Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: MSE Trojan Cleanup Prompt


12 Jun 2012   #11

Windows 7 Professional 64 bit
 
 

Thank you for the replies everyone. I just woke back up as I was up all night and most of the morning trying to figure this out.

@kyle- Not a problem.

It was stupid of me not to take another screenshot of the different pieces of malware that Malwarebytes removed, but I believe at least one, if not all 3 of the 'Trojan' titled ones had 'Alureon' in them. (I could be wrong though, as that may have been the name of the virus I read about last night and the two are mixing around in my memory) Is there some sort of way I can check the deleted log of Malwarebytes to confirm for you guys? SEE EDIT#1 Below

I'm gonna get started on installing these programs. Would it be a good idea to go ahead and download them all on another computer and use the flash drive/SD card to transfer over to my infected desktop like I did with Malwarebytes? Or is not suggested due to the virus possibly attaching itself to the removable media and then getting into my laptop?

================================================================

Edit: I found the Malwarebytes protection log shown below. I deleted my username for safety's sake, but everything else is there in it's original state.


2012/06/12 02:13:59 -0400 DESKTOP MESSAGE Starting protection
2012/06/12 02:14:01 -0400 DESKTOP MESSAGE Protection started successfully
2012/06/12 02:14:04 -0400 DESKTOP MESSAGE Starting IP protection
2012/06/12 02:14:05 -0400 DESKTOP MESSAGE IP Protection started successfully
2012/06/12 02:26:00 -0400 DESKTOP IP-BLOCK 206.161.121.6 (Type: outgoing, Port: 49778, Process: svchost.exe)
2012/06/12 02:52:50 -0400 DESKTOP IP-BLOCK 206.161.121.6 (Type: outgoing, Port: 50208, Process: svchost.exe)
2012/06/12 03:14:41 -0400 DESKTOP IP-BLOCK 206.161.121.6 (Type: outgoing, Port: 50281, Process: svchost.exe)
2012/06/12 03:16:36 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent QUARANTINE
2012/06/12 03:16:36 -0400 DESKTOP ERROR Quarantine failed: DeleteFile failed with error code 5
2012/06/12 03:16:44 -0400 DESKTOP IP-BLOCK 206.161.121.6 (Type: outgoing, Port: 50284, Process: svchost.exe)
2012/06/12 03:19:07 -0400 DESKTOP MESSAGE Starting protection
2012/06/12 03:19:09 -0400 DESKTOP MESSAGE Protection started successfully
2012/06/12 03:19:12 -0400 DESKTOP MESSAGE Starting IP protection
2012/06/12 03:19:13 -0400 DESKTOP MESSAGE IP Protection started successfully
2012/06/12 03:19:45 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent QUARANTINE
2012/06/12 03:19:55 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:20:07 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:20:21 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:20:33 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:20:46 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:20:58 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:21:10 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:21:20 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:21:31 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:21:41 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:21:51 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:22:01 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:22:11 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:22:21 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:22:31 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:22:41 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:22:52 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:23:02 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:23:12 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:23:22 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:23:32 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:23:42 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:23:52 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:24:02 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:24:12 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:24:23 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:24:33 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:24:43 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:24:53 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:25:03 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:25:14 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:25:24 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:25:34 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:25:44 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:25:54 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:26:04 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:26:14 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:26:25 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:26:28 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:26:35 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:26:45 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:26:55 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:27:05 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:27:16 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:27:26 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:27:36 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:27:46 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:27:57 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:28:07 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:28:17 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:28:27 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:28:37 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:28:47 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:28:57 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:29:07 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:29:17 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:29:27 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:29:37 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:29:48 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:29:58 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:30:08 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:30:18 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:30:28 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:30:38 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:30:48 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:30:58 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:31:08 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:31:18 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:31:28 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:31:38 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:31:49 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:31:59 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:32:09 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:32:19 -0400 DESKTOP (null) DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:32:30 -0400 DESKTOP (null) DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
2012/06/12 03:36:04 -0400 DESKTOP MESSAGE Starting protection
2012/06/12 03:36:06 -0400 DESKTOP MESSAGE Protection started successfully
2012/06/12 03:36:09 -0400 DESKTOP MESSAGE Starting IP protection
2012/06/12 03:36:10 -0400 DESKTOP MESSAGE IP Protection started successfully
2012/06/12 03:38:10 -0400 DESKTOP IP-BLOCK 206.161.121.6 (Type: outgoing, Port: 49426, Process: svchost.exe)
2012/06/12 03:48:42 -0400 DESKTOP MESSAGE Starting protection
2012/06/12 03:48:44 -0400 DESKTOP MESSAGE Protection started successfully
2012/06/12 03:48:47 -0400 DESKTOP MESSAGE Starting IP protection
2012/06/12 03:48:48 -0400 DESKTOP MESSAGE IP Protection started successfully
2012/06/12 03:52:16 -0400 DESKTOP IP-BLOCK 206.161.121.6 (Type: outgoing, Port: 49569, Process: svchost.exe)
2012/06/12 03:52:33 -0400 DESKTOP IP-BLOCK 78.41.203.118 (Type: outgoing, Port: 49632, Process: svchost.exe)
2012/06/12 03:52:41 -0400 DESKTOP IP-BLOCK 78.41.203.118 (Type: outgoing, Port: 49640, Process: svchost.exe)
2012/06/12 04:01:14 -0400 DESKTOP IP-BLOCK 206.161.121.6 (Type: outgoing, Port: 50132, Process: svchost.exe)
2012/06/12 14:00:39 -0400 DESKTOP MESSAGE Starting protection
2012/06/12 14:00:41 -0400 DESKTOP MESSAGE Protection started successfully
2012/06/12 14:00:44 -0400 DESKTOP MESSAGE Executing scheduled update: Daily
2012/06/12 14:00:44 -0400 DESKTOP MESSAGE Starting IP protection
2012/06/12 14:00:45 -0400 DESKTOP MESSAGE IP Protection started successfully
2012/06/12 14:00:50 -0400 DESKTOP MESSAGE Starting database refresh
2012/06/12 14:00:50 -0400 DESKTOP MESSAGE Scheduled update executed successfully: database updated from version v2012.06.12.02 to version v2012.06.12.07
2012/06/12 14:00:50 -0400 DESKTOP MESSAGE Stopping IP protection
2012/06/12 14:01:39 -0400 DESKTOP MESSAGE IP Protection stopped
2012/06/12 14:01:41 -0400 DESKTOP MESSAGE Database refreshed successfully
2012/06/12 14:01:41 -0400 DESKTOP MESSAGE Starting IP protection
2012/06/12 14:01:41 -0400 DESKTOP MESSAGE IP Protection started successfully
===================================================================

