Attention: cottonball, virus deleted all SD photos

Page 7 of 10 FirstFirst ... 56789 ... LastLast

  1. Posts : 48
    Windows 7 Home Premium 64bit
    Thread Starter
       #61

    All right, gang, this is what I'm getting running all of the programs offline.

    Temp files before deletion:
    Attention: cottonball, virus deleted all SD photos-temp.jpg

    RKiller report:

    RKreport[0]_S_08242013_194450.txt (Scan)
    RKreport[0]_D_08242013_194457.txt (Delete)

    FRST report:
    FRST.txt

    MiniReg report:
    Result.txt

    @cottonball and @jumanji, I'll be heading to a place this weekend where I'll have access to a different computer. If there's anything you think I should do offline with the one infected while using the internet with another, then please send it along and I'll take the infected comp with me.
      My Computer


  2. Posts : 48
    Windows 7 Home Premium 64bit
    Thread Starter
       #62

    cottonball;2508671[COLOR=indigo said:

    A colleague has successfully removed a version of this malware, but this one has some different traits. Aren't we lucky?
    So lucky! I feel so honored to be infected.
      My Computer


  3. Posts : 7,055
    Windows 7 Home Premium 32 bit
       #63

    Regarding the deletion of temp files:

    Well, it seems that that is not the location where your malicious *.com resides and runs.

    I just googled C:\PROGRA~3\LOCALS~1\Temp\ and there are lots of different *.com reported in that location. I did not read through any of it for it all seems to be Greek and Latin to me :). I request cottonball and others who have a flair for malware to have a look at it and see whether that throws any light.

    Over to you malware experts.
      My Computer


  4. Posts : 2,470
    Windows 7 Home Premium
       #64

    ducat1base:

    Please do the following, and, in this sequence:

    First, once again, please run Malwarebytes Anti-Malware
    Right-click the program and select: Run as Administrator
    If an update is found, the program automatically updates itself.
    At the program console, on the Scanner tab, and select: Perform Quick Scan
    Next, click on the Scan button.

    When the Malwarebytes scan is completed, click on: Show Results
    When presented with a screen showing the malware detected, make sure everything is Checked, and click on: Remove Selected

    When removal is completed, a report opens in Notepad.
    Please copy/paste the entire contents of the MBAM report in your reply.

    Second, restart the computer if MBAM did not request for you to do so!

    Third, download: Malwarebytes : Malwarebytes Anti-Rootkit
    Save to the Desktop
    Right-click the file and select: Extract here...
    Follow the Usage instructions, but, please stop at Step 5:

    Usage
    1.Download Malwarebytes Anti-Rootkit from the link to the right.
    2.Run the file and follow the onscreen instructions to extract it to a location of your choosing (your desktop by default).
    3.Malwarebytes Anti-Rootkit will then open, follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    4.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    5.Wait while the system shuts down and the cleanup process is performed.
    When the program is done, two reports are created in the mbar folder:
    1. system-log.txt
    2. mbar-log-2013-08-24 (20-13-32).txt (corresponds to mbar-log-year-month-day (hour-minute-second).txt)

    Please provide the mbar-log and the system-log.txt in your reply.


    Fourth, run Malwarebytes Anti-Malware one last time.
    Right-click the program and select: Run as Administrator
    At the program console, on the Scanner tab, and select: Perform Quick Scan
    Next, click on the Scan button.

    When the Malwarebytes scan is completed, click on: Show Results
    When presented with a screen showing the malware detected, make sure everything is Checked, and click on: Remove Selected

    When removal is completed, a report opens in Notepad.
    Please provide the new MBAM report in your reply.

    Bottom line, please provide the first MB Anti-malware report, the MB Anti-rootkit report, and, the last run of MB Anti-malware report.
      My Computer


  5. Posts : 7,055
    Windows 7 Home Premium 32 bit
       #65

    OK, on what you can do if a clean PC is available:

    You can at best check whether any data is still there on your SD card.

