Inactive Win32/Olmarik.TDL4 trojan Win 7 64-bit. From system restore virus. mbr faked

[Tashana]

OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz, Intel64 Family 6 Model 26 Stepping 5
Processor Count: 8
RAM: 6135 Mb
Graphics Card: NVIDIA GeForce GTX 580, 1536 Mb
Hard Drives: C: Total - 125367 MB, Free - 17926 MB; D: Total - 485001 MB, Free - 202038 MB; F: Total - 95385 MB, Free - 51863 MB;
Motherboard: ASUSTeK Computer INC., Rampage II Extreme
Antivirus: Lavasoft Ad-Watch Live! Anti-Virus, Updated and Enabled

I can take hard drive f out if it would help things.


nod32 gives Operating memory - Win32/Olmarik.TDL4 trojan - unable to clean

Customer built pc.
I used to work in a IT dept of a call center but its all self taught. Im not the smartest but I do understand I dont know it all hehe or I wouldn't need help

it all started when wife got a Virus called System restore so I followed the guide at http://www.bleepingcomputer.com/viru...system-restore

started on the 8th but could have been 7th not sure. but my TDSSKiller log was ran on the 8th. I can rerun this if you think I should.

I think I have removed everything with the system restore virus but this part but im not sure.

symptoms
1. on start up iexplore.exe will open and run but on the taskbar I dont see it open or cant never see the page so I close it in task manager. it will run ad's in the background so.
1a. I use peerblock to keep those sites from doin things while I am doin scan's and such so I dont know if this will effect the out come.

2. search's are redirected when clicked.
3. load time of pages has slowed down like the network cant get the page too fast. but opening and closing programs seems to be about the same in speed.
4. nod32 gives Operating memory - Win32/Olmarik.TDL4 trojan - unable to clean
4a. nod32 is the only one out of about 5 that I have ran that see's this file.

I have ran multi virus programs and such superantispyware will show some cookies up each time it scans but I lost the free trail to it last night I think. I have removed AVG and kaspersky trails as I switch from one to the other at this time I do have adaware and nod32 on the pc also maleware bytes still on the pc. I havn't removed superantispyware yet.

I dont know if this will effect the outcome for combofix but I totally over looked where I need to put it on the desktop so I ran it from the firefox download folder it was saved. if this needs to be rescaned from the desktop I can redo this. but I will include that with my post here as I see it needed everywhere I read about it.


will be posting some logs

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[Tashana]

Thanks you for you help but it looks like i fixed it last night when i was up still trying a few things. heres what happened.

Reading more into it and seeing it was inside the MBR i ran the aswmbr.exe and i did a fix mbr then i ran mbrcheck to see if it was still faked and it wasn't so i reran tdsskiller and it actully showed up 5 things this time one give me the option to cure the others i had to pick so i deleted them.. now this is where it got tricky but stuff that i have done before.

I must have messed the MBR up by doin those step's or it could have been something tdss deleted so i would start the pc up and it would not boot at all black screen with a blinking line. so i tryed the win 7 disk to run the bootrec /fixboot and the other options but wouldn't fix it at all. so i went to my pc at the office where i have my copy of Partition manager by easus and created a bootable usb drive but you can only do this with the paid version not the free trail incase others read this.

So i pluged it in and booted to the USB drive and i rebuilt the mbr from there again just to make sure then i had to set the system reserve partition as active applyed the settings and i was all ready to go no tdss comes back clear and nod32 doesn't show anything in the memory running so im running a full scan now. and checkmbr doesn't show faked anymore as well.

After the nod32 i will rescan with malewarebytes to finish testing. If anyone else has this and reads this please confirm your reports when you are getting help because you dont want to have the black screen like i did because the avg.. user will have a hard time figuring it out. because you cant just search for the fix.

since all scans are coming back clean now is there anything left i should do.

 

[Broni]

Very well.
Thanks for posting back