Edit #2: I also just realized that after starting up my computer today I did not receive the same Malwarebytes protection notification like my last uploaded screenshot. (I'm sure the virus is still there though) Also, Flash/YouTube, etc. is still giving me the same problems.

My System SpecsSystem Spec
.

12 Jun 2012   #12

Windows 7 home premium 64bit
 
 

Good Evening Borg386,

And thanks for your expert advice in advance. And thanks for having me here on SevenForums. Just wanted to say the link to Hiren BootCD 15.1 has NO downloadable button,link or icon for the software, so that I can attempt the deletion of those partitions that plague my harddrive. The scrolling to the bottom of the page of that, link... Shows the file size (500MB) but no... link to download it.

A clean install is not out of the question... Only ask if at all possible exhaust every option that may help removing this terrible, vicious, nasty virus first. I performed a data log of MBRcheck and aswMBR... on my thread I posted earlier. Have a look when you get a chance or moment. Let me know what you think, after of course you get "jdizzle921" taken care of first. I do not want to cut line or anything.

warm regards,

Kyle.
My System SpecsSystem Spec
12 Jun 2012   #13

Windows 7 Professional 64 bit
 
 

I think at least some progress is being made as it seems each program is finding something new.

I attached the screenshot of both my ESE and HitmanPro. Both found something, the HitmanPro finding the Alureon trace which has me worried. I just had to wait for the ESET to finish scanning before going forward with Hitman. I'm going to do so right now.


Quick question for you Borg..

I have all the programs you suggested dowloaded off my laptop ready to transfer. The TDSSKiller is an online scanner only, and there's nothing I need to download yes?

Also, for the 'Clean Windows 7 Install', this will completely wipe out my system and erase all the files, programs, etc. I have installed without any way of recovering them, yes?

Is there any way I'm able to transfer and save some of the files I cannot afford to lose? Or is a complete hard drive wipe the only option?
====================================================================


EDIT #1: Ok, so far I've done..

