Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win7 64bit informs me I am Infected with Trojan.PWS.Legmir.AD / W32.Ahlem.A@mm


  • This topic is locked This topic is locked
2 replies to this topic

#1 usanumberone

usanumberone

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 02 April 2012 - 12:09 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Scorpion at 11:57:56 on 2012-04-02
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3062.1312 [GMT -5:00]
.
AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\OEM02Mon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Bitdefender\Bitdefender 2012\seccenter.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Scorpion\Downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpn.adtran.com/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{439B986B-072C-470C-B43B-960C1864DB85} : DhcpNameServer = 192.168.1.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\system32\DRIVERS\avc3.sys --> C:\Windows\system32\DRIVERS\avc3.sys [?]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2011-11-14 90192]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
R1 BDVEDISK;BDVEDISK;C:\Windows\system32\DRIVERS\bdvedisk.sys --> C:\Windows\system32\DRIVERS\bdvedisk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-2 652360]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-2 1153368]
R2 UPDATESRV;BitDefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-1-23 66096]
R3 avchv;avchv Function Driver;C:\Windows\system32\DRIVERS\avchv.sys --> C:\Windows\system32\DRIVERS\avchv.sys [?]
R3 avckf;avckf;C:\Windows\system32\DRIVERS\avckf.sys --> C:\Windows\system32\DRIVERS\avckf.sys [?]
R3 bcm44amd64;Broadcom 440x 10/100 Integrated Controller XP Driver;C:\Windows\system32\DRIVERS\b44amd64.sys --> C:\Windows\system32\DRIVERS\b44amd64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 bdsandbox;bdsandbox;\??\C:\Windows\system32\drivers\bdsandbox.sys --> C:\Windows\system32\drivers\bdsandbox.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 jnprva;Juniper Networks Virtual Adapter Service;C:\Windows\system32\DRIVERS\jnprva.sys --> C:\Windows\system32\DRIVERS\jnprva.sys [?]
S3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;C:\Windows\system32\DRIVERS\jnprvamgr.sys --> C:\Windows\system32\DRIVERS\jnprvamgr.sys [?]
S3 SafeBox;SafeBox;C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [2011-12-21 75384]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 466736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-04-02 16:26:16 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AF5F988B-7C07-419E-BD71-852ABC12CA4F}\offreg.dll
2012-04-02 15:36:22 -------- d-----w- C:\Users\Scorpion\AppData\Roaming\Malwarebytes
2012-04-02 15:36:19 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-02 15:36:18 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-02 15:36:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-02 15:13:25 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-04-02 15:13:25 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-02 05:30:06 388096 ----a-r- C:\Users\Scorpion\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-02 05:30:06 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-04-02 05:09:05 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-04-02 05:09:05 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-04-02 05:09:04 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-04-02 04:40:55 -------- d-----w- C:\Users\Scorpion\AppData\Roaming\SUPERAntiSpyware.com
2012-04-02 04:40:23 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-04-02 04:40:23 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-03-31 15:22:13 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-03-31 02:55:14 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AF5F988B-7C07-419E-BD71-852ABC12CA4F}\mpengine.dll
2012-03-19 02:29:39 -------- d-----w- C:\Program Files (x86)\Juniper Networks
2012-03-19 02:28:55 -------- d-----w- C:\Program Files (x86)\Common Files\Juniper Networks
2012-03-19 02:28:19 -------- d-----w- C:\Users\Scorpion\AppData\Roaming\Juniper Networks
2012-03-17 21:03:50 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-17 21:03:48 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-17 21:03:48 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-17 18:38:41 -------- d-----w- C:\ProgramData\Crystal Office
2012-03-17 18:38:40 -------- d-----w- C:\Program Files (x86)\Maple
