New
#1
Trojan:Win32/FakeSysdef - Trojan:DOS/Alureon.E
This computer again:
IE9 32bit context menu fails on W7 Pro 64bit
Here is some of what I know about the box build.
I was asked to cleanup the aftermath of this:
Encyclopedia entry: Trojan:Win32/FakeSysdef - Learn more about malware - Microsoft Malware Protection Center
There were no disk images or system restore points.
(See my rant about MSE's heuristics.) MSE is using default settings - except it is set to update and do a full scan every night. This computer does not sleep. The infection occurred on 01 July. The computer was turned off until I could deal with it.
A manual full scan by MSE found/cleaned this:
A full scan by Malwarebytes came up clean. I then started unhiding or replacing shortcuts and folders in the Start Menu - as well as uninstalling some stuff.
These started showing within minutes of the infection and yet they continue:
Did the infection scramble something on the hard drive?
Chkdsk came out like this:
Code:Checking file system on C: The type of the file system is NTFS. A disk check has been scheduled. Windows will now check the disk. CHKDSK is verifying files (stage 1 of 5)... 114432 file records processed. File verification completed. 173 large file records processed. 0 bad file records processed. 2 EA records processed. 108 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)... 158098 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered. CHKDSK is verifying security descriptors (stage 3 of 5)... 114432 file SDs/SIDs processed. Cleaning up 589 unused index entries from index $SII of file 0x9. Cleaning up 589 unused index entries from index $SDH of file 0x9. Cleaning up 589 unused security descriptors. Security descriptor verification completed. 21834 data files processed. CHKDSK is verifying Usn Journal... 34642016 USN bytes processed. Usn Journal verification completed. CHKDSK is verifying file data (stage 4 of 5)... 114416 files processed. File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 100054981 free clusters processed. Free space verification is complete. CHKDSK discovered free space marked as allocated in the master file table (MFT) bitmap. CHKDSK discovered free space marked as allocated in the volume bitmap. Windows has made corrections to the file system. 488272919 KB total disk space. 87764456 KB in 89229 files. 58584 KB in 21835 indexes. 0 KB in bad sectors. 229951 KB in use by the system. 65536 KB occupied by the log file. 400219928 KB available on disk. 4096 bytes in each allocation unit. 122068229 total allocation units on disk. 100054982 allocation units available on disk. Internal Info: 00 bf 01 00 e0 b1 01 00 5c 1d 03 00 00 00 00 00 ........\....... 4d 42 00 00 6c 00 00 00 00 00 00 00 00 00 00 00 MB..l........... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Windows has finished checking your disk. Please wait while your computer restarts.
Last edited by UsernameIssues; 12 Jul 2012 at 01:50.