ESET Scan: (4 items detected and removed. None were 'Trojan' or 'Alureon')
HitmanPro: (Numerous 'Tracking Cookies' and trace of 'Alureon' found)

Both are in the Red/Green looking screenshot.

TDSS Scan: It revealed that I had an 'Infected MBR'. I chose 'repair' and said that it was successfully removed with no other prompts. It didn't however give me the option to change any parameters though. It just took me into the 'Proceed' step and prompted the restart from there.

Upon uploading the new screenshots and editing my post, I had the Malwarebytes popup for the first time today warning me the 'Trojan' was trying to communicate again, in which I selected to quarantine it.

I'm about to go ahead with the Windows Defender as I've got it installed onto a CD/DVD from a clean computer and going to see what it does.
-------------------------------------------------------------

Edit #2: I opened and ran Windows Defender from the boot menu and it didn't find anything. I checked the Quarantined. Allowed, and ___ (Forgot the last category) from the History tab and it didn't grab anything bad.


Attached Thumbnails
MSE Trojan Cleanup Prompt-esetandhitmanscan1.png   MSE Trojan Cleanup Prompt-malwarepopup1.png  
Attached Images
 
My System SpecsSystem Spec
.


12 Jun 2012   #14

Windows 7 Professional SP1 64-bit
 
 

Different link for Hiren's BootCD: Download Hiren
My System SpecsSystem Spec
12 Jun 2012   #15

Windows 7 home premium 64bit
 
 

Thanks petey7
My System SpecsSystem Spec
12 Jun 2012   #16

Windows 7 Professional 64 bit
 
 

This is going to sound like a stupid question, but once I get the Hiren all downloaded, where do I start?

Nevermind, I guess my brain is fried. Commencing the CD burn at the moment.


Attached Thumbnails
MSE Trojan Cleanup Prompt-hireninstall1.png  
My System SpecsSystem Spec
12 Jun 2012   #17

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

Quote   Quote: Originally Posted by kylemiller View Post
Just wanted to say the link to Hiren BootCD 15.1 has NO downloadable button,link or icon for the software, so that I can attempt the deletion of those partitions that plague my harddrive. The scrolling to the bottom of the page of that, link... Shows the file size (500MB) but no... link to download it.
I apologize for that, last time I d/l ed it (not too long ago) that link was still usable...Thank you Petey7 for supplying that.

For both of you, the best, safest option would be a clean install. Once a PC is compromised at that level, it's not trustworthy anymore.

You can migrate the files you wish to save to another medium, however it would be best to carefully scan each & every one of them before introducing them back onto a clean system. If you transfer them to a FD, make sure the autorun is disabled, so that it doesn't jump back on your clean system.

Being that Alureaon creates a cloaked partition, the best thing to do would be to wipe the drive with Darik's Boot and Nuke.

About DBAN | Darik's Boot And Nuke

@ jdizzle921 - Right above the Start switch on the L, there should be a "Change Parameters" Green sentence which is what you click on. After running TDSSKiller again with the boxes checked, it got rid of the "leftovers" of the virus. After this, all AV scans showed negative.

Alureon is notorious for introducing other viruses into the system, so it wouldn't be surprising if you did find lots of malware/viruses. Hence, the reason for a clean install as being the best option.

@ kylemiller - No prob, I can multitask . If you found a partition that was small (1-3MB) at the end of the HD, that's more then likely the virus. You can try running the tools & see if they can save your PC, however the safest choice is a clean install. Try TDSSKiller with the boxes checked ( "Change Parameters", check the bottom two) and see what it finds. If you need to do a clean install, make sure to scan the files carefully before putting them back on.

For both of you, you can submit files to VirusTotal, which uses multiple AV engines to scan a file. Be aware that the max file size is 32MB

https://www.virustotal.com/

Please post back to let everyone know what the outcome was.
My System SpecsSystem Spec
12 Jun 2012   #18

Windows 7 Professional 64 bit
 
 

Thanks Borg.

I've been preparing for that Clean Install by copying down the raw addresses of my Bookmarks and anything else I need via email thus far. I figured I might as well use the time I had while waiting for the scans to complete to prepare for the worst possible scenario.

I've got several questions about transferring the files though. I hope I don't annoy you with them as I'm guessing some are pretty trivial for those who are very knowledgeable with computers....

