Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"System Check" trojan- is it gone??


  • Please log in to reply
15 replies to this topic

#1 WorldInMyEyes

WorldInMyEyes

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NJ
  • Local time:10:31 AM

Posted 18 February 2012 - 02:34 AM

So I think I fixed the System Check virus on a family member's computer, but how can I be sure if it's completely gone, and no traces left? My mom was on her computer when the bug popped up, the fake scan saying "System Check." It started popping up all these windows saying there was all these errors on the hardrive, etc. Desktop went black, icons gone except for recycle bin, start programs menu was messed up,partially missing, the Windows system tools folders, and some others, couldn't be seen. But I tried typing things in and they would show up (SystemRestore, for example). I tried restoring the comp but it didnt restore successfully. So next I went into Control Panel to create a new user account. From there I restarted the comp in safe mode and the Windows Defender worked (it wouldn'T work in the main user account). It found 2 trojans, both rated severe. One Win32/FakeSysdef. It listed about 7 files for it, most ending in "System Check.Ink" The second one Win32/Sirefef.J. So I fixed them, then tried System Restore. I restored it to about 10 days earlier, which finally restored successfully this time. Did all Microsoft Updates, ran Defender again, came out clean. Icons all back in place on desktop, background back on, Start Menu is normal, folders and files not hidden anymore. Is it possible that the virus put a rootkit in there? If so, is it possible I really got rid of it by going about it as I did? How can I check to make sure there are no traces left, and that it's not just waiting to be executed again??

She has Windows Vista. Norton AV, which had expired months ago so not updated, Advanced System Care, Iobit Malware Fighter.

Edited by WorldInMyEyes, 18 February 2012 - 04:03 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:31 AM

Posted 18 February 2012 - 07:25 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Post the clean log


Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 WorldInMyEyes

WorldInMyEyes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NJ
  • Local time:10:31 AM

Posted 18 February 2012 - 04:17 PM

So far I've downloaded the Malwarebytes and it detected 2 things, here is the log:


2/18/2012 2:11:40 PM
mbam-log-2012-02-18 (14-11-40).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 376383
Time elapsed: 1 hour(s), 38 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Data: C:\Users\Joan\AppData\Local\1cf6efbe\X -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Joan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\66d5dd01-58910341 (Trojan.Dropper) -> Quarantined and deleted successfully.

(end)




After that, I downloaded the TDSSKiller. It came out totally clean, nothing detected.

Norton is disabled, off, but in the Control Panel under "Security," it still says that Windows Defender is "actively protecting your computer," even though I had exited it (Windows Defender). The green "on" light is there, I don't see any other way to get it turned off, since I already exited it. Is that normal, is it ok, for running GMER?

Edited by WorldInMyEyes, 18 February 2012 - 04:29 PM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:31 AM

Posted 18 February 2012 - 06:45 PM

Go ahead and run GMER

#5 WorldInMyEyes

WorldInMyEyes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NJ
  • Local time:10:31 AM

Posted 18 February 2012 - 06:57 PM

OK, I tried running the GMER but it made Vista crash. This is only 32- bit Vista so that is not the issue. First as it began scanning it closed and said explorer stopped working. I thought it was just a freak thing, so I tried it again. This time it sent the whole comp to crash and a blue screen with a message in white saying something like Windows had to shut down because of something interfering with it, well something along those lines. It scared the $*!+ out of me so in case anything weird would be left over by that, I restored the comp to right before downloading the GMER. Typing in "gmer problems" or "crash," I came across the same problem, even on this site, so I dont know why or what is the issue. Obviously I won't be trying that again unless there was some logical reason that could be fixed. I wonder if it could have to do with Norton even though I disabled it as much as possible, since Norton is like impossible to completely disable.

