MSE Trojan Cleanup Prompt

Page 2 of 3 FirstFirst 123 LastLast

  1. jdizzle921
    Posts : 24
    Windows 7 Professional 64 bit
    Thread Starter
       New #11

    Thank you for the replies everyone. I just woke back up as I was up all night and most of the morning trying to figure this out.

    @kyle- Not a problem.

    It was stupid of me not to take another screenshot of the different pieces of malware that Malwarebytes removed, but I believe at least one, if not all 3 of the 'Trojan' titled ones had 'Alureon' in them. (I could be wrong though, as that may have been the name of the virus I read about last night and the two are mixing around in my memory) Is there some sort of way I can check the deleted log of Malwarebytes to confirm for you guys? SEE EDIT#1 Below

    I'm gonna get started on installing these programs. Would it be a good idea to go ahead and download them all on another computer and use the flash drive/SD card to transfer over to my infected desktop like I did with Malwarebytes? Or is not suggested due to the virus possibly attaching itself to the removable media and then getting into my laptop?

    ================================================================

    Edit: I found the Malwarebytes protection log shown below. I deleted my username for safety's sake, but everything else is there in it's original state.


    2012/06/12 02:13:59 -0400 DESKTOP MESSAGE Starting protection
    2012/06/12 02:14:01 -0400 DESKTOP MESSAGE Protection started successfully
    2012/06/12 02:14:04 -0400 DESKTOP MESSAGE Starting IP protection
    2012/06/12 02:14:05 -0400 DESKTOP MESSAGE IP Protection started successfully
    2012/06/12 02:26:00 -0400 DESKTOP IP-BLOCK 206.161.121.6 (Type: outgoing, Port: 49778, Process: svchost.exe)
    2012/06/12 02:52:50 -0400 DESKTOP IP-BLOCK 206.161.121.6 (Type: outgoing, Port: 50208, Process: svchost.exe)
    2012/06/12 03:14:41 -0400 DESKTOP IP-BLOCK 206.161.121.6 (Type: outgoing, Port: 50281, Process: svchost.exe)
    2012/06/12 03:16:36 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent QUARANTINE
    2012/06/12 03:16:36 -0400 DESKTOP ERROR Quarantine failed: DeleteFile failed with error code 5
    2012/06/12 03:16:44 -0400 DESKTOP IP-BLOCK 206.161.121.6 (Type: outgoing, Port: 50284, Process: svchost.exe)
    2012/06/12 03:19:07 -0400 DESKTOP MESSAGE Starting protection
    2012/06/12 03:19:09 -0400 DESKTOP MESSAGE Protection started successfully
    2012/06/12 03:19:12 -0400 DESKTOP MESSAGE Starting IP protection
    2012/06/12 03:19:13 -0400 DESKTOP MESSAGE IP Protection started successfully
    2012/06/12 03:19:45 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent QUARANTINE
    2012/06/12 03:19:55 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:20:07 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:20:21 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:20:33 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:20:46 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:20:58 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:21:10 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:21:20 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:21:31 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:21:41 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:21:51 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:22:01 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:22:11 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:22:21 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:22:31 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:22:41 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:22:52 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:23:02 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:23:12 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:23:22 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:23:32 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:23:42 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:23:52 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:24:02 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:24:12 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:24:23 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:24:33 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:24:43 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:24:53 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:25:03 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:25:14 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:25:24 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:25:34 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:25:44 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:25:54 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:26:04 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:26:14 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:26:25 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:26:28 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:26:35 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:26:45 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:26:55 