Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HP Z400 workstation - Windows 7


  • Please log in to reply
1 reply to this topic

#1 Gutz

Gutz

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:09 AM

Posted 29 June 2011 - 02:02 PM

Hi,

Recently had a computer get a blank screen, on reboot it would loop in the Windows 7 Professional (64 bit) startup repair utility. I was unable to repair from an image so I had ordered the Reinstall/Repair disks from HP. While waiting, I googled the error and found symptoms similar to others who had a rootkit virus and they mentioned getting to the desktop by choosing the boot option of not verifying signatures and then cleaned the virus with TDSSKiller from Kaspersky. Those suggestions worked in our case and TDSSKiller found the infection in MBR0. Program said it was removed and I did an additional scan with MSSE ( MS security essentials) and everything looked good. Her computer shut down over the weekend for windows updates and on reboot the virus was back. I followed the same procedures but I believe the malware/virus is still residing in the master boot record. I need some guidance on additional steps to clean it up, thank you.

Gabe

Edited by Gutz, 29 June 2011 - 03:10 PM.


BC AdBot (Login to Remove)

 


#2 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:11:09 AM

Posted 29 June 2011 - 03:36 PM

Hi Gutz, and welcome.

You could try to remove the infection as you already did before
and then clean temp files with Temp File Cleaner
:

  • Double click on TFC.exe to run the program
  • Click on Start button to begin cleaning process
  • TFC will close all running programs, and if ask you to restart computer allow it

scan your pc with ESET Online Scanner following this steps:


  • Disable your Antivirus and other security software
  • Hold down Control and click on the above link to open ESET Online Scanner in a new window
  • Click the Posted Image button
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer and Save it to your desktop
    • Double click on the Posted Image icon on your desktop
  • Check Posted Image
  • Click Posted Image
  • Accept any security warnings from your browser
  • Under scan settings, check Posted Image and Uncheck Remove found threats
  • Click Advanced settings and select:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will download updates and install itself, then begin the scan. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Click Posted Image, and save the file to your desktop using a unique name, such as ESETScan
  • Click Posted Image
  • Click Posted Image

and then use Security Check, saving it to your Desktop
and:

  • Double-click SecurityCheck.exe
  • Follow the on screen instructions inside of the black box
  • save checkup.txt to your desktop

Rember to re enable all the protections that you have disabled and include the contents of the reports in your reply.




Edited by Clairvoyant, 29 June 2011 - 03:38 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users