Edited by WorldInMyEyes, 18 February 2012 - 07:17 PM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:31 AM

Posted 18 February 2012 - 07:21 PM

Try running it in safemode

Also try to run aswmBR and post the log

#7 WorldInMyEyes

WorldInMyEyes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NJ
  • Local time:10:31 AM

Posted 19 February 2012 - 03:14 PM

OK tried GMER in safemode and once again didnt work, got an error.

I'm now running that last one you mentioned, it's been scanning for a while. I kept the thing checkmarked that said "trace disk IO calls," have no idea what that means but hope that's ok.

Update: The aswmBR scan is still going, it's been over 6 hours. Not sure if that's weird.

.

Edited by WorldInMyEyes, 19 February 2012 - 11:11 PM.


#8 WorldInMyEyes

WorldInMyEyes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NJ
  • Local time:10:31 AM

Posted 19 February 2012 - 11:16 PM

Wow, the aswmbr scan is still scanning after 9 hours. It seems odd, but I wouldn't know. Nothing else is even open on there, I'm going on here using a tablet.

#9 WorldInMyEyes

WorldInMyEyes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NJ
  • Local time:10:31 AM

Posted 20 February 2012 - 12:05 AM

It has finised. After the scan finished, I was looking and there are no restore points in my System Restore. What?! Other things look weird, opening just documents and downloads, it seems like things are missing. Since it's not my computer I don't know what's usually in there, but it seems like everything's missing. I only scanned, didn't press anything else.

Edited by WorldInMyEyes, 20 February 2012 - 12:07 AM.


#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:31 AM

Posted 20 February 2012 - 12:28 AM

Download

http://download.bleepingcomputer.com/grinler/unhide.exe

Run the UNHIDE fix,allow it to complete.You should get back all your files

Download

http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe

Download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.


Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#11 WorldInMyEyes

WorldInMyEyes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NJ
  • Local time:10:31 AM

Posted 20 February 2012 - 01:37 AM

I did the unhide thing and I thnk everything is back. I'm in safe mode by the way.


Next I did the MBR check and it seems to be infected, here is the report:


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv5 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 161):
0x8240C000 \SystemRoot\system32\ntkrnlpa.exe
0x827C6000 \SystemRoot\system32\hal.dll
0x80407000 \SystemRoot\system32\kdcom.dll
0x8040E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047E000 \SystemRoot\system32\PSHED.dll
0x8048F000 \SystemRoot\system32\BOOTVID.dll
0x80497000 \SystemRoot\system32\CLFS.SYS
0x804D8000 \SystemRoot\system32\CI.dll
0x80604000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80680000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068D000 \SystemRoot\system32\drivers\acpi.sys
0x806D3000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DC000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E4000 \SystemRoot\system32\drivers\pci.sys
0x8070B000 \SystemRoot\system32\drivers\isapnp.sys
0x8071A000 \SystemRoot\system32\drivers\mpio.sys
0x80736000 \SystemRoot\System32\drivers\partmgr.sys
0x80745000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80748000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80752000 \SystemRoot\system32\drivers\volmgr.sys
0x80761000 \SystemRoot\System32\drivers\volmgrx.sys
0x807AB000 \SystemRoot\system32\drivers\intelide.sys
0x807B2000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807C0000 \SystemRoot\system32\drivers\pciide.sys
0x807C7000 \SystemRoot\system32\drivers\aliide.sys
0x807CE000 \SystemRoot\system32\drivers\amdide.sys
0x807D5000 \SystemRoot\system32\drivers\cmdide.sys
0x807DD000 \SystemRoot\System32\drivers\mountmgr.sys
0x805B8000 \SystemRoot\system32\drivers\msdsm.sys
0x805D2000 \SystemRoot\system32\drivers\nvraid.sys
0x82A00000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x82A21000 \SystemRoot\system32\drivers\viaide.sys
0x82A29000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x82AF7000 \SystemRoot\system32\drivers\iastorv.sys
0x82B98000 \SystemRoot\system32\drivers\atapi.sys
0x82BA0000 \SystemRoot\system32\drivers\ataport.SYS
0x82BBE000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x8AA0C000 \SystemRoot\system32\drivers\storport.sys
0x8AA4D000 \SystemRoot\system32\drivers\nvstor.sys
0x8AA5A000 \SystemRoot\system32\drivers\msahci.sys
0x8AA64000 \SystemRoot\system32\drivers\hpcisss.sys
0x8AA6F000 \SystemRoot\system32\drivers\adp94xx.sys
0x8AAD9000 \SystemRoot\system32\drivers\adpahci.sys
0x8AB25000 \SystemRoot\system32\drivers\adpu160m.sys
0x8AB40000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x8AB66000 \SystemRoot\system32\drivers\adpu320.sys
0x8AB8C000 \SystemRoot\system32\drivers\djsvs.sys
0x8ABA0000 \SystemRoot\system32\drivers\arc.sys
0x8ABB6000 \SystemRoot\system32\drivers\arcsas.sys
0x8AC0A000 \SystemRoot\system32\drivers\elxstor.sys
0x8AC9E000 \SystemRoot\system32\drivers\i2omp.sys
0x8ACA8000 \SystemRoot\system32\drivers\iirsp.sys
0x8ACB8000 \SystemRoot\system32\drivers\iteatapi.sys
0x8ACC4000 \SystemRoot\system32\drivers\iteraid.sys
0x8ACD0000 \SystemRoot\system32\drivers\lsi_fc.sys
0x8ACEA000 \SystemRoot\system32\drivers\lsi_sas.sys
0x8AD02000 \SystemRoot\system32\drivers\megasas.sys
0x8AD0C000 \SystemRoot\system32\drivers\megasr.sys
0x8ADC3000 \SystemRoot\system32\drivers\mraid35x.sys
0x8ADCE000 \SystemRoot\system32\drivers\nfrd960.sys
0x8AE0C000 \SystemRoot\system32\drivers\ql2300.sys
0x8AF44000 \SystemRoot\system32\drivers\ql40xx.sys
0x8AF99000 \SystemRoot\system32\drivers\sisraid2.sys
0x8AFA6000 \SystemRoot\system32\drivers\sisraid4.sys
0x8AFBB000 \SystemRoot\system32\drivers\symc8xx.sys
0x8AFC7000 \SystemRoot\system32\drivers\sym_hi.sys
0x8AFD2000 \SystemRoot\system32\drivers\sym_u3.sys
0x8B008000 \SystemRoot\system32\drivers\uliahci.sys
0x8B044000 \SystemRoot\system32\drivers\ulsata.sys
0x8B065000 \SystemRoot\system32\drivers\ulsata2.sys
0x8B091000 \SystemRoot\system32\drivers\vsmraid.sys
0x8B0B2000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B0E4000 \SystemRoot\system32\drivers\NAV\1109000.00C\SYMDS.SYS
0x8B13A000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B14A000 \SystemRoot\system32\drivers\NAV\1109000.00C\SYMEFA.SYS
0x8B177000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B202000 \SystemRoot\system32\drivers\ndis.sys
0x8B30D000 \SystemRoot\system32\drivers\msrpc.sys
0x8B338000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B408000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B518000 \SystemRoot\system32\drivers\wd.sys
0x8B520000 \SystemRoot\system32\drivers\volsnap.sys
0x8B561000 \SystemRoot\system32\drivers\sbp2port.sys
0x8B576000 \SystemRoot\System32\Drivers\mup.sys
0x8B585000 \SystemRoot\System32\drivers\ecache.sys
0x8B5AC000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x8B5B5000 \SystemRoot\system32\drivers\disk.sys
0x8B5C6000 \SystemRoot\system32\drivers\crcdisk.sys
0x8EAD8000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8EAE3000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8EAEC000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8EAF7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8EB35000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8EB44000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8EC0A000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x8EF93000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8EFC2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8EFD5000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8EFDA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B373000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8EFE5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8EFE7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8EBD1000 \SystemRoot\system32\DRIVERS\enecir.sys
0x8B5DC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8EFF2000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8EBE9000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x8B3A3000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8EBF5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8B3D2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B5F4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8AFDD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8B3E9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8B1E9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8ADDC000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8ABCC000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8EFFB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8F409000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F441000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8F44B000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8F458000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8F48D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F49E000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F4A7000 \SystemRoot\System32\Drivers\Null.SYS
0x8F4AE000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F4B5000 \SystemRoot\System32\drivers\vga.sys
0x8F4C1000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F4E2000 \SystemRoot\System32\drivers\watchdog.sys
0x8F4EE000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F4F6000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F501000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F50F000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F600000 \SystemRoot\System32\drivers\tcpip.sys
0x8F6EA000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8F705000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8F774000 \SystemRoot\system32\DRIVERS\smb.sys
0x8F788000 \SystemRoot\system32\drivers\afd.sys
0x8F7D0000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8F71B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F74D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F763000 \SystemRoot\system32\DRIVERS\SymIMv.sys
0x8F7E4000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F518000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8F7F2000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8F554000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F56B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8F582000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8EA00000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x95270000 \SystemRoot\System32\win32k.sys
0x8F58F000 \SystemRoot\System32\drivers\Dxapi.sys
0x95480000 \SystemRoot\System32\drivers\dxg.sys
0x954B0000 \SystemRoot\System32\TSDDD.dll
0x95530000 \SystemRoot\System32\framebuf.dll
0x8F599000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8F5C3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8F5CD000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8F5E6000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8ABDC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x99804000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9983D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x99855000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77100000 \Windows\System32\ntdll.dll