In regards to keeping my files...
A) When using a flash drive or SD Card to transfer, is there a guide on what I need to do to disable 'autorun' (I believe it is 'Autoplay' for me) for the removable media?
B) When scanning the files I'd like to keep, is there some sort of guide here on the forum that will help me do that if my files are larger than 32mb? (Large files with multiple music, video, and picture files)
C) The steps for scanning and re-scanning the files I'd like to keep (Whether I need to scan before transferring or if the scanning program would be corrupted and useless if I used it BEFORE I transfer the files to the clean system)
D) Also, I've been using my card scanner and a SD card to transfer all the recent AV install files from my laptop to infected desktop, will I still be able to use that reader with the Autoplay disabled? Or should I go out and buy a removable Thumb Drive and use that instead?

In regards to the Boot n' Nuke..
A) Can any damage be done to my Hard Drive or any other components in my computer when doing the 'Nuke'? (Sound/Video cards, etc. etc.)


Also, I haven't finished up with the Hiren yet. Do you think I should just forego that and not waste my time since you mentioned about the system not being 110% trustworthy without doing a complete wipe of everything?
My System SpecsSystem Spec
12 Jun 2012   #19

Windows 7 home premium 64bit
 
 

Good Evening/ Good night


Solution to Alureon.E has been reached my computer is a 100% back to normal,(THANKS PETEY) I can't say or express enough of how grateful I am to SevenForums and the professionals that perform on this site and come together from around the world. I am thankful you guys are my heros.

I've done regression testing with Malwarebytes, TDSSkiller, MSE, aswMBR, MBRcheck, and WDO.

All came back with no detections.

Solution Reached thanks PETEY you rock. And thank you Borg386. jdizzle thanks you too


Sincerely

Kyle Miller
My System SpecsSystem Spec
12 Jun 2012   #20

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

Sorry, had to leave for a bit to get my wife....

It wouldn't hurt to investigate your system with Hiren's. See if you can locate the partition (Usually at the end of the drive, 1 - 3 MB) and make sure it's deleted.

The system shouldn't be considered trustworthy, however, you may have cleaned it out. But, there's always a chance that some bit of the virus survived and may cause trouble down the road.

It's basically your call. If it looks like you got it all & repeated scans from different AV's show that it's clean, then proceed with it if you wish, but keep a watchful eye on everything for some time. If anything suspicious rears it's head, investigate immediately or do the clean install.

BTW, if you used this PC to do any online banking or sign into any websites, contact the banks & change your passwords from a clean computer.

A) AutoPlay - Enable or Disable

B) You'll have to rely on downloaded multiple AV scanners on files larger then 32MB. Standalone AV scanners such as Malwarebytes or SuperAntiSpyware. BTW, SuperAntiSpyware makes a portable scanner that you can d/l on your FD & use from there. AV defs are updated daily, so d/l it only when you need it. Don't use an old version you've had around for a few weeks, it's out of date.

C) Best bet would be to transfer them to your storage & then scan them from a clean PC. Also, I would keep an eye on your SD card, as the virus may have hopped over to it if you used it prior to starting the disinfection process.

D) You should be able to use the reader, it simply won't launch, you'll have to R click on your PC icon & it should show up as a removable HD.

DBAN is just a Hard Drive Eraser, it won't hurt any of your hardware.

If you believe the virus is gone...Here is a tool you can run which does deep scans, this tool also includes a rootkit scan:

Norton Power Eraser (You'll need a net connect to use it)

Norton Power Eraser | Free Tool |Easily remove scamware that traditional virus scanning can

Quote:
Because Norton Power Eraser uses aggressive methods to detect threats, there is a risk that it can select some legitimate programs for removal. You should use this tool very carefully. If you accidently remove a legitimate program, you can run Norton Power Eraser to review past repair sessions and undo them.
Another scanner to consider

Microsoft Safety Scanner - Antivirus | Remove Spyware, Malware, Viruses Free

Just be aware you're had a deep seated infection which probably introduced who knows how many viruses to your PC. Scans with multiple AV's are highly recommended.

BTW, did you re-run TDSSKIller and were you able to access the "Change Parameters" & check the two lower boxes? This should get the remnants of the remaining virus files.
My System SpecsSystem Spec
Reply

 MSE Trojan Cleanup Prompt




Thread Tools



Similar help and support threads for2: MSE Trojan Cleanup Prompt
Thread Forum
Registry Cleanup? General Discussion
disk cleanup? Performance & Maintenance
Trojan:Win32/FakeSpypro & Trojan:JS/FakeSpypro System Security
Disk Cleanup Performance & Maintenance

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:45 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33