Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hello and SMART HDD


  • This topic is locked This topic is locked
3 replies to this topic

#1 12many

12many

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 27 April 2012 - 11:21 AM

Hello. New user and first time poster. This site is great.

So, I feel like I am at an AA meeting. My name is Chad, and I have a virus.

Got Smart HDD, but I don't feel so smart. I ran the process from this site and everthing when well, but it does not fully remove Smart HDD. I have been searching and found that my problem is pretty much the same as EMILYMD as assisted by AAFLAC in a recent post. I seem to get the system clean and all the files recovered using Iexplore, MALWARE Bytes, and unhide and I can get it clean in both safe and normal mode. but then when I reboot into normal mode, the message comes up and the cascade of message reoccurs and it deletes my files again. Have gone through the process several times. Seems to be cleaning it, but it loads again on start up.

So, should I start a new post with the problem, or should I try to do what AAFLAC advised EMILYMD to do in her postings?

Thanks

Chad

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:14 PM

Posted 27 April 2012 - 02:29 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Then proceed to run aswMbr.exe as noted below.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Note:
If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Thanks and again sorry for the delay.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 12many

12many
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 28 April 2012 - 03:27 PM

Thanks for the fast response. I apoligize that I broke protocol, but I did a restore from a restore a point about 2 days before the infection. Everything seems to be working.
At this point malware bytes is clean, TDSSKILLER is clean and so is aswMBR. Do you think I am good and it is gone or anything else I should do? Thank you. Chad

My system
W7Home 32 bit,
This is the log
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-28 13:13:36
-----------------------------
13:13:36.632 OS Version: Windows x64 6.1.7601 Service Pack 1
13:13:36.632 Number of processors: 8 586 0x1A05
13:13:36.632 ComputerName: DAD-PC UserName: Dad
13:13:38.519 Initialize success
13:15:41.298 AVAST engine defs: 12042801
13:16:09.347 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:16:09.347 Disk 0 Vendor: SAMSUNG_HD502HJ 1AJ100E4 Size: 476940MB BusType: 3
13:16:09.363 Disk 0 MBR read successfully
13:16:09.363 Disk 0 MBR scan
13:16:09.378 Disk 0 Windows 7 default MBR code
13:16:09.378 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:16:09.394 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
13:16:09.409 Disk 0 scanning C:\Windows\system32\drivers
13:16:17.537 Service scanning
13:16:36.569 Modules scanning
13:16:36.569 Disk 0 trace - called modules:
13:16:36.569 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:16:36.585 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006521790]
13:16:36.585 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80062f2520]
13:16:36.912 5 ACPI.sys[fffff88000d857a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80062db060]
13:16:37.521 AVAST engine scan C:\
13:25:56.010 Disk 0 MBR has been saved successfully to "C:\Users\Dad\Desktop\MBR.dat"
13:25:56.025 The log file has been saved successfully to "C:\Users\Dad\Desktop\aswMBR.txt"

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:14 PM

Posted 28 April 2012 - 03:45 PM

We will go ahead and close this topic if you experience this problem again in the next 24 hrs just pm me.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users