Ok, this was certainly good. How is it running now?
Worm:VBS/AutoRun. is a worm that spreads by copying itself to local hard drives, network drives, and removable drives.
It's a standalone malicious program which uses computer or network resources to make complete copies of itself. May include code or other malware to damage both the system and the network.
Let's try this again..
Please download the TDSS Rootkit Removing Tool
) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v126.96.36.199) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 188.8.131.52 of the tool.
Rerun MBAM (MalwareBytes) like this:
- Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
- If TDSSKiller does not run, try renaming it.
- To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
- Click the Start Scan button.
- Do not use the computer during the scan
- If the scan completes with nothing found, click Close to exit.
- If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
- Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
- A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.184.108.40.206_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
- Copy and paste the contents of that file in your next reply.
Open MBAM in normal mode and click Update
tab, select Check for Updates
scan and scan (normal mode).
After scan click Remove Selected
, Post new scan log
into normal mode.
Please ask any needed questions,post logs and Let us know how the PC is running now.EDIT:
I meant to add this. VirusTotal shows that your Gandal infection is a keylogger.http://www.virustotal.com/file-scan/report.html?id=53e5e62f5d345441dfaff71084e023ba454c235685e9a4f9ce1ab0be7f318317-1281540384
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Edited by boopme, 15 March 2011 - 08:24 PM.