Page 2 of 5 FirstFirst 12345 LastLast
Results 11 to 20 of 45

Thread: Click.GiftLoad

  1. #11
    Junior Member
    Join Date
    Apr 2011
    Posts
    27

    Default Re:

    Ken,
    I really appreciate your efforts to help me! I'll wait for sure because that problem is way over my skills and knowledge.

    Thomas

  2. #12
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    14,725

    Default

    Thomas,

    We're dealing with a possible infection of the Master Boot Record and we want to make sure we run the right tool, yours is a bit different variant that is showing up on the scans so just sit tight
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #13
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    14,725

    Default

    Run this please

    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK

    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

    Do not re-enable these drivers until otherwise instructed.




    Now run aswMBR again to save a log, not the fix
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  4. #14
    Junior Member
    Join Date
    Apr 2011
    Posts
    27

    Default DeFogger

    I ran first 5 steps of your list. After clicking "Yes" to "Finished" message I'm coming back to pop-up asking me if I want to disable CD emulation drivers. No reboot request.

  5. #15
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    14,725

    Default

    Yes, disable them, we will re enable them when were done

    Drag your copy of aswMBR to the trash , reboot your computer and then download it again and post the log

    Download aswMBR.exe ( 511KB ) to your desktop.

    Double click the aswMBR.exe to run it

    Click the "Scan" button to start scan


    On completion of the scan click save log, save it to your desktop and post in your next reply
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  6. #16
    Junior Member
    Join Date
    Apr 2011
    Posts
    27

    Default Second aswMBR report

    aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
    Run date: 2011-05-03 17:10:29
    -----------------------------
    17:10:29.671 OS Version: Windows 5.1.2600 Service Pack 3
    17:10:29.671 Number of processors: 1 586 0x401
    17:10:29.671 ComputerName: BELAIRE UserName: Owner
    17:10:45.890 Initialize success
    17:10:53.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
    17:10:53.093 Disk 0 Vendor: ST3160827AS 3.42 Size: 152627MB BusType: 3
    17:10:53.093 Device \Driver\atapi -> DriverStartIo 8a9c2332
    17:10:55.109 Disk 0 MBR read successfully
    17:10:55.109 Disk 0 MBR scan
    17:10:55.109 Disk 0 TDL4@MBR code has been found
    17:10:55.109 Disk 0 Windows XP default MBR code found via API
    17:10:55.109 Disk 0 MBR hidden
    17:10:55.109 Disk 0 MBR [TDL4] **ROOTKIT**
    17:10:55.109 Disk 0 trace - called modules:
    17:10:55.109 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a9c24e7]<<
    17:10:55.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa61ab8]
    17:10:55.109 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000066[0x8aa3b9e8]
    17:10:55.109 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> [0x8aa82b00]
    17:10:55.625 \Driver\atapi[0x8aa21b60] -> IRP_MJ_CREATE -> 0x8a9c24e7
    17:10:55.625 Scan finished successfully
    17:11:05.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
    17:11:05.000 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


    That's it.

  7. #17
    Junior Member
    Join Date
    Apr 2011
    Posts
    27

    Default DeFogger report

    After reboot I discovered report from Defogger:

    defogger_disable by jpshortstuff (23.02.10.1)
    Log created at 14:54 on 03/05/2011 (Owner)

    Checking for autostart values...
    HKCU\~\Run values retrieved.
    HKLM\~\Run values retrieved.

    Checking for services/drivers...


    -=E.O.F=-

  8. #18
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    14,725

    Default

    Those drivers we disabled where for your CD, we will enable them when were done.

    Ok, aswMBR should run ok now

    Lets try it again, post the log when done and then go ahead and run DDS and post a new log


    Re-Run aswMBR

    Click Scan

    On completion of the scan

    Click the Fix for TDL4





    Save the log as before and post in your next reply
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #19
    Junior Member
    Join Date
    Apr 2011
    Posts
    27

    Default Fix for TDL4 aswMBR report

    Here it is:

    aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
    Run date: 2011-05-03 18:05:34
    -----------------------------
    18:05:34.828 OS Version: Windows 5.1.2600 Service Pack 3
    18:05:34.828 Number of processors: 1 586 0x401
    18:05:34.828 ComputerName: BELAIRE UserName: Owner
    18:05:35.328 Initialize success
    18:05:38.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
    18:05:38.625 Disk 0 Vendor: ST3160827AS 3.42 Size: 152627MB BusType: 3
    18:05:38.625 Device \Driver\atapi -> DriverStartIo 8a9c2332
    18:05:40.625 Disk 0 MBR read successfully
    18:05:40.625 Disk 0 MBR scan
    18:05:40.625 Disk 0 TDL4@MBR code has been found
    18:05:40.625 Disk 0 Windows XP default MBR code found via API
    18:05:40.625 Disk 0 MBR hidden
    18:05:40.625 Disk 0 MBR [TDL4] **ROOTKIT**
    18:05:40.625 Disk 0 trace - called modules:
    18:05:40.625 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a9c24e7]<<
    18:05:40.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aa61ab8]
    18:05:40.625 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000066[0x8aa3b9e8]
    18:05:40.625 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> [0x8aa82b00]
    18:05:41.125 \Driver\atapi[0x8aa21b60] -> IRP_MJ_CREATE -> 0x8a9c24e7
    18:05:41.125 Scan finished successfully
    18:05:52.796 Disk 0 fixing MBR ...
    18:06:02.796 Disk 0 MBR restored successfully
    18:06:02.796 Verifying disinfection
    18:06:16.812 Infection fixed successfully - please reboot ASAP
    18:06:40.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
    18:06:40.593 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

  10. #20
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    14,725

    Default

    Reboot and post a new DDS log please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •