New
#41
here's the report
FRST.txt
also, i believe partition 3 is that of a previous unbuntu installation that i had run alongside windows a while back that had not been deleted after i uninstalled it, so no worries there i hope
i found several restore points in the repair mode, would using one of these work to get rid of the virus? there are several before i started having issues
Need to take a good look at the FRST report. The laptop is a Toshiba, and they have a unique configuration.
In the meantime, do the following:
Please download Malwarebytes Anti-Rootkit:
Malwarebytes : Malwarebytes Anti-Rootkit
Save to the Desktop (easy to find)
Right-click the file and select: Extract here...
Follow ithe Usage instructions on the website from Step 3 to Step 7.
For now, please stop at Step 7.
When the program is done, two reports are created in the mbar folder:
1. system-log.txt
2. mbar-log-2013-02-18 (20-13-32).txt (corresponds to mbar-log-year-month-day (hour-minute-second).txt)
Please provide the mbar-log containing information on what was detected and removed.
On Partition 3...
Toshiba machines have a recovery partition recognized as type 17.
Partition ### Type Size Offset
Partition 3 Primary 15 GB 581 GB
==========================================================
Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No
There is no volume associated with this partition.
This is legit.
should i download it onto a flashdrive from a clean computer and run malwarebytes in safe mode without networking?
Can you do the following...
After you download MBAR to the Desktop and extract it, right-click the mbar folder that is created, and select: Properties
In the General tab, look at location. It should read:
C:\Users\xxxx\Desktop (where xxxx = your name)
Next, right-click the Command Prompt, and select: Run as Administrator
At the blinking prompt of the Command Prompt, copy/paste the following:
C:\Users\xxxx\Desktop\mbar\mbar.exe (where xxxx = your name)
Does this start MBAR for you?
If can't do, reboot, and select the following from the Advanced Boot Options:
Safe mode with command prompt
Try to run it from:
C:\Users\xxxx\Desktop\mbar\mbar.exe (where xxxx = your name)
If still no-go, then use the USB drive, and change the path:
X:\mbar\mbar.exe (where X = letter of the USB drive)
weird, says no malware found
mbar-log-2013-02-18 (19-48-22).txt
im trying again in safe mode with networking so i could update the scanner, will post results
FOUND IT! MagniPic, it didn't even disguise itself as i found it in program files a little earlier but didn't think it was it