New
#11
Yes bsever mate there is a huge amount of replies from wherever re this problem and I am guessing any one of the replies may well be right but it takes very little time to run the rescue and if nothing else eliminates some things.
There are in that list others too of which I have not used but I am sure if the Kaspersky does not pick anything up the others may or may not pick up malware as nothing is 100% foolproof. That goes for any security you are using really if you think about it until a malware is put out and it is recognised as such then it cannot be detected, the best you can do is to use a good program with a good reputation.
If you want to like Slartybart says use the TDSS Killer it is here Malware Removal Tools | Free Virus Removal | Kaspersky Lab scroll down to the TDSS and use it - again it takes only a very short time to run and eliminates yet another probable cause.
Jacee is one of the best around here - I copied a post from a similar thread that might get you booted.
I noticed a slight difference between the other thread and your thread.
Your specs state Win7 x64 - is that correct?
If you already have the 64 bit version, you can skip the download, if you aren't certain, please download.
Is the exe named FRST64 or FRST? You want FRST64.exe
So the first thing I'd like you to do is download the
64 bit version of Farbar: Downloading Farbar Recovery Scan Tool
[download prompt should offer Run, Safe, Cancel bar]
Then follow the instruction in the quote.
The next steps Jacee asks OP to run AdwCleaner, but Cottonball (also one of the best) interjects wih something he sees in the FRST64 report. I'm not up on FARBR reports - so another member can take a look at it and determine if an additional script is required.
Given that those two are the best and there is some minor discussion about the order, the only thing I can safely say at this point is to follow the Jacee's quoted instructions above.
I'm sure the discussion was a minor detail - but they would be the ones who could answer if the order made a difference.
I am running the Kaspersky Rescue from USB as suggested earlier at the moment and will see what happens when that is over. The quoted text seems to be a fix that is unique to that case, but in the absence of further direction (and in deference to your expertise) I'll try the quoted fixlist text next if still necessary. I appreciate the guidance!
Edit: Kaspersky ran a quick scan of the disk boot sectors and hidden startup objects and didn't find anything, so I am having it run a scan of c drive and all other available objects/places to scan that it gave me. I have to leave for the night so I won't know the results of this scan until the morning, but if nothing turns up I guess I'll be at square one and will try the fix quoted by Slartybart. Thanks again.
Last edited by bsever; 21 Jan 2014 at 19:42. Reason: follow up info
What you have is a 'Rootkit'. I don't even try to help folks with this problem. My best advice is to wipe and do a "clean" install. You can read what a rootkit is all about here: Rootkit - Wikipedia, the free encyclopedia
I'm one of these 'experts'.
Jacee: Is there any hope for user data or is that also suspect?
bsever: Looks like we should have waited.
I was leaning on her posts anyway, so I'll lean her post# 15 above.
bsever,
Let's try this script...
Please open Notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below
Save it to the USB pen drive, and name it: fixlist.txt
start
HKLM-x32\...\Run: [] - [x]
C:\Windows\Installer\{3c1bccc7-061b-c6af-40d2-8b0efa244643}
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{3c1bccc7-061b-c6af-40d2-8b0efa244643}
C:\Users\POSTAL\AppData\Local\{3c1bccc7-061b-c6af-40d2-8b0efa244643}
C:\Users\POSTAL\AppData\Local\Temp\APNStub.exe
C:\Users\POSTAL\AppData\Local\Temp\imagepackage64.exe
C:\Users\POSTAL\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\POSTAL\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\POSTAL\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\POSTAL\AppData\Local\Temp\lhi65wsr.dll
C:\Users\POSTAL\AppData\Local\Temp\mpam-fex64.exe
C:\Users\POSTAL\AppData\Local\Temp\qdg_ju8x.dll
C:\Users\POSTAL\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\POSTAL\AppData\Local\Temp\z6jjfaa1.dll
C:\Windows\svchost.exe
TDL4: custom:26000022
end
Once again, run FRST64 as you did before.
When the tool opens click Yes to disclaimer.
Now, press the Fix button, only once, and wait.
When done, FRST produces Fixlog.txt on the USB pen drive.
Please provide the content of Fixlog.txt on your reply.
Thanks!
Thanks, cottonball. I've attached the Fixlog as requested.
bsever,
The fixlog looks good, but, the big question is: Does the computer boot to Windows???
Yes! What a sweet relief to see the desktop come up, oh sweet beautiful desktop. I didn't even think to try to reboot after the fix.
Thank you!!!