Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My PC shuts down automatically, IT is a virus


  • Please log in to reply
6 replies to this topic

#1 eat-man

eat-man

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 07 April 2010 - 11:05 AM

Hello

I have some trouble with my laptop, I have a Dell Inspiron 15 with Win7, when I install the Win 7 I had to reinstall all drivers, I had to download them from dell.com but I had no wireless connection because the driver was missing, there's another computer I took from a friend, I noticed that it turns off by itself automatically but well, I got no explanation about it, anyway I downloaded the wireless driver from the desktop and got it into my laptop via USB, now I found that my laptop does shuts down by itself like the other desktop from where I downloaded the driver. Please help.. what should I do?


It's not about hardware issues or overheating issues or driver issues, it is a virus :thumbsup:

I've checked with tons of things, superantispyware, malwarebytes, Kaspersky Online scanner, etc... nothing works...

BC AdBot (Login to Remove)

 


#2 techextreme

techextreme

    Bleepin Tech


  • Members
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:01:04 PM

Posted 07 April 2010 - 01:02 PM

Please post the logs from SuperAntispyware, Malwarebytes and Kaspersky even if they show nothing.

I'd also like you to run a GMER scan.

We need to run a GMER scan
  • Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click the GMER program. Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Make sure all options are checked except:
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)

    Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.

  • When the scan is complete, click Save and save the log onto your desktop.
Post the log from GMER along with the other logs. If you need to, you can split the logs into separate posts for ease of posting and reading.
Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

#3 eat-man

eat-man
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 07 April 2010 - 05:08 PM

Hello, Thanks for the answer

These are the logs, I cannot post the Kaspersky one because the computer turned off while I was proceeding to save the log. hmm.... one of those is in spanish... hope you don't mind



Malwarebytes:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Versión de la base de datos: 3961

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

07/04/2010 03:03:00 p.m.
mbam-log-2010-04-07 (15-03-00).txt

Tipo de examen: Examen completo (C:\|D:\|)
Objetos examinados: 166227
Tiempo transcurrido: 42 minuto(s), 56 segundo(s)

Procesos en Memoria Infectados: 0
Módulos de Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Archivos Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos de Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Archivos Infectados:
(No se han detectado elementos maliciosos)









SUPER Anti-Spyware:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/07/2010 at 02:50 PM

Application Version : 4.35.1002

Core Rules Database Version : 4778
Trace Rules Database Version: 2590

Scan type : Complete Scan
Total Scan Time : 00:25:03

Memory items scanned : 690
Memory threats detected : 0
Registry items scanned : 7511
Registry threats detected : 0
File items scanned : 17910
File threats detected : 1

Adware.Tracking Cookie
C:\Users\ORGANIZACIÓN\AppData\Roaming\Microsoft\Windows\Cookies\organización@atdmt[2].txt















GMER:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-07 16:44:52
Windows 6.1.7600
Running: d0k0u94q.exe; Driver: C:\Users\ORGANI~1\AppData\Local\Temp\kftdapob.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A20AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A20104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A203F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A092D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A08898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A201DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A20958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A206F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A20F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A211A8

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x8F8CE4FE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x8F8CE322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x8F8CE45C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Updating WmiApRpl

---- EOF - GMER 1.0.15 ----







Hello, Thanks for the answer

These are the logs, I cannot post the Kaspersky one because the computer turned off while I was proceeding to save the log. hmm.... one of those is in spanish... hope you don't mind



Malwarebytes:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Versión de la base de datos: 3961

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

07/04/2010 03:03:00 p.m.
mbam-log-2010-04-07 (15-03-00).txt

Tipo de examen: Examen completo (C:\|D:\|)
Objetos examinados: 166227
Tiempo transcurrido: 42 minuto(s), 56 segundo(s)

Procesos en Memoria Infectados: 0
Módulos de Memoria Infectados: 0
Claves del Registro Infectadas: 0
Valores del Registro Infectados: 0
Elementos de Datos del Registro Infectados: 0
Carpetas Infectadas: 0
Archivos Infectados: 0

Procesos en Memoria Infectados:
(No se han detectado elementos maliciosos)

Módulos de Memoria Infectados:
(No se han detectado elementos maliciosos)