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:27:05 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:27:16 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:27:26 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:27:36 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:27:46 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:27:57 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:28:07 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:28:17 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:28:27 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:28:37 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:28:47 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:28:57 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:29:07 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:29:17 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:29:27 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:29:37 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:29:48 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:29:58 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:30:08 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:30:18 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:30:28 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:30:38 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:30:48 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:30:58 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:31:08 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:31:18 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:31:28 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:31:38 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:31:49 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:31:59 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:32:09 -0400 DESKTOP DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:32:19 -0400 DESKTOP (null) DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:32:30 -0400 DESKTOP (null) DETECTION C:\Windows\svchost.exe Trojan.Agent DENY
    2012/06/12 03:36:04 -0400 DESKTOP MESSAGE Starting protection
    2012/06/12 03:36:06 -0400 DESKTOP MESSAGE Protection started successfully
    2012/06/12 03:36:09 -0400 DESKTOP MESSAGE Starting IP protection
    2012/06/12 03:36:10 -0400 DESKTOP MESSAGE IP Protection started successfully
    2012/06/12 03:38:10 -0400 DESKTOP IP-BLOCK 206.161.121.6 (Type: outgoing, Port: 49426, Process: svchost.exe)
    2012/06/12 03:48:42 -0400 DESKTOP MESSAGE Starting protection
    2012/06/12 03:48:44 -0400 DESKTOP MESSAGE Protection started successfully
    2012/06/12 03:48:47 -0400 DESKTOP MESSAGE Starting IP protection
    2012/06/12 03:48:48 -0400 DESKTOP MESSAGE IP Protection started successfully
    2012/06/12 03:52:16 -0400 DESKTOP IP-BLOCK 206.161.121.6 (Type: outgoing, Port: 49569, Process: svchost.exe)
    2012/06/12 03:52:33 -0400 DESKTOP IP-BLOCK 78.41.203.118 (Type: outgoing, Port: 49632, Process: svchost.exe)
    2012/06/12 03:52:41 -0400 DESKTOP IP-BLOCK 78.41.203.118 (Type: outgoing, Port: 49640, Process: svchost.exe)
    2012/06/12 04:01:14 -0400 DESKTOP IP-BLOCK 206.161.121.6 (Type: outgoing, Port: 50132, Process: svchost.exe)
    2012/06/12 14:00:39 -0400 DESKTOP MESSAGE Starting protection
    2012/06/12 14:00:41 -0400 DESKTOP MESSAGE Protection started successfully
    2012/06/12 14:00:44 -0400 DESKTOP MESSAGE Executing scheduled update: Daily
    2012/06/12 14:00:44 -0400 DESKTOP MESSAGE Starting IP protection
    2012/06/12 14:00:45 -0400 DESKTOP MESSAGE IP Protection started successfully
    2012/06/12 14:00:50 -0400 DESKTOP MESSAGE Starting database refresh
    2012/06/12 14:00:50 -0400 DESKTOP MESSAGE Scheduled update executed successfully: database updated from version v2012.06.12.02 to version v2012.06.12.07
    2012/06/12 14:00:50 -0400 DESKTOP MESSAGE Stopping IP protection
    2012/06/12 14:01:39 -0400 DESKTOP MESSAGE IP Protection stopped
    2012/06/12 14:01:41 -0400 DESKTOP MESSAGE Database refreshed successfully
    2012/06/12 14:01:41 -0400 DESKTOP MESSAGE Starting IP protection
    2012/06/12 14:01:41 -0400 DESKTOP MESSAGE IP Protection started successfully
    ===================================================================

    Edit #2: I also just realized that after starting up my computer today I did not receive the same Malwarebytes protection notification like my last uploaded screenshot. (I'm sure the virus is still there though) Also, Flash/YouTube, etc. is still giving me the same problems.
    Last edited by jdizzle921; 12 Jun 2012 at 13:29.
      My Computer
    Quote Quote

  3. kylemiller
    Posts : 12
    Windows 7 home premium 64bit
       New #12

    Good Evening Borg386,

    And thanks for your expert advice in advance. And thanks for having me here on SevenForums. Just wanted to say the link to Hiren BootCD 15.1 has NO downloadable button,link or icon for the software, so that I can attempt the deletion of those partitions that plague my harddrive. The scrolling to the bottom of the page of that, link... Shows the file size (500MB) but no... link to download it.

