Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected PC


  • This topic is locked This topic is locked
22 replies to this topic

#1 mltor0806

mltor0806

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 30 March 2012 - 02:51 PM

Here is the DDS, Attach and GMER logs.

Attached Files



BC AdBot (Login to Remove)

 


#2 mltor0806

mltor0806
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 30 March 2012 - 02:53 PM

here is the unhide log

Attached Files



#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:07 PM

Posted 30 March 2012 - 05:03 PM

Please run the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Delete is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT


I see ComboFix has been run on this computer, please post the ComboFix log (should be located at C:\Combofix.txt)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#4 mltor0806

mltor0806
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 30 March 2012 - 06:00 PM

Combofix would always hang and never complete.

I will d'load and run the TDSSKiller now.

#5 mltor0806

mltor0806
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 30 March 2012 - 06:01 PM

also please see this thread... http://www.bleepingcomputer.com/forums/topic448123.html/page__p__2647474__fromsearch__1#entry2647474

this was the original, shall I wait for cryptodan or are you taking over?

#6 mltor0806

mltor0806
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 30 March 2012 - 06:04 PM

ran the TDSSKiller and nothing found.

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:07 PM

Posted 30 March 2012 - 06:04 PM

the active thread is now this one in the Malware Removal forum as there are signs of infection in your log, so I'll be helping you :)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:07 PM

Posted 30 March 2012 - 06:06 PM

just to make certain, did you select the parameter to search for the TDSSFile system as well?

Please post the log, it will be on your C:\drive

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 mltor0806

mltor0806
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 31 March 2012 - 01:55 AM

I did.

Attached Files



#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:07 PM

Posted 31 March 2012 - 07:24 AM

Hi

Please navigate to the following file

c:\programdata\JYSiYyRGNluwQXA.exe > right click and rename it to JYSiYyRGNluwQXA.bad

Now delete the copy of ComboFix that you have on your desktop and download a fresh copy, bur rename it to svchost.exe before saving it.


http://download.bleepingcomputer.com/sUBs/ComboFix.exe

try running it again in normal mode (disable your security programs)

If it still wont run then boot into safe mode and run it


To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode
  • Then press the Enter Key on your Keyboard
  • go into your usual account

Please post the resulting log

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 mltor0806

mltor0806
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 31 March 2012 - 08:52 AM

cant find any trace of JYSiYyRGNluwQXA.exe

there is a RY52VwiOi7AP3b but it is a file not an exe

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:07 PM

Posted 31 March 2012 - 10:08 AM

ok, rename that file to .bad, then give ComboFix a try

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 mltor0806

mltor0806
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 31 March 2012 - 10:36 AM

CF log attached

Attached Files



#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:07 PM

Posted 31 March 2012 - 12:07 PM

Hi,

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish



Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 mltor0806

mltor0806
  • Topic Starter

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 31 March 2012 - 08:40 PM

MBAM and ESET log

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users