Processes (total 27):
0 System Idle Process
4 System
384 C:\Windows\System32\smss.exe
444 csrss.exe
480 csrss.exe
488 C:\Windows\System32\wininit.exe
532 C:\Windows\System32\winlogon.exe
564 C:\Windows\System32\services.exe
576 C:\Windows\System32\lsass.exe
584 C:\Windows\System32\lsm.exe
720 C:\Windows\System32\svchost.exe
776 C:\Windows\System32\svchost.exe
868 C:\Windows\System32\svchost.exe
892 C:\Windows\System32\svchost.exe
932 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
1160 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\svchost.exe
1700 C:\Program Files\Windows Media Player\wmpnscfg.exe
1172 C:\Program Files\Internet Explorer\iexplore.exe
1980 C:\Program Files\Internet Explorer\iexplore.exe
292 C:\Windows\explorer.exe
1684 C:\Windows\System32\svchost.exe
1128 C:\Windows\System32\msconfig.exe
1108 C:\Program Files\Internet Explorer\iexplore.exe
1564 C:\Users\Joan\Downloads\MBRCheck (1).exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000022`b2300000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHZ2160BHG2, Rev: 8909

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 08F21ADD893776C287CC68A3558F8D095B50ED3C


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#12 WorldInMyEyes

WorldInMyEyes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NJ
  • Local time:10:31 AM

Posted 20 February 2012 - 01:57 AM

Sorry, but since it's infected should I wait for a response from you, or still continue with your next step to download the eset scanner? Also, is it ok to do the eset in safe mode?

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:31 AM

Posted 20 February 2012 - 05:54 AM

Go ahead with ESET online scanner and post the results

Download

FIXTDSS

Launch it ,It may ask for restart,reboot the PC

On reboot let me know what it finds

good luck

#14 WorldInMyEyes

WorldInMyEyes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NJ
  • Local time:10:31 AM

Posted 21 February 2012 - 02:53 PM

.

#15 WorldInMyEyes

WorldInMyEyes
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:NJ
  • Local time:10:31 AM

Posted 21 February 2012 - 02:56 PM

Thank you for all your replies and help, but my brother decided to take the computer and fix it. So hopefully that will be the end of it. Thanks again for your time.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users