Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smart HDD infected can't remove


  • Please log in to reply
6 replies to this topic

#1 hittme

hittme

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 23 April 2012 - 07:38 AM

Infected with Smart HDD, from experience with a friends infected computer I had loaded free version of Malwarebytes on mine, have tried rkill and running Malwarebytes with no luck detecting anything or fixing issue, also hides all programs and files, Unhide does fix that. I do get something different that with friends computer, 19 windows open with the message "System Message Write Fault Error" stating A write command during the test has failed, maybe media or read/write error the system generates an exception error using references to an invalid system memory address.

Any help would be appricieated

BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:59 PM

Posted 23 April 2012 - 08:24 AM

Hello.

Try following the steps in this guide: http://www.bleepingcomputer.com/virus-removal/remove-smart-hdd

Let me know if you still have problems afterwards.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 Reegun Richard J

Reegun Richard J

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:29 AM

Posted 23 April 2012 - 08:46 AM

**first goto safemode,restart your pc goto boot options,normally by pressing f8 you can get,goto safemode with networking
**Run Updated Malwarebytes(update needed)
**If found infections remove upload the logs
**Download TDSS killer download TDSS,
**Remove infection if found,upload the log,It will found in c:\
**Post the logs we can move further

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:05:59 PM

Posted 23 April 2012 - 10:21 AM

Please do not run malwarebytes in safe mode. MBAM is more effective in normal mode.

The guide I linked to above will walk you through the process of removing the infection.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 Reegun Richard J

Reegun Richard J

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:29 AM

Posted 23 April 2012 - 11:31 AM

Hi please follow the Steps Suggested by BLADE,Its effective then my idea

#6 hittme

hittme
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 23 April 2012 - 02:28 PM

I tried Blade's recommendation Remove-Smart-HDD Saturday 3 times, so today again in Safe Mode (didn't see your email not to do this before I started) I removed the copy of Malwarebytes and reinstalled again from site, ran it first as opposed to rkill, see log results of what found, it did not find things yesterday see that log, I then ran Unhide and rebooted. Smart HDD pop-up did not appear so ran MBAM see log, do I need to run TDSS or rkill. Seems to be fine now, Thanks.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.21.07

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Administrator :: KITCHEN [administrator]

4/21/2012 9:58:18 PM
mbam-log-2012-04-21 (21-58-18).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 329400
Time elapsed: 36 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.23.04

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Administrator :: KITCHEN [administrator]

4/23/2012 10:44:34 AM
mbam-log-2012-04-23 (10-44-34).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 330815
Time elapsed: 39 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|hjOouWQXnIVMkvP.exe (Trojan.FakeAlert) -> Data: C:\Documents and Settings\All Users\Application Data\hjOouWQXnIVMkvP.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Documents and Settings\All Users\Application Data\hjOouWQXnIVMkvP.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\JZDDWH2sFBl8bP.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temporary Internet Files\Content.IE5\MTF4LJS5\krevkqcmdubtfvdz8[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.23.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Compaq_Owner :: KITCHEN [administrator]

4/23/2012 12:10:47 PM
mbam-log-2012-04-23 (12-10-47).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 330601
Time elapsed: 1 hour(s), 49 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 7
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1707\A0119559.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP1707\A0119560.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

(end)

#7 Reegun Richard J

Reegun Richard J

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:29 AM

Posted 23 April 2012 - 08:53 PM

**Happy that You followed the instruction from BLADE

**Few more things i like to add

**Run TDSS ,and check for any Rootkit kind of infection,If you found any Infection its recommended to SKIP whatever you found,Because some "Forged file " kind of findings might be there in TDSS,so Its recommended not to remove anything without experts advice

**Paste the Log located in c:\

**one things we needed,check for "System64" folders is there or not in inside WINDOWS folder

**Revert Back with details we can move further :busy:

**Im Happy to Help If BC guys allow me to continue :thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users