Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Attention: cottonball, virus deleted all SD photos

24 Aug 2013   #61
ducat1base

Windows 7 Home Premium 64bit
 
 

All right, gang, this is what I'm getting running all of the programs offline.

Temp files before deletion:
Attention: cottonball, virus deleted all SD photos-temp.jpg

RKiller report:

RKreport[0]_S_08242013_194450.txt (Scan)
RKreport[0]_D_08242013_194457.txt (Delete)

FRST report:
FRST.txt

MiniReg report:
Result.txt

@cottonball and @jumanji, I'll be heading to a place this weekend where I'll have access to a different computer. If there's anything you think I should do offline with the one infected while using the internet with another, then please send it along and I'll take the infected comp with me.




My System SpecsSystem Spec
.
24 Aug 2013   #62
ducat1base

Windows 7 Home Premium 64bit
 
 

Quote   Quote: Originally Posted by cottonball;2508671[COLOR=indigo

A colleague has successfully removed a version of this malware, but this one has some different traits. Aren't we lucky?
So lucky! I feel so honored to be infected.
My System SpecsSystem Spec
24 Aug 2013   #63
jumanji

Windows 7 Home Premium 32 bit
 
 

Regarding the deletion of temp files:

Well, it seems that that is not the location where your malicious *.com resides and runs.

I just googled C:\PROGRA~3\LOCALS~1\Temp\ and there are lots of different *.com reported in that location. I did not read through any of it for it all seems to be Greek and Latin to me . I request cottonball and others who have a flair for malware to have a look at it and see whether that throws any light.

Over to you malware experts.
My System SpecsSystem Spec
.

24 Aug 2013   #64
cottonball

Windows 7 Home Premium
 
 

ducat1base:

Please do the following, and, in this sequence:

First, once again, please run Malwarebytes Anti-Malware
Right-click the program and select: Run as Administrator
If an update is found, the program automatically updates itself.
At the program console, on the Scanner tab, and select: Perform Quick Scan
Next, click on the Scan button.

When the Malwarebytes scan is completed, click on: Show Results
When presented with a screen showing the malware detected, make sure everything is Checked, and click on: Remove Selected

When removal is completed, a report opens in Notepad.
Please copy/paste the entire contents of the MBAM report in your reply.

Second, restart the computer if MBAM did not request for you to do so!

Third, download: Malwarebytes : Malwarebytes Anti-Rootkit
Save to the Desktop
Right-click the file and select: Extract here...
Follow the Usage instructions, but, please stop at Step 5:

Quote:
Usage
1.Download Malwarebytes Anti-Rootkit from the link to the right.
2.Run the file and follow the onscreen instructions to extract it to a location of your choosing (your desktop by default).
3.Malwarebytes Anti-Rootkit will then open, follow the instructions in the wizard to update and allow the program to scan your computer for threats.
4.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
5.Wait while the system shuts down and the cleanup process is performed.
When the program is done, two reports are created in the mbar folder:
1. system-log.txt
2. mbar-log-2013-08-24 (20-13-32).txt (corresponds to mbar-log-year-month-day (hour-minute-second).txt)

Please provide the mbar-log and the system-log.txt in your reply.


Fourth, run Malwarebytes Anti-Malware one last time.
Right-click the program and select: Run as Administrator
At the program console, on the Scanner tab, and select: Perform Quick Scan
Next, click on the Scan button.

When the Malwarebytes scan is completed, click on: Show Results
When presented with a screen showing the malware detected, make sure everything is Checked, and click on: Remove Selected

When removal is completed, a report opens in Notepad.
Please provide the new MBAM report in your reply.

Bottom line, please provide the first MB Anti-malware report, the MB Anti-rootkit report, and, the last run of MB Anti-malware report.
My System SpecsSystem Spec
24 Aug 2013   #65
jumanji

Windows 7 Home Premium 32 bit
 
 

OK, on what you can do if a clean PC is available:

You can at best check whether any data is still there on your SD card.

All the operations below including the creation of bootable Puppy Linux pendrive to be done on your friend's clean PC.

If your friend has a clean pen drive let him back up all data on it elsewhere and lend it to you .

You can create a bootable Linux Live pen drive, boot from it and check your SD Card.

Download the latest version of Lucid Puppy (Ubuntu-Compatible Build) ISO 5.2.8 from Download latest Puppy Linux release

Create your bootable pen drive with that ISO using Rufus Rufus - Create bootable USB drives the easy way (This process will format the pen drive and all data in it will be lost. That is why backup the data on the pen drive elsewhere before doing this.)

