Computer wont start after removing alureon virus with defender offline

stevenbensusan · 11 May 2015

From reading another thread, I found out that I needed to run frst64.exe.
This seems to be a common problem but not a simple solution. I have no idea how to create the fixlist.txt file.

frst.txt log attached
I also searched for services.exe and search.txt log attached.

I need to know how to create the fixlist.txt file so I can fix this problem.

Please let me know if I'm doing this correctly or if there is something else I should be doing.

Thanks.

Jacee · 11 May 2015

You have a Rootkit. The best advice I can give you is to wipe and do a "Clean" install.
Rootkit - Wikipedia, the free encyclopedia

Your computer has been severely compromised and I wouldn't count on it to be stable by trying to 'fix' the Trojan.

stevenbensusan · 11 May 2015

I would really like to get the machine up and running if possible. Is there a way you can walk me through getting it bootable?

Jacee · 11 May 2015

I, personally, don't work with Rootkits, but there are other forums who have 'trained' experts.
https://www.google.com/search?noj=1&...05.xMPD07FPKbI

cottonball · 11 May 2015

stevenbensusan,

I am basically retired, but, give this a try:

On the clean computer, please open: Notepad
Copy/paste all the contents of the quote box below to Notepad (do not copy the word 'Quote').
Save it on the flash drive as: fixlist.txt

start
TDL4: custom:26000022
cmd: bootrec /fixmbr
cmd: bootrec /fixboot
end

WARNING: This script is written specifically for this User, for use on only this particular computer.
Running the script on another computer may cause damage to the Operating System.

Now, in the infected computer, plug in the USB flash drive, and enter System Recovery Options as you did before.

Run FRST again, but this time press the Fix button just once, and wait.

When done, the tool makes a log on the pen drive. This time it is called: Fixlog.txt

Try to boot the computer into normal mode and post back on what happens.

Also, please post Fixlog.txt in your reply.

If the computer still does not boot into Windows, just hang in there, please.

stevenbensusan · 11 May 2015

Wow that worked!!!

See attached log.

Am I virus free? Is there anything else I need to do?

Thanks and let me know.

cottonball · 11 May 2015

stevenbensusan,

Glad the fixlist worked.

Please run FRST once again, but, this time, download a fresh copy to the Desktop, and run it from there, so we can get the complete log. Also, please check the Addition.txt option.

When done, please provide both reports in your reply.

cottonball · 11 May 2015

Also, please go to the TDSSKiller Download
Select the .exe version

Double-click on TDSSKiller.exe to run the program.

Doubleclick on TDSSKiller.exe to run the program.
At the Kaspersky TDSSKiller interface, click: Change parameters
Check: Detect TDLFS file system
Click: OK
Now, click Start Scan and allow the scan to run
If any threats are found, select: Skip (Do not select: Delete!!)
Click: Continue
Click: Reboot computer

When done, please provide the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in C:\

Jacee · 11 May 2015

Yep, cottonball is a trooper! Do all advice given by this superb member.

stevenbensusan · 11 May 2015

See Attached logs.

Let me know what I should do next.

Thanks.