Claves del Registro Infectadas:
(No se han detectado elementos maliciosos)

Valores del Registro Infectados:
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Infectados:
(No se han detectado elementos maliciosos)

Carpetas Infectadas:
(No se han detectado elementos maliciosos)

Archivos Infectados:
(No se han detectado elementos maliciosos)









SUPER Anti-Spyware:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/07/2010 at 02:50 PM

Application Version : 4.35.1002

Core Rules Database Version : 4778
Trace Rules Database Version: 2590

Scan type : Complete Scan
Total Scan Time : 00:25:03

Memory items scanned : 690
Memory threats detected : 0
Registry items scanned : 7511
Registry threats detected : 0
File items scanned : 17910
File threats detected : 1

Adware.Tracking Cookie
C:\Users\ORGANIZACIÓN\AppData\Roaming\Microsoft\Windows\Cookies\organización@atdmt[2].txt















GMER:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-07 16:44:52
Windows 6.1.7600
Running: d0k0u94q.exe; Driver: C:\Users\ORGANI~1\AppData\Local\Temp\kftdapob.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A20AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A20104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A203F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A092D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A08898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A201DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A20958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A206F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A20F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A211A8

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x8F8CE4FE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x8F8CE322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x8F8CE45C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Updating WmiApRpl

---- EOF - GMER 1.0.15 ----

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,992 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:04 PM

Posted 07 April 2010 - 07:25 PM

Topic in malware removal forum deleted and this one reopened at member's request. ~ OB
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 techextreme

techextreme

    Bleepin Tech


  • Members
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:01:04 PM

Posted 08 April 2010 - 06:23 AM

Ok. All of those logs look good except for one cookie in SuperAntiSpyware.

So, let's run one more scan and have a look at it's log.

Before running this scan, I'd like you to take a look at your Power Settings.

Once you get to your power settings, you will see this screen.
Posted Image

We want to change the plan settings for "Balanced (Recommended)".
Posted Image

Once in there you will want to set the time for putting the computer to sleep to "None"
Posted Image

Once that is complete, please continue with the next steps.


Please perform a scan with Eset Onlinescan (NOD32).
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista Users be sure to run Internet Explorer as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
  • You will see the Terms of Use. Tick the check-box in front of YES, I accept the Terms of Use
  • Now click Start.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.
  • A new window will appear asking "Do you want to install this software?" (OnlineScanner.cab)".
  • Answer Yes to install and download the ActiveX controls that allows the scan to run.
  • Click Start.(the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, check: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan to start the online scan. (this could take some time to complete)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software. Just close the window.
  • Now click Start > Run... > type: C:\Program Files\EsetOnlineScanner\log.txt
  • The scan results will open in Notepad.
  • Copy and paste the log results in your next reply.
Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn\ them back on after you are finished
Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

#6 eat-man

eat-man
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 08 April 2010 - 06:03 PM

Hi


I've got the results, no infection, did it three times but it restarted again on the second scan, here's the log. thanks:


ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=01674f249e818a42893a2e950840efaf
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-04-08 08:56:17
# local_time=2010-04-08 03:56:17 (-0500, Hora est. Pacífico, Sudamérica)
# country="Colombia"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 349876 349876 0 0
# compatibility_mode=5893 16776573 100 94 0 22300027 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=69666
# found=0
# cleaned=0
# scan_time=4941
esets_scanner_update returned -1 esets_gle=53251
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=01674f249e818a42893a2e950840efaf
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-04-08 10:48:41
# local_time=2010-04-08 05:48:41 (-0500, Hora est. Pacífico, Sudamérica)
# country="Colombia"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 356860 356860 0 0
# compatibility_mode=5893 16776573 100 94 0 22307011 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=69486
# found=0
# cleaned=0
# scan_time=4702

#7 techextreme

techextreme

    Bleepin Tech


  • Members
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:01:04 PM

Posted 09 April 2010 - 07:56 AM

Can you tell me what the original reason was for reinstalling Windows 7 on your laptop?

I have some trouble with my laptop, I have a Dell Inspiron 15 with Win7, when I install the Win 7 I had to reinstall all drivers, I had to download them from dell.com


Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users