I have a virus that reinstalls after a recovery. Please help.

cottonball · 20 Sep 2013

Did not see the ZeroAccess entries expected in the FRST reports.

You may want to run Disk Cleanup, if possible at this stage, and remove any thumbs.db files created. The Addition.txt shows some issues with explorer.exe there.

Go to Start > All Programs > Accessories > System Tools > Disk Cleanup
In Disk Cleanup: Drive Selection make sure the (C) drive is showing
Click: OK
On the Disk Cleanup Menu make sure there's a check next to the Thumbnails entry.
Click OK, and the files selected are deleted.

Next, using another computer, you may want to download the following program to a USB pendrive, and then move it to the Desktop of the problem computer.

Download aswMBR:
http://www.bleepingcomputer.com/download/aswmbr/
Save it to the pen drive, and then move it to the Desktop of the problem computer.

Make sure your AntiVirus is temporarily disabled!!
For information on how to disable protective programs, refer to this Link:
http://www.bleepingcomputer.com/forums/topic114351.html

Right-click the aswMBR file and select: Run as Administrator

When promped with: This Application can use the Avast! Free AntiVirus for scanning...etc.
Select: Yes

The last line of the run in progress will provide the status of the Avast! scan.
It will say: Downloading Avast! virus definitiond database, etc.
When the Avast! scan is done, the last line changes to: Avast Engine definitions #####

At this point, click the Scan button on the lower left of the aswMBR screen.
The last line will now say "Scanning" while in progress.
Upon completion of the scan, click >Save log< and save it to the Desktop.
Note: Please do NOT attempt to fix anything!!
Exit the program.

Please post the new aswMBR log in your reply.

Note that a file named MBR.dat is also created on the Desktop.

Please submit MBR.dat for analysis to the following online services that analyze suspicious files:
Jotti's virusscan

Please post the links for the file analyses in your reply.

SevSaint · 20 Sep 2013

the disk cleanup worked on the constant crashing of windows. thanks for that..
i didn't select any options for the scan. it was defaulted to quick scan so thats what this log includes..
if you wanted me to full scan etc.. then specify with reply and ill update with another log.
i noticed my mbr has an error but im sure you all will figure it out.

thanks again!!

http://virusscan.jotti.org/en/scanre...8be521f2417919

cottonball · 20 Sep 2013

SevSaint,

My apology for the obsolete links.

Did not realize they needed updating.

Did not see what could be pointing to malware.

Take up the suggestions made by UsernameIssues and ICit2lol. Doubt that TDSSKiller will come up with anything, but, the ESET Online Scanner is a good detection tool.

Run the following when you have the time, though, it may take a while...
The ESET Scanner is implemented as an ActiveX control, so it is best run on Internet Explorer.
Right click the IE shortcut and select: Run as Administrator

Next, download: Free Online Virus Scanner | ESET

On the ESET website, click on: Run ESET Online Scanner
Click: Start

When asked, allow the add-on to be installed
Click: Start again

On the next prompt, Computer Scan Settings, check: Remove found threats
Next, click on: Advanced Settings

Make sure these options are checked:

Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Click: Scan

When the scan is completed, if threats are found, in the Scan Results prompt:

Click on: List of threats found
Click on: Export to text file
Save to the Desktop and name it ESET Scan Results
Click on: Back
Place a check on: Uninstall application on close
Click on: Finish, and close the program.

If anything is found, please provide the ESET report in your reply to determine if any further action is necessary.

SevSaint · 20 Sep 2013

it's not even running in safe mode now. it takes 1 minute or more for anything to happen. sevenforums will not load.. i am beginning to think its hardware related.

ICIT2LOL · 21 Sep 2013

Hello Sev mate I have found this it might be worth a try and the two bottom answers have alternatives How to solve Windows explorer has stopped working... - Microsoft Community

SevSaint · 21 Sep 2013

alrighty ill make some adjustments. will be a few days since im in the process of moving just bookmark and check back if you will.

ICIT2LOL · 21 Sep 2013

No probs - happy moving

SevSaint · 22 Sep 2013

i got on the computer to recover the computer since it was totally hung every time i clicked on anything in safe mode and it was running fine. someone said it might be a satr cable on the hard drive thats lose.
sometimes i hear a slight pop when turned on or off. dont have a clue what that is.. going to do what has been suggest and its currently at factory install condidtion again for the 6th time in a month

redfang337 · 22 Sep 2013

SevSaint, I think the only thing you can do about now is a Clean ReInstall. I'd do a scan with TDSSKiller and MalwareBytes Anti-Rootkit (MBAR) before reinstalling to make sure no rootkits are involved. We've tried just about everything, and if something does end up working, the computer wouldn't be trustworthy due to whatever virus got in it in the first place.
I think It's the best solution.

NOTE: Make sure you follow these instructions for TDSSKiller:
when starting the application, click the Preferences button. Then make sure the following are checked

Then start your scan :)

As for the pop when the computer starts or shuts down, I am not experienced with this, for some laptops it's normal, although I do not think good, someone with more knowledge than I would have to address that situation

--Brad

SevSaint · 22 Sep 2013

alrighty red.. downloading the iso sp1 for my OS right now.. might take a few days since all the work and stuff i gota do.. but if that doesn't work then i know its the hardware and not software issue.