Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Attention: cottonball, virus deleted all SD photos

20 Aug 2013   #41
cottonball

Windows 7 Home Premium
 
 

ducat1base,

At this point we are beating a dead horse, and any attempt to continue working with the SD card is futile.

So, please remove the SD card or any USB pen drive from the laptop, and let's work on making sure the laptop is clean. Once that happens, there may be other options in the data recovery area, and someone like jumanji can guide you through it.


So, please press on, close all windows and browsers, and run RogueKiller again.
Right-click and select: Run as Administrator

At the program console, wait for the Prescan to finish. (Under Status, it says: Prescan finished.)

Press: SCAN

When done, a report opens on the Desktop: RKreport.txt

Please provide the new RKreport.txt (Mode: Scan) in your reply.


Next, follow up with Malwarebytes Anti-Malware
Right-click the program and select: Run as Administrator

If an update is found, the program automatically updates itself.
At the program console, on the Scanner tab, and select: Perform Full Scan

Next, click on the Scan button.

When the Malwarebytes scan is completed, click on: Show Results
When presented with a screen showing the malware detected, make sure everything is Checked, and click on: Remove Selected

When removal is completed, a report opens in Notepad.
Please copy/paste the entire contents of the MBAM report in your reply.


Note: If MBAM encounters a file that is difficult to remove, you are asked to reboot the computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) prevents MBAM from removing all the malware.


My System SpecsSystem Spec
.
21 Aug 2013   #42
ducat1base

Windows 7 Home Premium 64bit
 
 

Going to the source sounds good to me. Here's what I have from RKiller..

RKreport[0]_S_08212013_094545.txt

And from MBAM:

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free anti-malware download

Database version: v2013.08.17.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Owner :: OWNER-HP [administrator]

8/21/2013 9:46:24 AM
mbam-log-2013-08-21 (09-46-24).txt

Scan type: Full scan (C:\|D:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 395853
Time elapsed: 1 hour(s), 32 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|2264 (Trojan.Bot.RV) -> Data: C:\PROGRA~3\LOCALS~1\Temp\msqjiol.com -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\ProgramData\Local Settings\Temp\msqjiol.com (Trojan.Bot.RV) -> Quarantined and deleted successfully.
C:\FRST\Quarantine\msuamr.cmd (Trojan.Bot.RV) -> Quarantined and deleted successfully.
C:\Temp\TrustedInstaller.exe (Trojan.Bot.RV) -> Quarantined and deleted successfully.

(end)


My System SpecsSystem Spec
21 Aug 2013   #43
cottonball

Windows 7 Home Premium
 
 

Did you reboot afete running Malwarebytes?

Let's press on with the following...

The Farbar Recovery Scan Tool was updated to deal with this malware and its Registry loading points, which are locked by permissions.

So, since FRST is now in C:, please delete it from there, download a new copy, and save it to the Desktop.

Farbar Recovery Scan Tool Download

Select the version that applies to the system.
Save it to the Desktop!!!!

Double-click the downloaded file to run it.
When the tool opens click Yes to disclaimer.
Press the Scan button.
FWhen done, RST64 makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).

Please provide the FSRT.txt report in your reply.
My System SpecsSystem Spec
.

21 Aug 2013   #44
ducat1base

Windows 7 Home Premium 64bit
 
 

Yes, I rebooted the computer after running MBAM.

I went ahead and deleted FRST and downloaded the new version to the Desktop. Here are the scan results...

FRST.txt

Addition.txt


My System SpecsSystem Spec
21 Aug 2013   #45
jumanji

Windows 7 Home Premium 32 bit
 
 

I still see 1.8GB removable drive J in the Addition.txt.

Haven't you removed all USB drives and SD card as instructed by cottonball?
My System SpecsSystem Spec
21 Aug 2013   #46
cottonball

Windows 7 Home Premium
 
 

This is what we see:

Drive J: () (Removable) (Total:1.83 GB) (Free:1.83 GB) FAT


Make sure any SD card or USB pen drive is not plugged into the laptop.

Next, run RogueKiller once again, and this time press:

When done, please post its new RKreport (Mode: Delete).


There are toolbars and 'stuff' showing that also need to go, but we will deal with those later.
My System SpecsSystem Spec
21 Aug 2013   #47
cottonball

Windows 7 Home Premium
 
 

Was at a place where I could not use my computer. Tablets are not my favorite.


To get rid of toolbars and other 'stuff'...