    A clean install is not out of the question... Only ask if at all possible exhaust every option that may help removing this terrible, vicious, nasty virus first. I performed a data log of MBRcheck and aswMBR... on my thread I posted earlier. Have a look when you get a chance or moment. Let me know what you think, after of course you get "jdizzle921" taken care of first. I do not want to cut line or anything.

    warm regards,

    Kyle.
      My Computer
    Quote Quote

  4. jdizzle921
    Posts : 24
    Windows 7 Professional 64 bit
    Thread Starter
       New #13

    I think at least some progress is being made as it seems each program is finding something new.

    I attached the screenshot of both my ESE and HitmanPro. Both found something, the HitmanPro finding the Alureon trace which has me worried. I just had to wait for the ESET to finish scanning before going forward with Hitman. I'm going to do so right now.


    Quick question for you Borg..

    I have all the programs you suggested dowloaded off my laptop ready to transfer. The TDSSKiller is an online scanner only, and there's nothing I need to download yes?

    Also, for the 'Clean Windows 7 Install', this will completely wipe out my system and erase all the files, programs, etc. I have installed without any way of recovering them, yes?

    Is there any way I'm able to transfer and save some of the files I cannot afford to lose? Or is a complete hard drive wipe the only option?
    ====================================================================


    EDIT #1: Ok, so far I've done..

    ESET Scan: (4 items detected and removed. None were 'Trojan' or 'Alureon')
    HitmanPro: (Numerous 'Tracking Cookies' and trace of 'Alureon' found)

    Both are in the Red/Green looking screenshot.

    TDSS Scan: It revealed that I had an 'Infected MBR'. I chose 'repair' and said that it was successfully removed with no other prompts. It didn't however give me the option to change any parameters though. It just took me into the 'Proceed' step and prompted the restart from there.

    Upon uploading the new screenshots and editing my post, I had the Malwarebytes popup for the first time today warning me the 'Trojan' was trying to communicate again, in which I selected to quarantine it.

    I'm about to go ahead with the Windows Defender as I've got it installed onto a CD/DVD from a clean computer and going to see what it does.
    -------------------------------------------------------------

    Edit #2: I opened and ran Windows Defender from the boot menu and it didn't find anything. I checked the Quarantined. Allowed, and ___ (Forgot the last category) from the History tab and it didn't grab anything bad.
    Attached Thumbnails Attached Thumbnails MSE Trojan Cleanup Prompt-esetandhitmanscan1.png   MSE Trojan Cleanup Prompt-tdssscan1.png   MSE Trojan Cleanup Prompt-malwarepopup1.png  
    Last edited by jdizzle921; 12 Jun 2012 at 15:22.
      My Computer
    Quote Quote

  6. Petey7
    Posts : 2,963
    Windows 7 Professional SP1 64-bit
       New #14

    Different link for Hiren's BootCD: Download Hiren
      My Computer
    Quote Quote

  7. kylemiller
    Posts : 12
    Windows 7 home premium 64bit
       New #15

    Thanks petey7
      My Computer
    Quote Quote

  8. jdizzle921
    Posts : 24
    Windows 7 Professional 64 bit
    Thread Starter
       New #16

    This is going to sound like a stupid question, but once I get the Hiren all downloaded, where do I start?

    Nevermind, I guess my brain is fried. Commencing the CD burn at the moment.
    Attached Thumbnails Attached Thumbnails MSE Trojan Cleanup Prompt-hireninstall1.png  
      My Computer
    Quote Quote

  10. Borg 386
    Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
       New #17

    kylemiller said:
    Just wanted to say the link to Hiren BootCD 15.1 has NO downloadable button,link or icon for the software, so that I can attempt the deletion of those partitions that plague my harddrive. The scrolling to the bottom of the page of that, link... Shows the file size (500MB) but no... link to download it.
    I apologize for that, last time I d/l ed it (not too long ago) that link was still usable...Thank you Petey7 for supplying that.

