Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SMART HDD Removal


  • Please log in to reply
2 replies to this topic

#1 prospal

prospal

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 12 August 2012 - 04:26 PM

Hi,

I just came back from vacation (and left what was a working computer.. :( ) to what appears to be this Fake SMART HDD Malware. I began following this tutorial and downloaded iExpore.exe from another computer and used a USB stick to xfer the file.

After running iExplore, the Rkill log, looks something along the lines of this:

__________

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

*SMTMP folder detected. Your machine is or has been infected with Fake.HDD rogue anti-spyware program. Please see this link for more information about this type of rogue: http://www.bleepingcomputer.com/forums/topic405109.html

Restarting Explorer.exe in order to apply changes.

_________

I'd copy and paste the whole log, or even screenshot it, but still have no internet connection on the infected machine, so I'm stuck using my laptop lol.

I then ran TDSSKiller from the link shown in the tutorial, ran the scan, and came up with nada.

I downloaded Malwarebytes Anti-Malware program in hopes of it picking up the malware, but since I'm unable to establish an internet connection, I can't download the latest updates, and figure I probably won't snag the malware. Anyways, Malwarebytes is currently running, so I'll see what happens in a bit.

Has anyone else experienced the same issue as me? i.e. - my troubleshooting of removing this malware by following the steps in bleepingcomputer's tutorial, isn't going as easy as it looks like it should be going?

What gives?

Thanks in advance for any help!

BC AdBot (Login to Remove)

 


#2 prospal

prospal
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 12 August 2012 - 05:32 PM

Looking further into this.. I went into Device Manager and noticed that my onboard Network Adapter was disabled.

Enabled it and now have internet access.

Will continue to troubleshoot this.

#3 prospal

prospal
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:24 AM

Posted 12 August 2012 - 07:22 PM

As I was able to get an internet connection, I was able to update Malwarebytes to the most up-to-date version and thus able to get Malwarebytes to detect the harmful files.

What keyed me into noticing something was up and to check device manager - I was trying to figure out why I wasn't getting internet to my PC, but I could hardline my laptop (with the same cable) and make a connection. I would check the back of my tower where the LAN wire would connect to, and although usually it's illuminated orange to I guess signify data transfer, it was out. I was originally thinking I had a hardware problem and potentially needed a new mobo. But, just looking behind the tower during bootup, I noticed the light was on and then would shutoff right around the time the Windows 7 splash screen would show up. I figured the virus was turning my LAN off. Check device manager, and just as I thought, it was disabled. This virus was good.

Guess I sorta jumped the gun.

Anyway, thanks for all the helpful information on this forum!

Nick




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users