Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan win32/Olmasco.o infection


  • This topic is locked This topic is locked
4 replies to this topic

#1 philshems

philshems

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 24 November 2011 - 05:54 PM

My computer recently became affected by System Fix malware. Alongside this ESET reported a trojan win32/Olmasco.o

I followed the System Fix Unistall Guide, and managed to get rid of the System Fix symptoms, but not the rootkit infection. ESET is still reporting win32/Olmasco.o, and Google searches redirect.

I cannot get TDSSKiller to run under any name. MBAM starts but often hangs part way through the scan. ESET is unable to clean the infection.

I have tried several times to run a DDS scan, but this hangs before completion, so I'm unable to post or attach a DDS log at present.

I have run a GMER scan, but on launching GMER I get a warning message saying "LoadDriver error. Cannot create a stable subkey under a volatile parent key." GMER then launches but on the right hand side only 'services', 'registry' and 'files' are ticked. All other options are unticked and greyed out. After running the scan, the dialogue box reports 'GMER hasn't found any system modification'. So once again there is no log to attach.

Any advice on how to proceed would be much appreciated! Thank you.

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:22 AM

Posted 25 November 2011 - 06:49 PM

Hi

Please run the following:


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs



NEXT



  • Please download GetPartitions from here
  • You must right click on the link and choose Save as....
  • Save it as GetPartitions.bat to your desktop
  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator").
  • It will produce a log on your C:\ drive C:\DiskReport.txt
  • please navigate to that file and post the contents of the log in your next reply


NEXT



  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 philshems

philshems
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 26 November 2011 - 11:40 AM

Hi CatByte

Thanks for your really quick response. Unfortunately I decided to ditch XP and start with a fresh install of Ubuntu - it's a fairly old laptop and had no data or software of any value on it, and I didn't have the XP discs either.

The install went well and hopefully switching to a new OS will have destroyed any malware (if I've misunderstood something here do please let me know!)

Thanks for your help, and sorry if I've wasted any time.

philshems

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:22 AM

Posted 26 November 2011 - 02:58 PM

no problem, thanks for letting me know

good luck :)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:11:22 AM

Posted 26 November 2011 - 02:58 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users