Hi everybody! I-ve been infected with this nasty little trojan, I-ve triend many things with no results, so I decided to ask for help to the experts!
Things Ive already Done:
1) Run Webroot and attempt fix.
2) Run malwareBytes and attempt fix with it.
That didnt work.
Computer Symptoms:
1) Every minute a windows opens in russian with the name JetSwap safesurf.
2) It takes forever to start the computer.
3) Its speed is dramatically reduced.
DDS does not work with my windows version (Windows server 2003), So ill only post the aswMBR log:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-01-16 12:33:40
-----------------------------
12:33:40.202 OS Version: Windows 5.2.3790 Service Pack 2
12:33:40.202 Number of processors: 4 586 0x3A09
12:33:40.202 ComputerName: TSERVER UserName: jjb
12:33:42.467 Initialize success
12:41:14.822 AVAST engine defs: 14011600
12:44:05.466 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:44:05.466 Disk 0 Vendor: ST1000DM003-1CH162 CC47 Size: 953869MB BusType: 3
12:44:05.591 Disk 0 MBR read successfully
12:44:05.591 Disk 0 MBR scan
12:44:05.622 Disk 0 Windows XP default MBR code
12:44:05.622 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 938269 MB offset 1230848
12:44:05.622 Disk 0 scanning sectors +1922805760
12:44:05.732 Disk 0 scanning C:\WINDOWS\system32\drivers
12:44:16.685 Service scanning
12:44:30.483 Modules scanning
12:44:39.874 Disk 0 trace - called modules:
12:44:39.890 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
12:44:39.890 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b225ab8]
12:44:39.890 3 CLASSPNP.SYS[f7290601] -> nt!IofCallDriver -> \Device\00000066[0x8b22d9e8]
12:44:39.890 5 ACPI.sys[f73593c0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b22dd98]
12:44:41.280 AVAST engine scan C:\WINDOWS
12:44:54.125 AVAST engine scan C:\WINDOWS\system32
12:51:43.141 AVAST engine scan C:\WINDOWS\system32\drivers
12:52:33.955 AVAST engine scan C:\Documents and Settings\jjb
12:54:07.441 AVAST engine scan C:\Documents and Settings\All Users
12:54:13.738 Scan finished successfully
12:55:27.990 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\jjb\Desktop\MBR.dat"
12:55:27.990 The log file has been saved successfully to "C:\Documents and Settings\jjb\Desktop\aswMBR.txt"
I cant Find the Spybot S&D TeaTimer option, im using version 2.2.
SpyBot S&D show no results in the scan, but as I said, I cant enable the "tea Timer" so I don't know if my Scan is accurate.
Last edited by tashi; 2014-01-16 at 20:09.
Reason: Merged posts
My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.
Please stay with this topic until I let you know that your system appears to be "All Clear"
Important:All tools MUST be run from the Desktop.
=========================
rkill
Print out these instructions as we may need to close every window that is open later in the fix.
It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.
Do not reboot your computer after running rkill as the malware programs will start again.
Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
You only need to get one of them to run, not all of them.
JetSwap SafeSurf removal.
