Possible malware infection

[robertju1]

Hey,

I have been having problems with BSODs, and have been redirected to here from the BSOD subforum.
http://www.sevenforums.com/bsod-help-support/281276-recent-bsods-happening-random.html

I have no idea what I should post or say here furthermore, but I do need help as it is a very big problem!

Thanks in advance,
Robert

 

[VistaKing]

Hi Robert

Lets take a look at something

Download DDS by clicking on the Download on the Table below

Description|Download
DDS|
Download

Save the file onto your desktop. Right click on the dds icon and choose Run as administrator . On the Settings Window put a check mark in attach.txt and then click on the Start button

Upload both of the logs " DDS.txt and ATTACH.txt " with your reply

 

[cottonball]

robertju1,

Also download RogueKiller:
Tlcharger RogueKiller (Site Officiel)

When you get to the website, go to where it says:
(Download link) Lien de téléchargement:

Select the version with the x64.
Click the dark-blue button to download.
Save to the Desktop.

Close all windows and browsers.

Right-click and select: Run as Administrator

At the program console, wait for the prescan to finish. (Under Status, it says: Prescan finished.)
Press: SCAN

When done, a report opens on the Desktop: RKreport.txt

Please provide the RKreport.txt (Mode: Scan) in your reply.

 

[robertju1]

Done both, did take another DDS file from the internet as the link u provided doesn't work for me.

With the RK, I scanned first, used the delete function after (the one beneatch scan) and the scan function afterwards again, that's why I attached 3 files for RK.

 

[cottonball]

robertju1,

Please run: aswMBR
http://public.avast.com/~gmerek/aswMBR.exe
Save it to the Desktop.

>>Make sure your AntiVirus is temporarily disabled!!<<

For information on how to disable protective programs, refer to this Info:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - BleepingComputer.com

Right-click aswMBR and select: Run as Administrator

When promped with: This Application can use the Avast! Free AntiVirus for scanning...etc.
Select: Yes

The last line of the run in progress will provide the status of the Avast! scan.
It will say: Downloading Avast! virus definitiond database, etc.

When the Avast! scan is done, the last line changes to: Avast Engine definitions #####

At this point, click the Scan button on the lower left of the aswMBR screen.
The last line will now say "Scanning" while it is in progress.

Upon completion of the scan, click >Save log< and save it to the Desktop.
Note: Please do NOT attempt to fix anything!!
Exit the program.

Please post the aswMBR log in your reply.



Also, notice that another file is created on the Desktop.
It is named MBR.dat

Please submit MBR.dat for analysis to VirusTotal:
http://www.virustotal.com/
http://www.sevenforums.com/tutorials/277740-online-scanners-scan-suspicious-files-your-pc.html

If you get a message saying: 'File has already been analyzed', click: Reanalyze file

Once scanned, and you see the full results page on your screen, go up to the address bar at the top of the browser, and copy the http:\\etc. address there.

Then, provide the http:\\ address to the results page in your reply.

 

[robertju1]

Hey, sorry for the late reaction, I was on vacation.

I have tried to run aswMBR, in normal mode and in safe mode with network possibilities, but I get an error that the program has crashed in both ways. It is a normal windows error, aswMBR doesn't work anymore and there are no solutions, and then I had to click right under to exit the program.

So this doesn't work, is there any other program that I can run which is alike?

 

[cottonball]

Looks as if you are having a hard time obtaining information from which we can take action.

Let's take a look before Windows starts…

Do you have the Repair your computer option in the Advanced Boot Options menu?
Don't want for you to run this option; just want to know if you have it!!

To find out:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
Is the Repair your computer option listed?

If you do not have the option, do you have your Windows installation CD/DVD available?

And last, do you have a USB flash drive available, and access to another computer that is not infected?

 

[robertju1]

Yes, the repair your computer is listed. (the option on top and above safe mode)

Also I do have an USB of 8gb available and acces to another computer that isn't infected yes.

Also when I pressed f8, I first gain the option from which thing I would like to boot, my SATA or the CDrom, Afterwards I gain the advanced boot options.

 

[cottonball]

robertju1,

You may want to print these instructions so you can have access to follow them.
Also, you may want to read them once before you apply them.

Please plug a USB flash drive into a clean computer.
Go to Start > Computer
Double-click Computer, and select the flash drive.
Right-click and select: Format
Press Start on the Format prompt.
Remove when done.


Now, go to the Farbar Recovery Scan Tool Download page.
Select the 64-bit download.
Save the program to the >> USB flash drive <<

Next, remove the flash drive from the clean computer, and plug it into the problematic computer.

>>>Restart.

• As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select your language settings, and click: Next
• Select your User account and click: OK (If you did not set a password, leave blank.)

On the System Recovery Options menu you get the following options:

• Startup Repair
  [*]System Restore
  [*]Windows Complete PC Restore
  [*]Windows Memory Diagnostic Tool
  [*]Scan your computer's memory for errors.
  [*]Command Prompt

Select Command Prompt

• In the Command window, at the bliking cursor type notepad and press: Enter
• In Notepad, under the File menu select: Open
• Double-click Computer, find the flash drive letter, remember what letter it is, click on it, and press: Open
• Close out of Notepad.
• Click the Command Prompt window
• Type g:\frst64.exe, and press: Enter
  Note: Replace the drive letter g with the drive letter of your flash drive!
• The tool starts and prepares to run. Follow the prompts.
• Click Yes to the disclaimer.
• Press: Scan

When done scanning, the program saves a FRST.txt report on the flash drive.

Close Notepad, then, click the Command prompt window, and type exit, and press: Enter
Remove the USB flash drive.
Back at the System Recovery Options, press: Shutdown

Please provide the FRST.txt in your reply.
It is located in the USB flash drive.

 

[robertju1]

Did all your steps and attached the text file!

 

[cottonball]

In light of the difficulties encountered...

Please do the following before moving on to the next step: http://www.sevenforums.com/tutorials/697-system-restore-point-create.html

Now, download ComboFix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Save ComboFix.exe to the Desktop <<---

Now, please disable your AntiVirus and AntiSpyware applications, as they interfere with tools and their removal.
Info on how to disable security applications: http://www.bleepingcomputer.com/for...nti-virus-firewall-and-anti-malware-programs/

Next, double-click combofix.exe and follow the prompts.

When done, ComboFix produces a log: C:\ComboFix.txt
Please attach the ComboFix.txt in your reply.

NOTE: If the following message appears, please reboot to resolve the issue:
"Illegal operation attempted on Registry key that has been marked for deletion."

 

[robertju1]

Ran the whole progress through without errors and atatched the file combofix.txt!

 

[cottonball]

robertju1,

Looks like CF removed a group of entries shown in Other Deletions.

Are you still having problems with BSODs?

 

[robertju1]

I used combofix this morning and haven't had one since, but I didn't get BSODs that frequently, like once in 3 hours, but it could also take longer. I hope that I will not have any more trouble with them, and I shall report if otherwise?

 

[VistaKing]

robertju1

You could run a Driver Verifier to see what drivers are causing your BSOD

:ar: http://www.sevenforums.com/tutorials/101379-driver-verifier-enable-disable.html

   Note

it will lag your PC

 

[robertju1]

I had left my pc on and sadly, I had another BSOD.
I provided this one as an attachment.

I just enabled driver verifier.

 

[VistaKing]

Hi robertju1

Can you open a new thread in the BSOD Help and Support section ? Repost the attachment there .