-
Hi,
I am wondering if you clicked the right button during the fix, are you sure you clicked on the FIX button and not FIXMBR ?
If you can use a usb drive to access the infected computer, copy the report and post it please, also the picture from your camera may work.
Try doing a System Restore, here are the instructions
http://www.bleepingcomputer.com/tuto...torial143.html
-
How are you coming along, did you try System Restore ?
-
Im pretty sure that i just pressed fix and not fixmbr. I will try to post the pics of the mbr scan asap (im not at home at the moment). in the meantime im trying to do a system restore but when i try to pull up the restore points i get a window that says "to perform an offline system restore, you must specify which windows installation you would like to restore" then it gives me a command prompt example- rstrui.exe/OFFLINE:C:/Windows. but it doesn't tell me where or how to do this. I tried to restore by pressing f8 upon reboot with the repair my computer option but i got a bsod right after that.
-
Look on your desktop, do you have a asbMBR.dat file ? If so can you transfer it by flash drive and then use a working computer to attach it to this thread
-
ok the first saved log is right after i pressed fix and then i saved it before rebooting. the second is after the first reboot in safemode i did a rescan only with mbr and saved it.
aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-02 11:42:11
-----------------------------
11:42:11.501 OS Version: Windows 6.0.6002 Service Pack 2
11:42:11.501 Number of processors: 2 586 0x170A
11:42:11.501 ComputerName: BADNASTY UserName:
11:42:13.108 Initialize success
11:42:15.292 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\iaStor0
11:42:15.292 Disk 0 Vendor: SAMSUNG_ HH10 Size: 152627MB BusType: 3
11:42:15.292 Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskSAMSUNG_HM160HI_________________________HH100-14#4&27fab17b&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
11:42:15.308 Disk 0 MBR read successfully
11:42:15.308 Disk 0 MBR scan
11:42:15.308 Disk 0 TDL4@MBR code has been found
11:42:15.323 Disk 0 MBR hidden
11:42:15.323 Disk 0 MBR [TDL4] **ROOTKIT**
11:42:15.323 Disk 0 trace - called modules:
11:42:15.339 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86978439]<<
11:42:15.339 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x862938d8]
11:42:15.354 3 CLASSPNP.SYS[885a98b3] -> nt!IofCallDriver -> [0x86b14f08]
11:42:15.354 \Driver\iaStor[0x86396a98] -> IRP_MJ_CREATE -> 0x86978439
11:42:15.370 Scan finished successfully
aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-02 14:14:08
-----------------------------
14:14:08.036 OS Version: Windows 6.0.6002 Service Pack 2
14:14:08.036 Number of processors: 2 586 0x170A
14:14:08.036 ComputerName: BADNASTY UserName:
14:14:09.409 Initialize success
14:14:12.092 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\iaStor0
14:14:12.092 Disk 0 Vendor: SAMSUNG_ HH10 Size: 152627MB BusType: 3
14:14:12.092 Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskSAMSUNG_HM160HI_________________________HH100-14#4&27fab17b&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
14:14:12.123 Disk 0 MBR read successfully
14:14:12.123 Disk 0 MBR scan
14:14:12.123 Disk 0 TDL4@MBR code has been found
14:14:12.139 Disk 0 MBR hidden
14:14:12.139 Disk 0 MBR [TDL4] **ROOTKIT**
14:14:12.139 Disk 0 trace - called modules:
14:14:12.155 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86978439]<<
14:14:12.155 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x862938d8]
14:14:12.155 3 CLASSPNP.SYS[885a98b3] -> nt!IofCallDriver -> [0x86b14f08]
14:14:12.170 \Driver\iaStor[0x86396a98] -> IRP_MJ_CREATE -> 0x86978439
14:14:12.170 Scan finished successfully
14:14:13.949 Disk 0 fixing MBR
14:14:23.964 Disk 0 MBR restored successfully
14:14:23.964 Infection fixed successfully - please reboot ASAP
the second:
aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-02 11:42:11
-----------------------------
11:42:11.501 OS Version: Windows 6.0.6002 Service Pack 2
11:42:11.501 Number of processors: 2 586 0x170A
11:42:11.501 ComputerName: BADNASTY UserName:
11:42:13.108 Initialize success
11:42:15.292 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\iaStor0
