New
#11
Looking at the logs you do indeed have a rootkit . Lets wait for Cottonball's further assistance .
You still have Norton installed along with Norton360
BSOD after removing Alureon.a
-
-
New #12
I know, before I told you about the blue screen, I tried to do a system return to yesterday when I knew everything worked. Brought back norton with it.
-
New #13
thenecessity
We could uninstall the programs from the command prompts but lets go with removing the rootkit first . Don't want to step on anyone's toes .
-
New #14
Yeh, no worries about when its done. Guessing though its the alureon one so windows defender offline couldn't actually remove it? It said it did though.
-
-
New #16
thenecessity,
My apology for the delay, crowded restaurant...
Please do the following:
Open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the quote box below (Do not copy the word 'Quote');
Save it on the flash drive that has FRST64 and name it: fixlist.txt
Now, enter System Recovery Options and select the Command Prompt as done before.start
C:\Windows\svchost.exe
TDL4: custom:26000022 <===== ATTENTION!
end
Run FRST64, and press the Fix button, just once, and wait.
The tool creates a report on the flash drive called: Fixlog.txt
Please post the Fixlog.txt in your reply.
Restart the computer.
Now, go to the TDSSKiller Download
Select the .exe version
Double-click on TDSSKiller.exe to run the program.
When the TDSSKiller console opens, click on: Change Parameters
Under Additional Options, place a check in the box next to: Detect TDLFS File System
Click: OK
Press: Start Scan
•If a suspicious object is detected by this program, the default action is Skip. Leave this action as is, and click on: Continue
•If malicious objects are found, they show in the Scan results.
Ensure Cure (the default action) is selected, then click: Continue > Reboot now, to finish the cleaning process.
(Note: If Cure is not available, select Skip, >>Do not select: Delete<<)
When done, the tool creates a log on the disk with the Windows Operating System, normally C:\
Logs have a name like:
C:\TDSSKiller.X.X.X_12.04.2013_15.31.43_log.txt
Also post or attach the TDSSKiller log in your reply.
-
New #17
Alright, quick update, it worked and I am on the infected computer right now. Here is the fixlog. And a question then with it, is that the same thing as the alureon?
Nothing malicious found, only suspicious
-
New #18
TDL4 is known as TDSS or Alureon
FRST:
C:\Windows\svchost.exe ATTENTION ====> Check for partition/boot infection.
svchost.exe: injected component which implements the main payload.
TDL4: custom:26000022 <===== ATTENTION!
TDSSKiller:
\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
Let's press on...
Please run TDSSKiller once again, and this time, when presented with the TDSS File System entry in Threats Detected, select: Delete
When done, attach the new TDSSKiller log in your reply.
Please provide an update on how the computer is working. Any BSODs, are programs running OK?
-
New #19
Here ya go
-
New #20
Please provide an update on how the computer is working. Any BSODs, are programs running OK?
Quote
Related Discussions