2012-03-17 13:26:01 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-17 13:25:59 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-17 13:25:59 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-17 13:24:41 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-17 13:24:41 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-17 13:24:41 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-17 13:24:41 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-17 13:24:40 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-17 13:24:39 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-17 13:24:39 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-12 23:38:28 -------- d-----w- C:\Users\Scorpion\AppData\Local\RSA
2012-03-12 23:38:28 -------- d-----w- C:\ProgramData\RSA
2012-03-12 23:37:53 -------- d-----w- C:\Program Files (x86)\RSA SecurID Token Common
2012-03-12 23:37:53 -------- d-----w- C:\Program Files (x86)\RSA SecurID Software Token
2012-03-11 15:30:53 -------- d-----w- C:\MinGW
2012-03-05 04:14:37 -------- d-----w- C:\Users\Scorpion\AppData\Roaming\TortoiseSVN
2012-03-05 02:56:22 -------- d-----w- C:\Projects
2012-03-05 02:53:31 -------- d-----r- C:\svn_repos
2012-03-05 01:39:53 -------- d-----w- C:\Users\Scorpion\AppData\Roaming\Subversion
2012-03-05 01:39:53 -------- d-----w- C:\Users\Scorpion\AppData\Local\TSVNCache
2012-03-05 01:37:34 -------- d-----w- C:\Program Files (x86)\Common Files\TortoiseOverlays
2012-03-05 01:37:33 -------- d-----w- C:\Program Files\TortoiseSVN
2012-03-05 01:37:33 -------- d-----w- C:\Program Files\Common Files\TortoiseOverlays
2012-03-04 15:27:12 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2012-03-04 03:53:27 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2012-03-04 03:53:27 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2012-03-04 03:53:27 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2012-03-04 03:53:27 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2012-03-04 03:53:27 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2012-03-04 03:53:27 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2012-03-04 03:53:27 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2012-03-04 03:47:30 -------- d-----w- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
2012-03-04 03:47:26 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2012-03-04 03:47:26 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2012-03-04 03:47:26 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2012-03-04 03:47:26 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2012-03-04 03:47:26 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2012-03-04 03:47:26 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2012-03-04 03:47:26 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2012-03-04 03:47:25 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2012-03-04 03:47:20 3518464 ----a-w- C:\Windows\SysWow64\cdintf300.dll
2012-03-04 03:47:20 1843200 ----a-w- C:\Windows\SysWow64\acXMLParser.dll
2012-03-04 03:46:35 -------- d-----w- C:\Users\Scorpion\AppData\Roaming\Intuit
2012-03-04 03:45:28 -------- d-----w- C:\Program Files (x86)\Common Files\Palo Alto Software
2012-03-04 03:44:57 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit
2012-03-04 03:44:10 -------- d-----w- C:\Program Files (x86)\Quicken
2012-03-04 03:42:42 -------- d-----w- C:\ProgramData\Intuit
2012-03-04 00:28:23 -------- d-----w- C:\ProgramData\IDMComp
2012-03-04 00:26:54 -------- d-----w- C:\Program Files (x86)\IDM Computer Solutions
2012-03-04 00:25:15 -------- d-----w- C:\Users\Scorpion\AppData\Local\Downloaded Installations
2012-03-03 21:38:37 -------- d-----w- C:\Users\Scorpion\AppData\Roaming\GumNotes
2012-03-03 21:29:25 -------- d-----w- C:\Program Files\HobComment107
2012-03-03 21:14:16 -------- d-----w- C:\Windows\SysWow64\Wat
2012-03-03 21:14:16 -------- d-----w- C:\Windows\System32\Wat
.
==================== Find3M ====================
.
2012-04-02 00:36:19 691896 ----a-w- C:\Windows\System32\drivers\avc3.sys
2012-03-03 02:05:57 545064 ----a-w- C:\Windows\System32\drivers\avckf.sys
2012-03-03 01:37:28 592036 ----a-w- C:\ProgramData\1330736310.bdinstall.bin
2012-03-02 20:33:37 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
.
============= FINISH: 11:59:14.06 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:00 AM

Posted 08 April 2012 - 08:50 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:00 AM

Posted 14 April 2012 - 07:46 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users