Java\deployment\cache\6.0\13\332cbe0d-45c2328c (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\application data\esr.exe (Rootkit.0Access) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\application data\pkw.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\temp\559.5494.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ce95dc1d-92fb-4af5-b926-1abef5a34cfe}\rp1618\a0133852.exe (Rootkit.0Access) -> Quarantined and deleted successfully.
c:\system volume information\_restore{ce95dc1d-92fb-4af5-b926-1abef5a34cfe}\rp1618\a0133853.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

I still could not run DDS even after the xp_scr_fix. I get these pop-ups from Avast with a title stating 'You are opening an application that may be potentially unsafe', so I click i choose the 'run normally' option. Then DDS will just scan for way longer than the recommended 3 minutes until the whole system eventually freezes.


As for what is happening with the Computer now, its just extremely slow. I no longer get the 'hard-drive clusters are partly damaged' pop-ups or any other unusual problems after the original Malewarebytes & Avast scans through Safe Mode when problem first occured.

Thanks for being patient, my job doesnt allow me to continuously focus and fix this problem for hours here but i do get back to you guys as soon as i can.

did I do something wrong again? Thought i got it all I could for the time being.

Holiday Notice! I will not be working on the threads Sat. Dec. 24 or Sunday Dec. 25. I will begin with the oldest threads first on Monday. I will do my best to get you finished or as far along as I can before that. Please do not send a PM during those days.
---------------------------------------
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  ***Please note: if you have downloaded Combofix to a flash drive, then run it on the infected machine> the Recovery Console will not install- just bypass and go on.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once installed, you should see a blue screen prompt that says:
  The Recovery Console was successfully installed.
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
=========================

• Download the file TDSSKiller.zip and save to the desktop.
  (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
• Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
• Double click on TDSSKiller.exe. to run the scan
• When the scan is over, the utility outputs a list of detected objects with description.
  The utility automatically selects an action (Cure or Delete) for malicious objects.
  The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
• Select the action Quarantine to quarantine detected objects.
  The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
• After clicking Next, the utility applies selected actions and outputs the result.
• A reboot is required after disinfection.

===========================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:

1. Open the ESETOnlineScan
2. Skip to #4 to "Continue with the directions"
   
   If you are using a browser other than Internet Explorer
3. Open Eset Smart Installer
   [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
   [o] Double click on the desktop icon to run.
   [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
   
4. Continue with the directions.
   
5. Check 'Yes I accept terms of use.'
6. Click Start button
7. Accept any security warnings from your browser.
   
   
8. Uncheck 'Remove found threats'
9. Check 'Scan archives/
10. Leave remaining settings as is.
11. Press the Start button.
12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
13. When the scan completes, press List of found threats
14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
15. Push the Back button, then Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

Tried to run ComboFix, 3 times. Eventually stalled/froze during all 3. All browers and real-time protection was exited.

First time ComboFix ran it ran the longest, scanning until it found a 'RootKill' virus, then shortly after i clicked OK, it ran some more till freezing the whole system.

Second time, it said Avast was still running even though it was not (question about this below) so I made sure then hit OK (saying I turned off Avast) then it ran till system freeze.

Third time, no unusal problem just scanned till system froze again.

----

One thing im not positive on is shutting down Avast, only way I know how to turn off Avast is too right-click the Icon in the toolbar and 'disable' avast sheild control. Normally I choose the 'disable until i restart the computer' option. Is this right?

Holiday Notice! I will not be working on the threads Sat. Dec. 24 or Sunday Dec. 25. I will begin with the oldest threads first on Monday. I will do my best to get you finished or as far along as I can before that. Please do not send a PM during those days.
-----------------------------------
See if this works any better to disable Avast:

• Right-click "Avast Antivirus" icon on the task bar. The task bar is located on the bottom of your screen
• Click "Access Protection Control." Enter the same password that you used when you first installed the program. Click "OK." This will bring you to the scanner window.
• Click "Terminate" to disable Avast Anti-virus protection and email scanning.
• Click "OK" to confirm and save changes

========================================

• Download OTL from either of the links below and save it to your desktop.
  Link 1
  Link 2
  Note 1.: If you cannot run executable file, down OTL from either of the following links:
  http://oldtimer.geekstogo.com/OTL.com
  http://oldtimer.geekstogo.com/OTL.scr
  Note 2: Note: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.
  
  [*]Double click the OTL icon to run it.
  
  
  [*]The opened console will resemble this:
  
  
  [*]Set Output at the top to Minimal Output.
  [*]Check the boxes beside LOP Check and Purity Check.
  [*]Copy the entries in the Codebox below> Paste in the Custom Scan box.
  
  Code:

  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  userinit.exe
  /md5stop
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT

  [*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  Make sure all other windows are closed and to let it run uninterrupted.
  [*]When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
  [*]Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.