Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect virus and invisble spyware (audio) and OTHER STUFF


  • Please log in to reply
6 replies to this topic

#1 machined

machined

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 09 September 2012 - 05:12 PM

Hello,

Can't seem to shake some viruses/malware and pc abnormalities. Please assist.

Windows 7 x64 OS Laptop.
I had the virus that says "C: Drive drive critically full and requires purchase of security software" upon bootup. Might be called Hard Drive diagnostic Virus?. It apparently also hides all files moving your shortcut links to the temp folder. Seemed to fix that using Gridsoft (sp?) trojan killer but in doing so lost shortcuts for program files etc.. Also, Windows Defender was turned off and can't turn back on it just hangs. The PC is running exceptionally slow (slow boot, slow ie/chrome). Internet searches are randomly redirected and audio spyware ads with no pop-ups keep occurring. These pop-ups and redirects happen total random with apps running or not and regardless of search engine.
Also have problem with all my autodesk software licenses now popping up as invalid.

Steps thus far.
Ran Gridsoft Trojan killer - Found trojan and dleters
Ran RKill.
Ran FSS.
Deleted Hosts file
Ran MAMB (in Safe-mode and normal) - Found and removed 3 Trojans
Ran MAMB - Clean
Ran Superantispyware - Found and quarantined 3 Viruses and tracking cookies
Ran Superantispyware - Clean
Ran adwcleaner
Ran CCleaner
Rolled back IExplorere from 9 to 8.

Help would be greatly appreciated.
Thanks in advance.
Machined

Edited by machined, 09 September 2012 - 05:39 PM.


BC AdBot (Login to Remove)

 


#2 drmalware

drmalware

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:31 PM

Posted 09 September 2012 - 05:59 PM

Hi Machined

Check my post here:

http://www.bleepingcomputer.com/forums/topic468020.html

I think this will do the trick...

Boot scan, autorun and process explorer and if you still have issues post your hijack this if thats allowed? :lol:

#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:31 AM

Posted 09 September 2012 - 07:28 PM

I do not want you to run any other tools unless instructed


Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#4 machined

machined
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 09 September 2012 - 09:34 PM

Thanks for the response and instructions.
Unfortunately neither tdskiller nor aswMBR would launch after downloading. ESET did, List below:


C:\Qoobox\Quarantine\C\Users\Ty\AppData\Local\Temp\ifdsv.dll.vir a variant of Win32/Medfos.AA trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Ty\AppData\Local\Temp\pseapi.dll.vir a variant of Win32/Medfos.L trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Ty\AppData\Local\{5b546ad5-9b93-eeab-ec01-e1e6a45ecbf0}\U\00000004.@.vir Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Ty\AppData\Roaming\rlmpl.dll.vir a variant of Win32/Medfos.AG trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.AD trojan deleted - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{5b546ad5-9b93-eeab-ec01-e1e6a45ecbf0}\U\00000004.@.vir Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.B.Gen trojan deleted - quarantined
C:\TDSSKiller_Quarantine\24.03.2012_21.40.09\zaea0000\svc0000\tsk0000.dta Win64/Sirefef.W trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.03.2012_18.58.41\zaea0000\svc0000\tsk0000.dta Win64/Sirefef.W trojan cleaned by deleting - quarantined
C:\Users\Ty\Downloads\Nero-Free.exe Win32/Toolbar.AskSBar application cleaned by deleting - quarantined

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:31 AM

Posted 09 September 2012 - 09:39 PM

Download Listparts from here

For 32 bit

List parts 32

For 64 bit

List parts 64

Launch it,click on SCAN,post the log

Edited by narenxp, 27 October 2012 - 07:00 PM.


#6 machined

machined
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 10 September 2012 - 12:20 AM

TDSS did NOT find rootkit. Restarted pc anyway and attempted to run tdskiller, would NOT launch.

Listparts log:
ListParts by Farbar Version: 10-08-2012
Ran by Ty (administrator) on 09-09-2012 at 21:18:08
Windows 7 (X64)
Running From: C:\Users\Ty\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 19%
Total physical RAM: 8116.36 MB
Available physical RAM: 6541.05 MB
Total Pagefile: 16230.86 MB
Available Pagefile: 14643.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:51.8 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive w: (Local) (Fixed) (Total:329.79 GB) (Free:211.86 GB) NTFS
4 Drive x: (Local) (Fixed) (Total:465.76 GB) (Free:390.26 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB
Disk 1 Online 465 GB 1024 KB

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 19 GB 31 KB
Partition 2 Primary 116 GB 19 GB
Partition 0 Extended 329 GB 135 GB
Partition 3 Logical 329 GB 135 GB

======================================================================================================

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OS NTFS Partition 116 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 W Local NTFS Partition 329 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 1024 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 X Local NTFS Partition 465 GB Healthy

======================================================================================================
==========================================================
TDL4: custom:26000022


****** End Of Log ******

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:31 AM

Posted 10 September 2012 - 02:00 AM

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users