Help
This topic is locked
Attached File(s)
-
attach.txt (11.8K)
Number of downloads: 0 -
dds.txt (26.23K)
Number of downloads: 3 -
GMER.log (133.79K)
Number of downloads: 1
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient. DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Bioshock 2 stopped wirking Suspect an infection
#1
- Member
-
- Group: Members
- Posts: 19
- Joined: 07-January 12
Posted 27 January 2012 - 11:42 PM
Tech support said the problem was in the OS(Windows XP 32 bit SP3) so I ran a number of malware scans(Combofix, AVG, Spybot, Super antispyware, and Malwarebytes) then ran sfc /scannow to repair the files. Still nothing. Could I still be infected?
Back to top
#2
- I know the drill!
-
- Group: Malware Response Instructor
- Posts: 29,114
- Joined: 24-July 08
- Gender:Male
- Location:London, UK
Posted 31 January 2012 - 09:15 PM
Hi,
Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.
Once I receive a reply then I will return with your first instructions.
Thanks
Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
- Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.
- Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
- Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.
Once I receive a reply then I will return with your first instructions.
Thanks
If I have helped you fix your PC then please donate. Thanks
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)
#3
- Member
-
- Group: Members
- Posts: 19
- Joined: 07-January 12
Posted 01 February 2012 - 10:16 PM
Sure hope you can help. One thing I forgot to mention. i ran Rkill before every malware scan. Thanks in advance.
#4
- I know the drill!
-
- Group: Malware Response Instructor
- Posts: 29,114
- Joined: 24-July 08
- Gender:Male
- Location:London, UK
Posted 02 February 2012 - 02:23 PM
Can you run aswMBR for me
Please download aswMBR ( 511KB ) to your desktop.
Please download aswMBR ( 511KB ) to your desktop.
- Double click the aswMBR.exe icon to run it
- Click the Scan button to start the scan
- On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
If I have helped you fix your PC then please donate. Thanks
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)
#5
- Member
-
- Group: Members
- Posts: 19
- Joined: 07-January 12
Posted 02 February 2012 - 08:24 PM
Tried running the scan twice. It runs for about half an hour, then I get an error message saying it needs to close.
#6
- I know the drill!
-
- Group: Malware Response Instructor
- Posts: 29,114
- Joined: 24-July 08
- Gender:Male
- Location:London, UK
Posted 02 February 2012 - 08:27 PM
Try booting into safe mode and running it from there.
If I have helped you fix your PC then please donate. Thanks
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)
#7
- Member
-
- Group: Members
- Posts: 19
- Joined: 07-January 12
Posted 03 February 2012 - 10:06 AM
Just tried that. Same thing. The error message prompts me to send an error report to Microsoft. would it help if you had the that report? Is there a way to send it to you?
#8
- I know the drill!
-
- Group: Malware Response Instructor
- Posts: 29,114
- Joined: 24-July 08
- Gender:Male
- Location:London, UK
Posted 03 February 2012 - 08:46 PM
Infection is looking less likely but we'll keep digging.
This next tool will give me an error event log and some other info.
Please download MiniToolBox, save it to your desktop and run it.
Checkmark following checkboxes:
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
This next tool will give me an error event log and some other info.
Please download MiniToolBox, save it to your desktop and run it.
Checkmark following checkboxes:
- Flush DNS
- Report IE Proxy Settings
- Reset IE Proxy Settings
- List content of Hosts
- List IP configuration
- List last 10 Event Viewer log
- List Users, Partitions and Memory size.
- List Minidump Files.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
If I have helped you fix your PC then please donate. Thanks
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)
#9
- Member
-
- Group: Members
- Posts: 19
- Joined: 07-January 12
Posted 03 February 2012 - 10:08 PM
Hope my computer isn't trying to uplink to Skynet! Here's the file anyway.
Attached File(s)
-
Result.txt (12.7K)
Number of downloads: 2
#10
- I know the drill!
-
- Group: Malware Response Instructor
- Posts: 29,114
- Joined: 24-July 08
- Gender:Male
- Location:London, UK
Posted 04 February 2012 - 03:05 PM
If I have helped you fix your PC then please donate. Thanks
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)
#12
- I know the drill!
-
- Group: Malware Response Instructor
- Posts: 29,114
- Joined: 24-July 08
- Gender:Male
- Location:London, UK
Posted 04 February 2012 - 06:01 PM
Now there may be something in the Master Boot Record and we need to boot outside of Windows to check
Download GETxPUD.exe to the desktop of your clean computer
Download GETxPUD.exe to the desktop of your clean computer
- Run GETxPUD.exe
- A new folder will appear on the desktop.
- Open the GETxPUD folder and click on the get&burn.bat
- The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
- Click on Start and follow the prompts to burn the image to a CD.
- Next download dumpit to your USB
- Remove the USB & CD and insert it in the sick computer
- Boot the Sick computer with the CD you just burned
- The computer must be set to boot from the CD
- Gently tap F12 and choose to boot from the CD
- Follow the prompts
- A Welcome to xPUD screen will appear
- Press File
- Expand mnt
- Click on sdb1 (sdb1 represents the USB drive).
- Double click on the dumpit file.
- A black window will pop-up and it will dump and zip the MBR to your USB drive.
- Press Enter to exit the black window.
- Click on HOME tab and choose Power Off to turn off xPUD.
- Remove the USB drive and insert it back on your working computer.
- Locate the mbr.zip file in your USB drive and attach it when you reply.
If I have helped you fix your PC then please donate. Thanks
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)
#13
- Member
-
- Group: Members
- Posts: 19
- Joined: 07-January 12
Posted 05 February 2012 - 09:56 AM
The only other computer I have access to doesn't have a CD burner, but I do have a UBUNTU CD, and could boot from there. I was able to create the zip file you asked for. Here it is.
Attached File(s)
-
mbr.zip (1.18K)
Number of downloads: 2
#14
- I know the drill!
-
- Group: Malware Response Instructor
- Posts: 29,114
- Joined: 24-July 08
- Gender:Male
- Location:London, UK
Posted 05 February 2012 - 07:29 PM
Let's try another command.
- Boot into xPUD again
- Select Tool from the Menu
- Choose Open Terminal
- Type parted /dev/sda print >drives.txt then press Enter.
- Copy the text file onto the flashdrive and paste it in your next reply
If I have helped you fix your PC then please donate. Thanks
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)
#15
- Member
-
- Group: Members
- Posts: 19
- Joined: 07-January 12
Posted 08 February 2012 - 09:31 AM
I don't have access to a boot CD other than UBUNTU. Can it be done from there?