    All the operations below including the creation of bootable Puppy Linux pendrive to be done on your friend's clean PC.

    If your friend has a clean pen drive let him back up all data on it elsewhere and lend it to you .

    You can create a bootable Linux Live pen drive, boot from it and check your SD Card.

    Download the latest version of Lucid Puppy (Ubuntu-Compatible Build) ISO 5.2.8 from Download latest Puppy Linux release

    Create your bootable pen drive with that ISO using Rufus Rufus - Create bootable USB drives the easy way (This process will format the pen drive and all data in it will be lost. That is why backup the data on the pen drive elsewhere before doing this.)

    Using the one time boot menu on the computer check and confirm that you can boot into Lucid Puppy from the pen drive. This is important. Familiarise yourself.

    If everything is OK, shut down the computer, plugin your SD card and boot into Linux puppy. ( Exercise caution. If by mistake or oversight you miss booting from the onetime boot menu and allow the PC to boot into Windows with the SD Card plugged in , your friend's PC may get infected. That is why the bold matter above.:) )

    On how to see the data on your SD Card and how to copy it - if your data is still there and found -

    Lucid Puppy way to recover files from a non-bootable computer

    (Here we are bypassing Windows on your friend's PC, as if it is non-bootable so as not to infect his PC and trying to read your SD Card with Linux - not his HDD.:) . If you do not find your data , bad luck. You can format your SD card with Linux and clean it up. Explore the programs in Linux. I think you will find Gparted there with which to format. Again exercise caution. Do not format your friend's HDD and incur his wrath.)
    Last edited by jumanji; 24 Aug 2013 at 21:55. Reason: minor corrections.
      My Computer


  6. Posts : 2,470
    Windows 7 Home Premium
       #66

    dicat1base,

    Now you have two opportunities...you clean your laptop, and/or you check whether there is any data on your SD card.

    Have done some additional research and the one-two punch, in succession, using MBAM and MBAR removed the Registry loading points. Hopefully, that will also be the end result for your case.
      My Computer


  7. Posts : 2,470
    Windows 7 Home Premium
       #67

    ducat1base,

    Attention!! Update!!

    Please hold off on the instructions on Post #64. <<---

    The Farbar Recovery Scan Tool (FRST) is updated once again to deal with this infection.

    Please remove your copy of FRST, and get a new one:
    Farbar Recovery Scan Tool Download

    Save to the Desktop.

    Double-click the downloaded file to run it.
    When the tool opens click Yes to disclaimer.
    Press the Scan button.

    When done, FRST64 makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).

    Please provide the new FSRT.txt report in your reply.
    .
      My Computer


  8. Posts : 48
    Windows 7 Home Premium 64bit
    Thread Starter
       #68

    Caught me just in time. FRST's scan:

    FRST.txt
      My Computer


  9. Posts : 2,470
    Windows 7 Home Premium
       #69

    Let's hope we can make some headway today...

    Please open Notepad once again (Start > All Programs > Accessories > Notepad)
    Copy the entire contents of the code box below to Notepad:
    Save it on the Desktop, and name it: fixlist.txt

    Code:
     
    HKLM\...\Policies\Explorer\Run: [2264] C:\PROGRA~3\LOCALS~1\Temp\msqjiol.com No File
    Run FRST, and press the Fix button, just once, and wait.
    The tool creates a report on the Desktop called: Fixlog.txt

    Please post the Fixlog.txt in your reply.

    Need to take a look at these results, and then, we can roll...
      My Computer


  10. Posts : 48
    Windows 7 Home Premium 64bit
    Thread Starter
       #70

    Does "Values deleted successfully" mean we got it?

    Fixlog.txt

    @jumanji, stayed tuned, will check and see if my images are visible...
      My Computer


 
Page 7 of 10 FirstFirst ... 56789 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 17:54.
Find Us