    For both of you, the best, safest option would be a clean install. Once a PC is compromised at that level, it's not trustworthy anymore.

    You can migrate the files you wish to save to another medium, however it would be best to carefully scan each & every one of them before introducing them back onto a clean system. If you transfer them to a FD, make sure the autorun is disabled, so that it doesn't jump back on your clean system.

    Being that Alureaon creates a cloaked partition, the best thing to do would be to wipe the drive with Darik's Boot and Nuke.

    About DBAN | Darik's Boot And Nuke

    @ jdizzle921 - Right above the Start switch on the L, there should be a "Change Parameters" Green sentence which is what you click on. After running TDSSKiller again with the boxes checked, it got rid of the "leftovers" of the virus. After this, all AV scans showed negative.

    Alureon is notorious for introducing other viruses into the system, so it wouldn't be surprising if you did find lots of malware/viruses. Hence, the reason for a clean install as being the best option.

    @ kylemiller - No prob, I can multitask . If you found a partition that was small (1-3MB) at the end of the HD, that's more then likely the virus. You can try running the tools & see if they can save your PC, however the safest choice is a clean install. Try TDSSKiller with the boxes checked ( "Change Parameters", check the bottom two) and see what it finds. If you need to do a clean install, make sure to scan the files carefully before putting them back on.

    For both of you, you can submit files to VirusTotal, which uses multiple AV engines to scan a file. Be aware that the max file size is 32MB

    https://www.virustotal.com/

    Please post back to let everyone know what the outcome was.
    Last edited by Borg 386; 13 Jun 2012 at 07:06.
      My Computer
    Quote Quote

  11. jdizzle921
    Posts : 24
    Windows 7 Professional 64 bit
    Thread Starter
       New #18

    Thanks Borg. :)

    I've been preparing for that Clean Install by copying down the raw addresses of my Bookmarks and anything else I need via email thus far. I figured I might as well use the time I had while waiting for the scans to complete to prepare for the worst possible scenario.

    I've got several questions about transferring the files though. I hope I don't annoy you with them as I'm guessing some are pretty trivial for those who are very knowledgeable with computers....

    In regards to keeping my files...
    A) When using a flash drive or SD Card to transfer, is there a guide on what I need to do to disable 'autorun' (I believe it is 'Autoplay' for me) for the removable media?
    B) When scanning the files I'd like to keep, is there some sort of guide here on the forum that will help me do that if my files are larger than 32mb? (Large files with multiple music, video, and picture files)
    C) The steps for scanning and re-scanning the files I'd like to keep (Whether I need to scan before transferring or if the scanning program would be corrupted and useless if I used it BEFORE I transfer the files to the clean system)
    D) Also, I've been using my card scanner and a SD card to transfer all the recent AV install files from my laptop to infected desktop, will I still be able to use that reader with the Autoplay disabled? Or should I go out and buy a removable Thumb Drive and use that instead?

    In regards to the Boot n' Nuke..
    A) Can any damage be done to my Hard Drive or any other components in my computer when doing the 'Nuke'? (Sound/Video cards, etc. etc.)


    Also, I haven't finished up with the Hiren yet. Do you think I should just forego that and not waste my time since you mentioned about the system not being 110% trustworthy without doing a complete wipe of everything?
      My Computer
    Quote Quote

  12. kylemiller
    Posts : 12
    Windows 7 home premium 64bit
       New #19

    Good Evening/ Good night


    Solution to Alureon.E has been reached my computer is a 100% back to normal,(THANKS PETEY) I can't say or express enough of how grateful I am to SevenForums and the professionals that perform on this site and come together from around the world. I am thankful you guys are my heros.

    I've done regression testing with Malwarebytes, TDSSkiller, MSE, aswMBR, MBRcheck, and WDO.

    All came back with no detections.

