Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit Virus Need Help With FRST.txt file


  • This topic is locked This topic is locked
6 replies to this topic

#1 Heelyeah1230

Heelyeah1230

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 29 November 2012 - 01:07 PM

Recently downloaded a virus after opening an email attachment. Removed the virus but now unable to boot into Windows. I took the advice from the forum and downloaded the Farbar Recovery Scan tool and ran it. I now have the frst.txt file that I have attached but now need help with the fixlist.txt. If anyone can help it would be much appreciated.

Thanks again,
Chelsea

Attached Files

  • Attached File  FRST.txt   35.38KB   14 downloads


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:36 AM

Posted 30 November 2012 - 02:06 AM

Hello Chelsea,

Welcome to the forum.

We should be able to boot the computer.

Please tell me if you still have the issue. In that case tell me what tool did you use to remove the malware and if the condition of the system is the same as the log you have posted.

#3 Heelyeah1230

Heelyeah1230
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 30 November 2012 - 05:36 AM

Thank you for the reply. I used Kaspersky rescue boot to remove a rootkit and the computer is still doing a startup repair loop that never resolves itself. After trying several fixes I read about the Farbar recovery tool and scanned the computer. I got the frst.txt which I attached to the original post but now need help with the fixlist.txt.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:36 AM

Posted 30 November 2012 - 06:13 AM

Thanks for the feedback.

Please copy and paste the logs instead of attaching them.

Please download Listparts64
Save it to the flash drive.

Please download Attached File  fix.txt   118bytes   9 downloads
The fix.list should be saved on the flash drive in the same directory as ListParts64.
Boot to recovery environment, run Listparts6 the same way you ran FRST tool (by typing f:\listparts64 and pressing Enter)
Click Fix.
When it is finished close the pop up windows that notifies the fix is done but don't close the tool. Check "List BCD", click Scan and post the log (Result.txt) it makes.

Also restart, let it normally and tell me how it went.

#5 Heelyeah1230

Heelyeah1230
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 30 November 2012 - 07:39 AM

Thank you for your quick response and help. So I followed your instructions and the computer now boots into windows.
As you requested I here is the result.txt


ListParts by Farbar Version: 30-10-2012
Ran by SYSTEM (administrator) on 30-11-2012 at 07:21:55
Windows 7 (X64)
Running From: F:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 3894.68 MB
Available physical RAM: 3285.42 MB
Total Pagefile: 3892.83 MB
Available Pagefile: 3268.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.92 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:451 GB) (Free:358.63 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Recovery) (Fixed) (Total:14.65 GB) (Free:7.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (ET1139DRV04) (Removable) (Total:14.97 GB) (Free:12.78 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 13 MB
Disk 1 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 14 GB 101 MB
Partition 3 Primary 451 GB 14 GB

======================================================================================================

Disk: 0

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:36 AM

Posted 30 November 2012 - 08:05 AM

Great. :thumbup2:

The main infection is taken care of. We will check for any leftover or adware.

  • Open your Malwarebytes' Anti-Malware.
    • First update it, to do that under the Update tab press "Check for Updates".
    • Under Scanner tab select "Perform Quick Scan", then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

  • Please download AdwCleaner and save it to your desktop.
    • Close all open programs.
    • Double click on AdwCleaner.exe to run it.
    • Click on Delete and confirm the prompt.
    • After it is finished the computer will be restarted. A text file will open after the restart.
    • Please post the content of that log to your reply.
    • A copy of the log will be saved at C:\AdwCleaner[S1].txt.
    Please download OTL by OldTimer.
    • Save it to your desktop.
    • Double click on the OTL icon on your desktop.
    • Check the "Scan All Users" checkbox.
    • Check the "Standard Output".
    • Click Run Scan button.
    • Two reports will open:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Copy and paste OTL.txt and attach Extra.txt to your reply.


#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:36 AM

Posted 09 December 2012 - 03:22 PM

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a Private Message and I will reopen it for you.

If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users