Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google not loading


  • Please log in to reply
1 reply to this topic

#1 fagunjo

fagunjo

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 23 September 2012 - 12:53 PM

Hi there,

I am new to the forum. Got here with the same problem as Grumblemouth. TDSSKiller also solved the problem (found a file named RLoader*.*). I followed your recommendation to run aswMBR and ESET. As they found threats, I would like to know if there is any new recommendation. Please find below the logs

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-23 12:37:15
-----------------------------
12:37:15.187 OS Version: Windows 5.1.2600 Service Pack 3
12:37:15.187 Number of processors: 2 586 0x170A
12:37:15.187 ComputerName: JONAS UserName:
12:37:16.000 Initialize success
12:37:38.437 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
12:37:38.453 Disk 0 Vendor: Size: 0MB BusType: 0
12:37:38.468 Disk 0 MBR read successfully
12:37:38.468 Disk 0 MBR scan
12:37:38.468 Disk 0 Windows VISTA default MBR code
12:37:38.468 Disk 0 MBR hidden
12:37:38.468 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
12:37:38.484 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 238307 MB offset 208845
12:37:38.531 Disk 0 scanning C:\WINDOWS\system32\drivers
12:37:44.250 Service scanning
12:37:52.125 Service GbpKm C:\WINDOWS\system32\drivers\gbpkm.sys **LOCKED** 32
12:38:05.515 Modules scanning
12:38:09.265 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
12:38:09.984 Disk 0 trace - called modules:
12:38:10.000 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:38:10.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad9e678]
12:38:10.000 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0x8ad74028]
12:38:10.000 Scan finished successfully
12:38:35.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
12:38:35.296 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

ESET:
C:\Documents and Settings\Administrator\Local Settings\Temp\5606.sys Win32/Agent.SUC trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temp\718b1839-5606.tmp Win32/Agent.TFL trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temp\86bcdaf9-5606.tmp Win32/Agent.TFL trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temp\8f689641-5606.tmp Win32/Agent.TFL trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temp\8f721603-5606.tmp Win32/Agent.TFL trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temp\ad27b7d6-5606.tmp Win32/Agent.TFL trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temp\c7fa6ceb-5606.tmp Win32/Agent.TFL trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache4160872986275887050.tmp a variant of Java/Exploit.CVE-2011-3544.AT trojan deleted - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache4283990034265150257.tmp Win32/Agent.STT trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache6728458137840783445.tmp Win32/Agent.STT trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temp\jar_cache9040254805118590860.tmp Win32/Agent.STT trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\YUAWRNJW\i[1].htm JS/Kryptik.NX trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\23.09.2012_12.28.19\rtkt0000\svc0000\tsk0000.dta Win32/Simda.M.Gen trojan deleted - quarantined

Thank you in advance for your help,

fagunjo.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:01 PM

Posted 23 September 2012 - 02:41 PM

Hello and welcome. I split you here to your own topic.. It's always better.

This why I asked the other poster to run these. Thats a lot to just leave on the machine.
You had backdoor infections and need to change your passwords.
Do you do banking on here?

Please rerun Tdss like this...
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users