5 types of malware in my system?

Status
Not open for further replies.
((update))

((UPDATE))

Can't get into anything in the PC, START wont work, Firefox wont work, IE wont work. Cant even get into AVAST!

All I get now is the Properties Window.

:mad:
 
Hi. :)

A most unfortunate turn of events and though you would have had to wait until I came online. It would have been best to actually do nothing at this point you mentioned:-
8) Froze up, been a good 60min, nothing but the blue prompt.
This you should not have done actually:-
Tried to RUN the ComboFix again and got the Properties Window.
So the resulting:-
((UPDATE))

Can't get into anything in the PC, START wont work, Firefox wont work, IE wont work. Cant even get into AVAST!

All I get now is the Properties Window.
Does not come as a surprise for myself. Anyway this sounds very much to myself like explorer.exe or something else associated may be compromised/damaged.

OK a few things we can try. So please carry out the following first and let myself know the outcome, thank you.

Next:
  • Depress CTRL + Alt + Delete to launch the Task Manager.
  • Click on File >> New Task (Run...) >> type in msconfig and hit OK.
  • Now click on Launch System Restore.
  • If System Restore is able to actually start, please restore your computer to a time just before the combofix run and we will go from there.
 
Nope,,,,

I can get the Task Manager open,
I can get the Create New Task screen open,
Will NOT type anything in the box.
Mouse works on point and click.

M.
 
Hi. :)

Please try the following:-

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), navigate to the following file:-

C:\WINDOWS\ERDNT\subs\erdnt.exe <-- Double click on this then reboot the computer.

Now in the event the above file is not present navigate to the following file instead:-

C:\WINDOWS\ERDNT\erdnt.exe <-- Double click on this then reboot the computer.

Let myself know the outcome please, thank you.
 
Woot woot!

WOOT WOOT! that worked!!!:bigthumb:

FYI, I had to go into the the Task Manager (CTRL+ALT+DELETE),
Click on FILE>New Task(Run...)>Browse>Look In>Local disk [C:]
C:\WINDOWS\ERDNT\Hiv-Backup\ERDNT.EXE
This exe file was also in C:\WINDOWS\ERDNT\7-19-2010.

I want to confirm that the Windows Recovery Console was installed,
Is there a manual way of installing WRC before starting ComboFix?

NEXT?

PS, I'm using my laptop not the PC.
 
Hi. :)

I want to confirm that the Windows Recovery Console was installed,
Is there a manual way of installing WRC before starting ComboFix?
A easy way to check would be too reboot the machine and just after the POST(power on self test) sequence you should be given a option to either boot up into the Recovery Console or the Operating system. By default if nothing is selected the machine should automatically boot into Windows.

Note: Do not use ComboFix at all for the time being, thank you.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please navigate to Start >> All Programs >> ERUNT >> ERUNT.

  • Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
  • System registry
  • Current user registry
  • Next click on OK
  • When the Question pop-up appears click on Yes
  • After a short duration the Registry backup is complete! popup will appear
  • Now click on OK. A backup has been created.
Note: If ERUNT has been uninstalled, please inform myself before proceeding any further.

Download/run Rkill:

Please download Rkill from one of the following links and save to your Desktop:

One, Two,Three or Four.

Note: If your security software warns about Rkill, please ignore and allow the download to continue.
  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • Please leave Rkill on the Desktop until otherwise advised.
Note: A logfile will have been created, it can be located at the root of your installed Hard-Drive. EG: C:\rkill.txt.

Scan with TDSSKiller:

Please download TDSSKiller and save it to the desktop.
  • Double-leclick on TDSSKiller.exe to run the application, then on Start Scan.


    TDSSKillerMain.png


  • If an infected file is detected, the default action will be Cure, click on Continue.


    TDSSKillerMal-1.png


  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    TDSSKillerSuspicious-1.png


  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    TDSSKillerCompleted.png


  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Rkill Log.
  • TDSSKiller Log.
  • A new RSIT log.
 
Oops

I got ahead of your post.

I reinstalled ERUNT BEFORE I got to the "Note: If ERUNT has been uninstalled, please inform myself before proceeding any further."

I have stopped there.
 
Hi. :)

If understand you correctly you have reinstalled Erunt? If not it can be downloaded from here.

When a a new backup has been created please proceed to the Rkill instructions on-wards, thank you.
 
----->

I will not touch Combofix, although the instructions indicated that the AV, Malware and Firewall should be turned off.
Is this the case with the Rkill and TDSSKiller?

M
 
No, it is not required to temporarily disable any on-board security related applications at this time. So it is safe to proceed. :)
 
?????????

From my laptop,,,,

OK,,,so the PC was working fine,
DLd ERUNT, backuped OK,
DLd RKill, saved to desktop, RUN, no threats found,
DLd TDSSKiller, saved to Desktop. RUN, no threats found,

Was posting all this on the PC when it Froze Up again, couldn't type, keyboard became non responsive, toolbar in FF is non responsive.
Only the mouse with point and click works.
Start does not open.
I can get into the Task Manager with Ctrl+Alt+Delete.

Is Combofix or the install of Windows Recovery Console causing the problem?:scratch:
 
Hi. :)

Having researched all logs available and including both the Application event/System event logs again it appears the actual problems may be due to a corruption in the actual registry of the operating system and or the actual operating system itself.

If this was caused by malware at this time I am unable to say basically because I do not have enough pertinent information. Since I am limited by what I can do online/via the written word if you will. My best advice would be either carry out a reformat and reinstallation of the Windows operating system and or take the machine to a local reputable IT Repair centre.
 
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh set of DDS logs and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.
 
Status
Not open for further replies.
Back
Top