Using the one time boot menu on the computer check and confirm that you can boot into Lucid Puppy from the pen drive. This is important. Familiarise yourself.

If everything is OK, shut down the computer, plugin your SD card and boot into Linux puppy. ( Exercise caution. If by mistake or oversight you miss booting from the onetime boot menu and allow the PC to boot into Windows with the SD Card plugged in , your friend's PC may get infected. That is why the bold matter above. )

On how to see the data on your SD Card and how to copy it - if your data is still there and found -

Lucid Puppy way to recover files from a non-bootable computer

(Here we are bypassing Windows on your friend's PC, as if it is non-bootable so as not to infect his PC and trying to read your SD Card with Linux - not his HDD. . If you do not find your data , bad luck. You can format your SD card with Linux and clean it up. Explore the programs in Linux. I think you will find Gparted there with which to format. Again exercise caution. Do not format your friend's HDD and incur his wrath.)
My System SpecsSystem Spec
24 Aug 2013   #66
cottonball

Windows 7 Home Premium
 
 

dicat1base,

Now you have two opportunities...you clean your laptop, and/or you check whether there is any data on your SD card.

Have done some additional research and the one-two punch, in succession, using MBAM and MBAR removed the Registry loading points. Hopefully, that will also be the end result for your case.
My System SpecsSystem Spec
25 Aug 2013   #67
cottonball

Windows 7 Home Premium
 
 

ducat1base,

Attention!! Update!!

Please hold off on the instructions on Post #64. <<---

The Farbar Recovery Scan Tool (FRST) is updated once again to deal with this infection.

Please remove your copy of FRST, and get a new one:
Farbar Recovery Scan Tool Download

Save to the Desktop.

Double-click the downloaded file to run it.
When the tool opens click Yes to disclaimer.
Press the Scan button.

When done, FRST64 makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).

Please provide the new FSRT.txt report in your reply.
.
My System SpecsSystem Spec
26 Aug 2013   #68
ducat1base

Windows 7 Home Premium 64bit
 
 

Caught me just in time. FRST's scan:

FRST.txt


My System SpecsSystem Spec
26 Aug 2013   #69
cottonball

Windows 7 Home Premium
 
 

Let's hope we can make some headway today...

Please open Notepad once again (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below to Notepad:
Save it on the Desktop, and name it: fixlist.txt

Code:
 
HKLM\...\Policies\Explorer\Run: [2264] C:\PROGRA~3\LOCALS~1\Temp\msqjiol.com No File
Run FRST, and press the Fix button, just once, and wait.
The tool creates a report on the Desktop called: Fixlog.txt

Please post the Fixlog.txt in your reply.

Need to take a look at these results, and then, we can roll...
My System SpecsSystem Spec
26 Aug 2013   #70
ducat1base

Windows 7 Home Premium 64bit
 
 

Does "Values deleted successfully" mean we got it?

Fixlog.txt

@jumanji, stayed tuned, will check and see if my images are visible...


My System SpecsSystem Spec
Reply

 Attention: cottonball, virus deleted all SD photos




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
how to restore deleted photos
I pressed delete but my pictures was highlighted and not the folder i wanted to delete and so deleted everything out of my pictures. So im having a mild panic attack and dont know how to get them back. i have checked the bin but theres only the recent ones which i choose to delete in there. It...
Music, Pictures & Video
ZeroAccess! Attention: cottonball
When I open my Toshiba external, it now shows a shortcut to the external like this: Image - TinyPic - Free Image Hosting, Photo Sharing & Video Hosting It's never done that before. Now, when I click this new shortcut, this pops up: Image - TinyPic - Free Image Hosting, Photo Sharing...
System Security
"Deleted" Facebook photos still not deleted: a followup
"Deleted" Facebook photos still not deleted: a followup Source: "Deleted" Facebook photos still not deleted: a followup What bullshit. This is why there are no photos of me online... ~Lordbob
Chillout Room
Deleted photos still left in WMP?
Hi Concerning deleted photos previously view via Window Media Player. Concise/short background: I've recently bought a new PC (HP Pavilion dv-7 4032), after the setup procedure and the creation of recovery discs etc... I loaded some photos (.jpg) onto the PC (library/pictures). Now...
Music, Pictures & Video


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 17:10.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App