gopu2013,
Please start the computer in Safe Mode and try to run TDSSKiller once again.
Safe Mode:
Also, do you see the option Repair your computer in the Advanced Boot Options menu?
- Restart the computer.
- Tap the F8 key on your keyboard repeatedly until you are presented with the Windows 7 Advanced Boot Options menu
- Select Safe Mode
Don't use that, but just post back if it is there.
Ok well something is holding that up how about trying another there are several in this page (3) go to 3.8 and 15 antirootkits 15 AntiRootkits to Detect and Remove Malware that Uses Rootkit Technology
and I would be inclined to try the Avast and Malwarebytes apps for starters keep in mind I have not tried the Malwarebytes one yet because it has been in beta but there is also Hitman Pro and more in the listings.
If yuo want to wait till one of the others gets back then please do so but I think the Avast is worth a try. If it blocks that then I think we may be for a bit of a spot.
gopu2013,
Also. you can directly download the .exe version of TDSSKiller, and try running it, if the previous attempt did not work:
http://support.kaspersky.com/downloa...tdsskiller.exe
In addition to the above, please download RogueKiller:
Tlcharger RogueKiller (Site Officiel)
When you get to the website, go to where it says:
(Download link) Lien de téléchargement:
Select the version for your system. (32-bit or 64-bit)
Click the dark-blue button to download.
Save to the Desktop.
Close all windows and browsers.
Right-click and select: Run as Administrator
At the program console, wait for the prescan to finish. (Under Status, it says: Prescan finished.)
Press: SCAN
When done, a report opens on the Desktop: RKreport.txt
Please provide the RKreport.txt (Mode: Scan) in your reply.
Last, download Farbar Service Scanner
Save to the Desktop
Please provide the FSS.txt in your reply.
- Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Press: Scan
- FSS creates a log, FSS.txt, on the Desktop.
Forgot you ran RKill.
From what it shows, would not be surprised if you have a RootKit: ZeroAccess
Will await your results for the programs above.
@ICit2lol,
Need to run another tool before getting to those programs, except for TDSSKiller. We cannot control what those programs do, and we need to get a reading of what, exactly, is on the system, first of all. We're shooting blind right now.
Last edited by cottonball; 09 Apr 2013 at 10:46.
I thought we tried that one but seems to be a few refs to it I remember it always being so easy to download and run.
Now although I don't know cottonball but that GMER is on that list too only I don't know quite how to decypher some of it I have used it in the past and it was fairly thorough but the readouts were a bit tough for me to understand. What do you reckon?
@ICit2lol,
GMER is not my choice. There are other programs that are much more User friendly.
Right now, need to seewhat is in that system, before the User runs any other program.
@ CottonBall
yes i see d option "repair ur comp"
in safe mode i downloaded and saved tdsskiller as "test 2" and ran it
it found a suspicious file ... i tuk a screen shot and will attach d pic
i deleted tht suspicious file ltr
then i downloaded and saved rouge killer as "test 3" and ran d file
at 1st i got 2 suspicious entries found in d system
tuk d report
then pressed delete
i got another report and in tht i see its replaced
i gave another scan n delete
got a third report...will upload all d 3 reports
and finally i ran FSS and got a report...will upload tht too
note: (1) all d above 3 programs were run in safe mode and with "run as administrator" option
(2) forgot to tell u guys tht 2 days ago i tried to use system restore option but it dsnt open
gopu2013,
On TDSSKiller...
Please run it once again, and this time, when presented with the TDSS File System entry in Threats Detected, select: Delete
Please post the new TDSSKiller log in your reply.
Need to go out for a while...will get back with you on the rest of the work we need to do.
Next, please download: aswMBR
http://public.avast.com/~gmerek/aswMBR.exe
Save it to the Desktop.
>>Make sure your AntiVirus is temporarily disabled!!<<
For information on how to disable protective programs, refer to this Info:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - BleepingComputer.com
Right-click aswMBR and select: Run as Administrator
When promped with: This Application can use the Avast! Free AntiVirus for scanning...etc.
Select: Yes
The last line of the run in progress will provide the status of the Avast! scan.
It will say: Downloading Avast! virus definitiond database, etc.
When the Avast! scan is done, the last line changes to: Avast Engine definitions #####
At this point, click the Scan button on the lower left of the aswMBR screen.
The last line will now say "Scanning" while it is in progress.
Upon completion of the scan, click >Save log< and save it to the Desktop.
Note: Please do NOT attempt to fix anything!!
Exit the program.
Please post the new aswMBR log in your reply.
Also, notice that another file is created on the Desktop.
It is named MBR.dat.
Please submit MBR.dat for analysis to VirusTotal:
http://www.virustotal.com/
https://www.sevenforums.com/tutorials/277740-online-scanners-scan-suspicious-files-your-pc.html
If you get a message saying: 'File has already been analyzed', click: Reanalyze file
Once scanned, and you see the full results page on your screen, go up to the address bar at the top of the browser, and copy the http:\\etc. address there.
Then, provide the http:\\ address to the results page in your reply.
Are you able to run the Farbar Service Scanner as Administrator, in normal Windows (not in Safe Mode)?
Just a drop-by post
Nothing was deleted in found "adware/foistware" by AdWareCleaner. I would suggest running it again and deleting the crap.
Then repair MS's host file and flush the DNS cache.... looks like there might be a problem with svchost.exe.
Copy and paste these lines in Note pad:
@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0
Save as flush.bat to your desktop.
Double click on the flush.bat file to run it.Vista and Windows 7... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.
Now, follow cottonball's instructions above.
Quote
