Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have malicious activity that won't go away even after formatting?


  • This topic is locked This topic is locked
82 replies to this topic

#16 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,972 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:18 AM

Posted 22 April 2012 - 09:37 PM

No please don't take any actions until requested to do so
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

BC AdBot (Login to Remove)

 


#17 Shapeofwhite32

Shapeofwhite32
  • Topic Starter

  • Banned
  • 63 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 23 April 2012 - 04:32 AM

Please don't forget about my original logs that I posted first off if those may help?

#18 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,972 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:18 AM

Posted 23 April 2012 - 10:03 AM

Greetings Shapeofwhite32,


I would like you to clarify a few things for me.

  • Did you do a complete reinstall or only a partial reinstall on your computer?
  • Are you connected to a network that other computers connect to? If so, are any other computers having malware issues?
  • Following the reinstall, did you insert a USB or other external device (like an external hard drive to replace the backed up files)?
  • Did you, by chance check to see if you had any issues immediately after reinstalling the operating system but before doing anything else, like inserting usb, etc.?
Based on what you have provided I would like to take a look at your Master Boot Record before Windows loads.

Please perform the following for me, if you would.


===================================================


xPUD MBR Report

--------------------

Start this from a clean computer. You will need a USB drive with no less than 64 mb of space.

  • Insert your USB drive. Caution: The next step will remove all information from your USB device.
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Download xPUD 0.9.2 iso, saving the file to your Desktop.
  • Download UNetbootin and save it to your Desktop as well.
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded.
  • Press Run then OK. Note: If you receive the message "You must select a distribution to load" just follow the instructions/image below
  • Select the Diskimage Option then click the Browse Button located on the right side of the textbox field.


    Posted Image

  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Right click this dumpit link, select "save link/target as", and save the file directly to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Use the arrow down key on your keyboard to highlight USB, the press Enter
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • Click on sdb1 (sdb1 represents the USB drive). If it is not there remove the USB device for 5 seconds then reinsert.
  • Double click on the Dumpit file
  • A black window will pop-up and it will dump and zip the MBR to your USB drive.
  • Press Enter to exit the black window.
  • Click on HOME tab and choose Power Off to turn off xPUD.
  • Remove the USB drive and insert it back on your working computer.
  • Locate the mbr.zip file in your USB drive and attach it when you reply.

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • mbr.zip (please send as attachment)
  • Answers to questions above

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#19 Shapeofwhite32

Shapeofwhite32
  • Topic Starter

  • Banned
  • 63 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 23 April 2012 - 01:12 PM

I did a clean install after doing a 7 pass format... and I trasfered files onto my second bay harddrive from a usb and installed a few programs like display drivers and chipset updates. But I am trying to think if that was b4 I contacted you or after..? either way I did a clean install low level format maybe plus one install and no I haven't connected to the net but I may have connected to my firewall b4 sending my log..

#20 Shapeofwhite32

Shapeofwhite32
  • Topic Starter

  • Banned
  • 63 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 23 April 2012 - 01:25 PM

I couldn't get xpud to boot all the way I have a few errors while booting.. I couldn't get an iso image from the links u provided so I hunted down mt own xPUD 0.9.2 iso 64mb image and tried it again..still errors or it stops on something with 4 as if it's waiting for me enter something but nothing happens.. do I format it in fat 32 or what?

#21 Shapeofwhite32

Shapeofwhite32
  • Topic Starter

  • Banned
  • 63 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 23 April 2012 - 01:36 PM

But I did burn the image to dvd and did get it to boot any instructions from here... stops at sh-4.0# and stays for a long time...?
Booted but same error.. tried several times redid everything then tried from dvd.. same deal

Edited by Shapeofwhite32, 23 April 2012 - 01:49 PM.


#22 Shapeofwhite32

Shapeofwhite32
  • Topic Starter

  • Banned
  • 63 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 23 April 2012 - 01:47 PM

squashfs read data failed to read block unable to read metadata cache and unable to read inode [0x1840-0x185f] conflicts with ACPI region SMB] and it stops at sh-4.0# (blinking cursor)

#23 Shapeofwhite32

Shapeofwhite32
  • Topic Starter

  • Banned
  • 63 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 23 April 2012 - 02:08 PM

I kind of suspect someone had installed a backdoor on my pc anyway to detect that?

#24 Shapeofwhite32

Shapeofwhite32
  • Topic Starter

  • Banned
  • 63 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 23 April 2012 - 02:15 PM

I do have a herins boot disc if that helps..

#25 Shapeofwhite32

Shapeofwhite32
  • Topic Starter

  • Banned
  • 63 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 23 April 2012 - 08:25 PM

Hello again.., I take your no response as you are frustrated, <_< I'm sorry but I re-downloaded everything tried to installed everything still get stuck on a black screen seems to be an xinit error no such directory X server, no such process, xauth bad display name and so on... stuck on sh 4.0# :angry:

Edited by Shapeofwhite32, 23 April 2012 - 08:35 PM.


#26 Shapeofwhite32

Shapeofwhite32
  • Topic Starter

  • Banned
  • 63 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 23 April 2012 - 10:09 PM

I used a different mbr program to save mbr info I also included PBR's

Attached Files


Edited by Shapeofwhite32, 23 April 2012 - 10:14 PM.


#27 Shapeofwhite32

Shapeofwhite32
  • Topic Starter

  • Banned
  • 63 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 23 April 2012 - 10:15 PM

I just backed up all pbr and mbr info..and zipped it hope this is sufficient? I did notice that my system partition is unknown to windows..?

Edited by Shapeofwhite32, 23 April 2012 - 10:19 PM.


#28 Shapeofwhite32

Shapeofwhite32
  • Topic Starter

  • Banned
  • 63 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 23 April 2012 - 11:00 PM

Wait O.k I did some browsing around I found the dumpit but when I click on it it closes me out of directory I was in..? and no log file is saved and it doesn't give me a choice to do a scan..

Edited by Shapeofwhite32, 23 April 2012 - 11:24 PM.


#29 Shapeofwhite32

Shapeofwhite32
  • Topic Starter

  • Banned
  • 63 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 24 April 2012 - 04:37 AM

Well as it stands now.. I got Xpud to work but I can't get dumpit to work.. I tried booting from cd and finding the dumpit file on usb but still no dice.. if those bin files don't work I have several .dat files..

#30 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,972 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:18 AM

Posted 24 April 2012 - 07:53 AM

Greetings Shapeofwhite32,


We will try something else but I must first plead with you to be patient and do not take any steps other than the ones I request. This is so important that I mentioned it twice in red in my initial post. I am attempting to help other people as well and I find that I spend too much time trying to catch up to your independent steps which complicate matters and put either a speed bump or a fork in the road I desire to take.

At this point, let me warn you that if you take any further independent steps we will have to close this thread. I sense your frustration and impatience but it is my job as a volunteer to lead you, not follow and react upon your independent steps.

Now, if this is something we can agree upon please perform the following step for me.


===================================================


Farbar's Recovery Scan Tool

--------------------

I would like you to run Farbar's Recovery Scan Tool to check your MBR. For this you will need a USB flash drive.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC and we will enter the System Recovery Options one of the two following ways:

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • FRST.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users