    Solution Reached thanks PETEY you rock. And thank you Borg386. jdizzle thanks you too


    Sincerely

    Kyle Miller
      My Computer
    Quote Quote

  13. Borg 386
    Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
       New #20

    Sorry, had to leave for a bit to get my wife....

    It wouldn't hurt to investigate your system with Hiren's. See if you can locate the partition (Usually at the end of the drive, 1 - 3 MB) and make sure it's deleted.

    The system shouldn't be considered trustworthy, however, you may have cleaned it out. But, there's always a chance that some bit of the virus survived and may cause trouble down the road.

    It's basically your call. If it looks like you got it all & repeated scans from different AV's show that it's clean, then proceed with it if you wish, but keep a watchful eye on everything for some time. If anything suspicious rears it's head, investigate immediately or do the clean install.

    BTW, if you used this PC to do any online banking or sign into any websites, contact the banks & change your passwords from a clean computer.

    A) AutoPlay - Enable or Disable

    B) You'll have to rely on downloaded multiple AV scanners on files larger then 32MB. Standalone AV scanners such as Malwarebytes or SuperAntiSpyware. BTW, SuperAntiSpyware makes a portable scanner that you can d/l on your FD & use from there. AV defs are updated daily, so d/l it only when you need it. Don't use an old version you've had around for a few weeks, it's out of date.

    C) Best bet would be to transfer them to your storage & then scan them from a clean PC. Also, I would keep an eye on your SD card, as the virus may have hopped over to it if you used it prior to starting the disinfection process.

    D) You should be able to use the reader, it simply won't launch, you'll have to R click on your PC icon & it should show up as a removable HD.

    DBAN is just a Hard Drive Eraser, it won't hurt any of your hardware.

    If you believe the virus is gone...Here is a tool you can run which does deep scans, this tool also includes a rootkit scan:

    Norton Power Eraser (You'll need a net connect to use it)

    Norton Power Eraser | Free Tool |Easily remove scamware that traditional virus scanning can

    Because Norton Power Eraser uses aggressive methods to detect threats, there is a risk that it can select some legitimate programs for removal. You should use this tool very carefully. If you accidently remove a legitimate program, you can run Norton Power Eraser to review past repair sessions and undo them.
    Another scanner to consider

    Microsoft Safety Scanner - Antivirus | Remove Spyware, Malware, Viruses Free

    Just be aware you're had a deep seated infection which probably introduced who knows how many viruses to your PC. Scans with multiple AV's are highly recommended.

    BTW, did you re-run TDSSKIller and were you able to access the "Change Parameters" & check the two lower boxes? This should get the remnants of the remaining virus files.
    Last edited by Borg 386; 13 Jun 2012 at 07:12.
      My Computer
    Quote Quote

 
Page 2 of 3 FirstFirst 123 LastLast

  Related Discussions
Hi, I have Window7 Ultimate 64 bit on my system. I use Bitfender as my antivirus software. This morning it informed me that it has found a file infected with a virus called 'Trojan.Generic.2582177' which it cannot clean. I've contacted Bitfender to see if they know what I should do but haven't...
Disk Cleanup
in Performance & Maintenance

I understand what defragment does but I’m not clear about disk cleanup. Can someone please explain? And also, please advise me if this is not the most appropriate discussion for this post.
App Cleanup
in Software

Is there app that will cleanup old windows folders from older installed applications? I found alot of old folders I wanted to clean up Thanks
Registry Cleanup?
in General Discussion

I was wondering what registry cleanup or registry defrag utility people suggest. My main issue is leftover registry entries, and ghost files, left after an uninstall. Any suggestions?
A little help,please.Got this trojan earlier.It disabled MSE,MBAM,Internet,CCleaner,and pretty much anything .exe.Claimed everything was infected...so says whatever fake AV program that came with it.(I wish I could figure out how to use the indention tool here)I had to restart,open task manager...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 22:32.
Find Us