Page 1 of 3 123 LastLast
Results 1 to 10 of 29

Thread: Crash aswMBR

  1. #1
    Member
    Join Date
    Mar 2013
    Posts
    32

    Default Crash aswMBR

    I tried to run aswMBR three times, but in all cases it crashes after the following lines:
    ...
    14:31:32.512 AVAST engine scan C:\Windows\system32
    14:34:56.501 Scanning: C:\windows\assembly\GAC_MSIL\Microsoft.visualstudio.Tools.Applications...

    The error message was: (translated)

    "avast! Antirootkit not running anymore

    A problem arrose which resulted in a halt of this program.
    The program is closed and you get a message when a solution is available.
    Closing program"

    Although aswMBR crashed, is it worthwhile if I send DDS.txt and Attach.zip awaiting a solution to the aswMBR-crash? I have them ready to be posted.
    Thank you.

  2. #2
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi and Joliegew

    My name is Robybel.

    I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.


    IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.


    Vista and Windows 7 users:

    These tools MUST be run from the executable. (.exe) every time you run them
    with Admin Rights (Right click, choose "Run as Administrator")


    Stay with this topic until I give you the all clean post.

    Having said that....Let's get going!!

    ============ Next ==============




    Scan with OTL
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under Custom Scan paste this in


      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      services.exe
      /md5stop
      %systemroot%\*. /rp /s
      %systemdrive%\$Recycle.Bin|@;true;true;true /fp
      DRIVES
      CREATERESTOREPOINT

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
      • You may need two posts to fit them both in.


    ============ Next ==============



    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.




    • If an infected file is detected, the default action will be Cure, click on Continue.




    • If a suspicious file is detected, the default action will be Skip, click on Continue.




    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    On your next reply please post :
    • OTL.txt
    • Extras.txt
    • TDSSKiller log

    Let me know if you have any problems in performing with the steps above or any questions you may have.

    Good Day!
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -

  3. #3
    Member
    Join Date
    Mar 2013
    Posts
    32

    Default OTL.zip & Exras.zip

    Hello Robybel,

    Find herewith two zips, the third one you'll find in the next message.
    I had to go to another computer with these files, because I didn't succeed in attaching them at the computer that behaves badly; just to let you know this.

    Thank you for heling me!

  4. #4
    Member
    Join Date
    Mar 2013
    Posts
    32

    Default TDDSKiller-report

    This is the third file.
    Thanks again.

  5. #5
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi Joliegew

    AdwCleaner

    • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.


    ============ Next ==============


    • Download RogueKiller and save it to your desktop.
    • Quit all other programs
    • Start RogueKiller.exe
    • Wait until the Prescan has finished ...
    • Click on Scan
    • Wait for the end of the scan
    • A report will be created on your desktop.
    • Click on the Delete button
    • Next click on the ShortcutsFix
    • another report will be created on your desktop.


    Please post: All RKreport.txt text files located on your desktop.

    On your next reply please post :
    • AdwCleaner log
    • All RKreport.txt
    • Let me know what problems you find

    Let me know if you have any problems in performing with the steps above or any questions you may have.

    Good Day!
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -

  6. #6
    Member
    Join Date
    Mar 2013
    Posts
    32

    Default Zipped AdwCleaner.logs and RKreport.txt's

    Hi Robybel,

    It was difficult to establish what you asked for, especially because AdwCleaner didn't finish, so that no reboot was forced. As you can see in the zip-file, I undertook many, many runs by AdwCleaner, by which I think every time my pc became somewhat better to handle. Nevertheless I spent hours to come so far as I am now. I hope that what I send you makes sense to understand what happened successively. I cropped everything together with RKreport[3], as the zp-file is called. I hope you don't mind.

    Thank you in advance!
    Joliegew

  7. #7
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi Joliegew

    Good job But:

    If you can, don't attach the log, just copy/paste its contents


    Please follow this step

    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.



    next

    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.




    • If an infected file is detected, the default action will be Cure, click on Continue.




    • If a suspicious file is detected, the default action will be Skip, click on Continue.




    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -

  8. #8
    Member
    Join Date
    Mar 2013
    Posts
    32

    Default JRT-contents

    Hi Robybel,

    Only JRT gave output:
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.7.2 (03.15.2013:1)
    OS: Windows Vista (TM) Home Premium x86
    Ran by LieMaa on wo 20-03-2013 at 15:10:09,08
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
    Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{61d1c847-df80-423a-8c6d-dc03b97e6ebe}



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{2a696bce-44cf-45a4-b905-59cdfa08531a}
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{78875f5c-a685-4405-8dc5-d48dc65452b0}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\LieMaa\appdata\local\adawarebp"

    TDSSKiller finished without anything to complain about

    again!

  9. #9
    Malware Team: Emeritus
    Join Date
    Oct 2012
    Posts
    246

    Default

    Hi Joliegew

    The report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".
    - Proud Graduate of WTT Classroom -

    - Member of UNITE -

  10. #10
    Member
    Join Date
    Mar 2013
    Posts
    32

    Default log

    The last action?

    Edit Can I start offering data for another pc in this thread, or should I start a new thread?

    TIA

    Edit
    http://forums.spybot.info/showthread...558#post438558
    Last edited by tashi; 2013-03-21 at 05:23. Reason: Added link.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •