BleepingComputer.com: Tdsskiller found Pihar b, but still having problems

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Tdsskiller found Pihar b, but still having problems

#1 User is offline   technosaur 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 1
  • Joined: 22-December 11
  • Gender:Not Telling
  • Location:Arizona

Posted 23 December 2011 - 02:03 AM

Several months ago my computer was infected with a virus that hid most of my files. I manually "unhid" several files, but I did not know how to restore the start menu. I paid a remote computer repair service to clean and restore the system, but I think they did more harm than good. My genuine Office Products were now not recognized by Microsoft, and the version had mysteriously changed from 2007 to 2003. After several hours and countless phone calls, I gave up and patched things back together as best I could. Things were reasonably functional until a few days ago when I began receiving fake system alerts. My computer shut down, and when it restarted my files were hidden again, and now my search results were being redirected to bogus sites.

I restored what I could and ran a McAfee scan, Malwarebytes, SuperAntiSpyware and Trojan Killer which found and removed several items, but my search results were still being redirected in both IE and Firefox. Then I downloaded Kaspersky Tdsskiller, which found and "cured" Rootkit.boot.pihar.b. Search results are not being redirected anymore, but my start menu is a mess, my computer is running extremely slow, issuing warnings, making system beeps and dings, and running out of memory. I have rebooted several times, and re-run tdsskiller. It finds and "cures" pihar.b every time, so it appears to be re-intsalling every time the system starts up.

Unfortunately, in my frenzy to remove the virus, I had also run a "PC clean", so I was able to retrieve the temp\smtmp files. I downloaded and ran the Winxp script to reset the start menu with minimal results. I also downloaded ComboFix, but I am reluctant to try it without guidance. I may have already done more than I should have. Your help will be greatly appreciated.

#2 User is offline   narenxp 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: BC Advisor
  • Posts: 2,739
  • Joined: 24-October 11
  • Gender:Male
  • Location:India

Posted 23 December 2011 - 02:57 AM

Hi

Your MBR is still infected,you may need to create topic here

http://www.bleepingcomputer.com/forums/forum22.html

How to prepare logs

http://www.bleepingcomputer.com/forums/topic34773.html

Good luck

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users