Download AdwCleaner:

http://www.bleepingcomputer.com/download/adwcleaner/
  • Save the program to the Desktop
  • Close all open programs and internet browsers.
  • Right-click on adwcleaner.exe and select: Run As Administrator
  • At the program console, click on: Delete
  • When the program is done, the computer is rebooted automatically, and a text file opens after the restart.
Please post the AdwCleaner report in your reply.



Also use the Junkware Removal Tool Download
Save to the Desktop.

Make sure you temporarily disable your AntiVirus, Firewall, and any other AntiSpyware applications.
These programs may interfere with the running of JRT.
Info: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides

Right-click JRT.exe and select: Run as Administrator
The tool opens and starts scanning the system. Please be patient as this can take a while...

When done, a report, JRT.txt is saved on the Desktop.

Please post the contents of JRT.txt in your reply.


Last, but not least, please download ComboFix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Save ComboFix.exe to the Desktop

Disable your AntiVirus and AntiSpyware applications as they will interfere with ComboFix.
Info: http://www.techsupportforum.com/secu...lications.html

Double click combofix.exe and follow the prompts.

When finished, it produces a log.

Please include the C:\ComboFix.txt in your reply.


NOTE: If you encounter a message "Illegal operation attempted on registry key that has been marked for deletion" and no programs run, please reboot to resolve the error.
My System SpecsSystem Spec
22 Aug 2013   #48
ducat1base

Windows 7 Home Premium 64bit
 
 

Okay, here are the reports from running the scans...

RKiller (sans SD card)
RKreport[0]_D_08222013_103819.txt

AdWare
AdwCleaner[S0].txt
AdwCleaner[R0].txt

JRT

JRT.txt

ComboFix

ComboFix.txt


Attached Files
File Type: txt RKreport[0]_S_08222013_103753.txt (1.7 KB, 2 views)
My System SpecsSystem Spec
22 Aug 2013   #49
cottonball

Windows 7 Home Premium
 
 

Good!

Let's hope ComboFix took care of some stubborn entries.


Please run RogueKiller once again, and this time press: Scan

When done, please post its new RKreport (Mode: Scan).



Note: Sans SD card ot any other USB pen or external drive!

Let's also get a second check, with Microsoft Safety Scanner.

Download:
http://www.microsoft.com/security/sc...s/default.aspx

Under the Download Now blue button, click: Select your version, which is 32-bit
Save to the Desktop

At the program console, select: Quick Scan
(Depending on whether it finds malware, and what it finds, you may be prompted to run a Full Scan. If so, please do.)

When done, search for the msert.log file, and post its results.
My System SpecsSystem Spec
22 Aug 2013   #50
ducat1base

Windows 7 Home Premium 64bit
 
 

Ah, I just noticed a nub of my mouse's USB. I didn't even notice it until now.

Here's RKiller's report:
RKreport[0]_S_08232013_094336.txt

I scanned the computer using MSS and it came back saying no viruses were found. But I can't seem to locate the msert.log file now. I did a search from the Start menu but the only the only thing it's finding is the .exe file. Am I missing something?


My System SpecsSystem Spec
Reply

 Attention: cottonball, virus deleted all SD photos




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
how to restore deleted photos
I pressed delete but my pictures was highlighted and not the folder i wanted to delete and so deleted everything out of my pictures. So im having a mild panic attack and dont know how to get them back. i have checked the bin but theres only the recent ones which i choose to delete in there. It...
Music, Pictures & Video
ZeroAccess! Attention: cottonball
When I open my Toshiba external, it now shows a shortcut to the external like this: Image - TinyPic - Free Image Hosting, Photo Sharing & Video Hosting It's never done that before. Now, when I click this new shortcut, this pops up: Image - TinyPic - Free Image Hosting, Photo Sharing...
System Security
"Deleted" Facebook photos still not deleted: a followup
"Deleted" Facebook photos still not deleted: a followup Source: "Deleted" Facebook photos still not deleted: a followup What bullshit. This is why there are no photos of me online... ~Lordbob
Chillout Room
Deleted photos still left in WMP?
Hi Concerning deleted photos previously view via Window Media Player. Concise/short background: I've recently bought a new PC (HP Pavilion dv-7 4032), after the setup procedure and the creation of recovery discs etc... I loaded some photos (.jpg) onto the PC (library/pictures). Now...
Music, Pictures & Video


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 16:31.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App