Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

added attachment to "cant get rid of heur post" in "Am i infected forum".


  • This topic is locked This topic is locked
3 replies to this topic

#1 cnnashman

cnnashman

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:06:08 AM

Posted 06 February 2013 - 04:32 AM

Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/06/2013 04:31:42 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\SysWOW64\ACEngSvr.exe (PID: 4784) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 02/06/2013 04:31:53 AM
Execution time: 0 hours(s), 0 minute(s), and 10 seconds(s)

BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,375 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:08 AM

Posted 08 February 2013 - 07:03 PM

Greetings cnnashman and welcome.gif to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

 

Please forgive any scripting format irregularities you might find as we upgrade our system to better serve you.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. thumbup2.gif

===================================================

Ground Rules:

  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. smile.png
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the StartNewTopic.gif button but use the AddReply.gif button instead.
  • In the upper right hand corner of the topic you will see the WatchTopic.gif button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started thumbup2.gif
  • ===================================================

    Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

    Thank you for your patience thus far. Please do this for me.


    ===================================================


    Running TDSSKiller with Changed Parameters

    --------------------
    • Please download TDSSKiller from here and save it to your Desktop
    • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


      tds2.jpg
    • Check Loaded Modules and Detect TDLFS file system. Do not check Verify file digital signatures (even though it is checked in the example)
    • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


      2012081514h0118.png
    • Click Start Scan and allow the scan process to run


      tds4-1.jpg
    • If threats are detected select Skip for all of them unless I instruct you otherwise
    • Click Continue



      tds6.jpg
    • Click Reboot computer
    • Please zip and attach in your reply the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)
    • ===================================================


      aswMBR

      --------------------
      • Download aswMBR and save it to your desktop.
      • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
      • If you need help to disable your protection programs see here and here.
      • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
      • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.


        aswMBR1.png
      • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


        aswMBR2.png
      • Please post the contents of the log in your next reply.
      NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


      ===================================================


      ESET Online Scanner

      --------------------

      I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
      • Hold down Control and click on this link to open ESET OnlineScan in a new window.
      • Click the esetonlinebtn.png button.
      • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
        • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
        • Double click on the icon on your desktop.

        esetsmartinstaller_enu.png

      • Check "YES, I accept the Terms of Use."
      • Click the Start button.
      • Accept any security warnings from your browser.
      • Under scan settings, check "Scan Archives" and "Remove found threats"
      • Click Advanced settings and select the following:
        • Scan potentially unwanted applications
        • Scan for potentially unsafe applications
        • Enable Anti-Stealth technology
      • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      • When the scan completes, click List Threats
      • Copy and paste the information in your next reply. Note
      : If no malware was found you will not get a log.
    • Click the Back button.
    • Click the Finish button.
    • ===================================================


      Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. icon_thumb.gif
      • TDSSKiller log
      • aswMBR log
      • ESET results

Edited by Oh My, 08 February 2013 - 07:08 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,375 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:08 AM

Posted 12 February 2013 - 02:02 PM

Greetings,


===================================================


3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Edited by Oh My, 12 February 2013 - 02:03 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,375 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:08 AM

Posted 14 February 2013 - 07:52 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users