11:42:15.292 Disk 0 Vendor: SAMSUNG_ HH10 Size: 152627MB BusType: 3
11:42:15.292 Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskSAMSUNG_HM160HI_________________________HH100-14#4&27fab17b&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
11:42:15.308 Disk 0 MBR read successfully
11:42:15.308 Disk 0 MBR scan
11:42:15.308 Disk 0 TDL4@MBR code has been found
11:42:15.323 Disk 0 MBR hidden
11:42:15.323 Disk 0 MBR [TDL4] **ROOTKIT**
11:42:15.323 Disk 0 trace - called modules:
11:42:15.339 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86978439]<<
11:42:15.339 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x862938d8]
11:42:15.354 3 CLASSPNP.SYS[885a98b3] -> nt!IofCallDriver -> [0x86b14f08]
11:42:15.354 \Driver\iaStor[0x86396a98] -> IRP_MJ_CREATE -> 0x86978439
11:42:15.370 Scan finished successfully
aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-02 14:14:08
-----------------------------
14:14:08.036 OS Version: Windows 6.0.6002 Service Pack 2
14:14:08.036 Number of processors: 2 586 0x170A
14:14:08.036 ComputerName: BADNASTY UserName:
14:14:09.409 Initialize success
14:14:12.092 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\iaStor0
14:14:12.092 Disk 0 Vendor: SAMSUNG_ HH10 Size: 152627MB BusType: 3
14:14:12.092 Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskSAMSUNG_HM160HI_________________________HH100-14#4&27fab17b&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
14:14:12.123 Disk 0 MBR read successfully
14:14:12.123 Disk 0 MBR scan
14:14:12.123 Disk 0 TDL4@MBR code has been found
14:14:12.139 Disk 0 MBR hidden
14:14:12.139 Disk 0 MBR [TDL4] **ROOTKIT**
14:14:12.139 Disk 0 trace - called modules:
14:14:12.155 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86978439]<<
14:14:12.155 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x862938d8]
14:14:12.155 3 CLASSPNP.SYS[885a98b3] -> nt!IofCallDriver -> [0x86b14f08]
14:14:12.170 \Driver\iaStor[0x86396a98] -> IRP_MJ_CREATE -> 0x86978439
14:14:12.170 Scan finished successfully
14:14:13.949 Disk 0 fixing MBR
14:14:23.964 Disk 0 MBR restored successfully
14:14:23.964 Infection fixed successfully - please reboot ASAP
-
-
sorry the second set in my previous post is not correct. it is the same as the first . this is the second, it was just a scan after reboot:
aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-02 14:34:46
-----------------------------
14:34:46.966 OS Version: Windows 6.0.6002 Service Pack 2
14:34:46.966 Number of processors: 2 586 0x170A
14:34:46.981 ComputerName: BADNASTY UserName:
14:34:47.558 Initialize success
14:34:53.642 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:34:53.658 Disk 0 Vendor: SAMSUNG_ HH10 Size: 152627MB BusType: 3
14:34:53.658 Disk 0 MBR read successfully
14:34:53.674 Disk 0 MBR scan
14:34:53.674 Disk 0 scanning sectors +312579760
14:34:53.705 Disk 0 scanning C:\Windows\system32\drivers
14:34:59.820 Service scanning
14:35:01.910 Disk 0 trace - called modules:
14:35:01.942 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
14:35:01.942 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8586f8a0]
14:35:01.957 3 CLASSPNP.SYS[883aa8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84e42028]
14:35:01.957 Scan finished successfully
-
Thanks for the info, I am forwarding your dat file to people that can analyze it and see if there is something that needs to be restored, I will be back when I hear from them
In the meantime here is some info for you on how to do a System Restore with Vista
http://www.howtogeek.com/howto/windo...ystem-restore/
Last edited by ken545; 2011-04-04 at 22:50.
-
to keep you posted on my progress: I tried to repair my comp with the original windows vista dvd that came with it. I tried to initialy restore startup it said it was successful, and that gave me a bsod. then i tried to restore to a previous date with the vista dvd and that also gave me a bsod after it restored to the earlier date. I have not wiped my system clean yet (factory new) in hopes that there may be another option. Im still able to get into windows in safe mode but i still have no networking capabilities.
thanks for your help
-
Go to the Programs and Features in the Control Panel an uninstall ESET NOD32 Antivirus 4.2, reboot and see if it helped.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
