New
#11
Hmm well Bill if you are going to post the rootkit scanners I will leave well alone unless I can help with same as I can send a link to five free ones if you like.
John
Error: the application was unable to start correctly (0xc0000005).
-
Posts : 21,004 Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
-
New #12
I wasn't certain if EmsiSoft emergency or Kasperky Rescue would address the issue, so I was waiting on the logs. While I was waiting, I finished the Kaspersky TDSSKiller tutorial.
I'd still like to see the other scan logs, Bitdefender and Malwarebytes, to better understand what they detected and what was repaired or isolated.
See Step 10 in Malwarebytes Anti-Malware Free to find and attach the Malwarebytes log(s)
I'm not sure where Bitdefender writes it's logs, but if you sent them to Bitdefender, then you know where they are
Please run the following and post the logs here on SF for further analysis:
Kaspersky TDSSKiller: Detect / Repair TDSS Rookits
Thanks,
Bill
.
-
-
Posts : 21,004 Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10New #14
Hmm Bill if it needs it there are these which includes TDSS
Best Free Rootkit Scanner and Remover
John
-
New #15
Hi all,
Thank you very much for all the assistance and advice. So far Bit Defender have asked me to run a repair on the AV which I have done. I have updated them on my "Malwarebytes" findings, awaiting their response on that. BD still does not see the Forged Sector issue but Malwarebytes continues to report it on scans - sometime 1,2,3 or even 10 instances of it. Does not seem able to fix it though.
Not sure what a rootkit is but I guess it is bad and I guess this is what I am dealing with. I will post my scan logs here later today (I'm at work now). I will try the suggestions that have been posted here also and revert.
I have warned my son that I may have to reformat his PC and that his backups can't be used (it is on a separate HDD, but in the same PC - not so clever I know) and he is one unhappy camper as he will then lose all his game progress, medals and awards etc. Also worried that this thing can jump to my PC which is on the same ADSL network in my house. Could it jump over on a USB stick? I noticed that my ADSL usage was also unusually high this month - is this perhaps a symptom of this virus?
-
New #16
A reinstall is the surest way to eradicate a Rootkit, wiping the drive first. Many security experts say it is the only way... I trust Kaspersky, but it is not guaranteed.
Personal data backups are probably ok, but no system files... executables are a difficult call ... how do you know what the virus infected? A scan should tell you, but.....
If you decide to re-install, ask questions first.
re: ADSL network - it depends on how your network is setup. Yes it is possible to cross contaminate systems on a network.
re: USB stick - yes viruses might travel on the stick depending on what was transferred and what virus is involved.
Yes abnormally high network usage might indicate virus activity. It could also be normal traffic, albeit a high rate.
You should probably run TDSSKiller, then run Bitdefender full system scan (or the AV program installed on that machine) and Malwarebytes (with options set for complete scanning) on your machine as well.
I have not written OPTION TWO of the Malwarebytes tutorial yet
See the Detection and Protection chapter of https://www.malwarebytes.org/support/guides/mbam/
Tick all detection options and treat non-malware as malware.
-
New #17
Keep in contact with bit defender if your a paying customer. You might just help them find this threat and if its new prevent it from infecting others.
-
New #18
malwarebytes_log.txt
malwarebytes log.txt
Two files from Malwarebytes are attached. Not sure if they tell you anything? The Bit Defender logs were generated using a tool I had to download. They are 6MB in size so I'm not sure if I can upload that here?
KasperskyTDSSKiller downloaded and run as per the instructions here - and found nothing. Now all my desktop icons are missing on the desktop also but they are visible in the Desktop Folder under the user.
I recon I will spend more time trying to resolve this (and always be in some doubt about whether it has really been cleaned). So I am going to go for a full format and re-install.
I appreciate all the help and advice over here but this time the 'kid' that wrote this virus, probably somewhere in Uzbekistan..... wins. I concede defeat.
I will have to be more careful. My son is learning the hard way that you think before you click when online.
Cheers for now guys! Now, off to find the Windows and MB driver CD's....
-
New #19
Here are a few tutorials that explain a pure install of Windows. They also provide a link to official MS Windows ISO downloads.
They both accomplish the same thing a Clean re-install - very clean.
Clean Install Windows 7
Clean Reinstall - Factory OEM Windows 7
A bit more technical, but worth the effort to move user profiles during a windows installation.
User Profiles - Create and Move During Windows 7 Installation
The instructions are in a PDF file so you can download them and read offline.
-
New #20
Things to remember.
1. A infection can travel to anything that was or is connected to the infected computer or hardware.
2. Some security experts believe the only way to be sure a rootkit infection is remove is to do a Clean All Clean Install.
3. If the computer is use in the same fashion as before you will probably just get infected again.
4. The use of torrents is one of the best ways to get infected.
5. THE BIG ONE is replace all the password of any accounts using a know clean computer.
Quote
Related Discussions