Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with OpenCloud AV, tried several tools


  • This topic is locked This topic is locked
2 replies to this topic

#1 JL@PDX

JL@PDX

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 03 October 2011 - 12:42 PM

I'm new to this forum. Thanks for the instructive introduction.

My laptop (Lenovo T400) was infected with OpenCloud AV two days ago. After using several anti-virus programs (e.g. Windows' security essentials, MBAM, etc), I was able to get rid of the surface problem of the virus, i.e. no more pop-ups. But I could no longer start any of the anti-virus services on my computer, such as MBAM, McAfee On-Access Virus scan, etc. I got the same message, "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."

After searching on the Internet, I came across a post on this forum, specific to OpenCloud AV. I followed the same steps given there -- I downloaded and ran the following three programs, tdsskiller, dds, and combofix. (Sorry, now I know that I should have waited on the last one.) These programs discovered and fixed some issues. However, the "denial of access" problem still exists. and whenever I click on a folder, a pop-up window shows up trying to install Roxio Business Edition. I'm attaching the logs with this post. (The dds's log was from a second run, since I didn't save it the first time.) I also ran GMER, and the log seems to show there are quite a few suspicious rootkits. I can't attach the log with this post, since it's over the quota. When you need, I'll send it separately.

Thanks for your help!
JL@PDX

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,242 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:56 AM

Posted 08 October 2011 - 06:46 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

  • Download Junction.zip and save it.
  • Unzip it and put junction.exe in the Windows directory (C:\Windows).
  • Go to Start => Run... => Copy and paste the following command in the run box and click OK:
"cmd /c junction -s c:\ >log.txt&log.txt& del log.txt" (include the quotes)
A command window opens starting to scan the system. Wait until a log file opens. Copy and paste or attach the content of it.

Post the logs for my review.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,242 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:56 AM

Posted 13 October 2011 - 07:14 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users