Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need a FRST fix script


  • This topic is locked This topic is locked
4 replies to this topic

#1 nfthach

nfthach

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 23 October 2012 - 06:51 PM

I've got a user here with a stubborn Trojan.Gen2 and Trojan.ZeroAccess infection that managed to slip by Symantec SEP. I'm all too familiar with MBAM, ComboFix, HijackThis, and SmitFraud as tools to fix malware, and someone over on the Symantec Forums used FRST as one of the tools to get it off a computer. Here's a log, I can't even get into Safe Mode without a BSOD with the STOP error 50. Hopefully I can nip this in the bud. Thanks!

Attached Files

  • Attached File  FRST.txt   24.75KB   17 downloads


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:09 AM

Posted 23 October 2012 - 07:23 PM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM-x32\...\Run: []  [x]
2012-08-29 08:43 - 2012-08-29 08:22 - 00000000 ____A C:\Users\nshamble\AppData\Local\
C:\Windows\assembly\GAC_32\Desktop.ini
C:\$Recycle.Bin\S-1-5-21-1178200215-718165156-3646253308-4674\$03e3855139c4ed1a2582d69593e4bb46
C:\$Recycle.Bin\S-1-5-18\$03e3855139c4ed1a2582d69593e4bb46
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT


Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 nfthach

nfthach
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 24 October 2012 - 12:58 AM

OK, I'll do those in the morning and hopefully I can stave off an reimage.

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:09 AM

Posted 24 October 2012 - 05:29 PM

:thumbup2:

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:09 AM

Posted 01 November 2012 - 08:30 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users