Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista will not "restore"


  • Please log in to reply
57 replies to this topic

#1 sudsy

sudsy

  • Members
  • 463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US East Coast
  • Local time:09:57 AM

Posted 18 February 2013 - 08:38 PM

I noticed a problem with the usb root drivers. I tried to (several times) do a "system restore" and it always fails. Any ideas? Malwarebytes found and we removed two trojans. Running it again right now.

 

Sudsy

 

Not my machine but still want to fix it.

 

Also worth mention. usb devices are not recognized. Device Manager shows usb root errors.


Edited by hamluis, 19 February 2013 - 08:22 AM.
Moved from Vista to Am I Infected - Hamluis.

UFO pilot

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:57 AM

Posted 18 February 2013 - 09:41 PM

Please post the malwarebytes log that removed infections.



#3 sudsy

sudsy
  • Topic Starter

  • Members
  • 463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US East Coast
  • Local time:09:57 AM

Posted 19 February 2013 - 02:25 PM

Please post the malwarebytes log that removed infections.

OK, it took overnight to run but Malwarebytes is reporting that the machine has "Trojan.DNSChanger". So far no luck removing it.

 

Not this machine.

 

S


UFO pilot

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:57 AM

Posted 19 February 2013 - 08:06 PM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters




  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now




  • Click Start Scan and allow the scan process to run

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue




  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.



  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.



  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the   button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • ESET results

 



#5 sudsy

sudsy
  • Topic Starter

  • Members
  • 463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US East Coast
  • Local time:09:57 AM

Posted 19 February 2013 - 08:25 PM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg
     
  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png
     
  • Click Start Scan and allow the scan process to run
     
  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    tds6.jpg
     
  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.


    aswMBR1.png
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


    aswMBR2.png
  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

    esetsmartinstaller_enu.png

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. icon_thumb.gif

  • TDSSKiller log
  • aswMBR log
  • ESET results

TDSSKiller would not download. I ran Emsisoft Emergency Kit and it found and removed 4 "problems". 2 were "high threats". I have shut the machine down for a little while. It has been running for a couple days trying to run scans. It needs to cool down a ittle. I will power back up in a little while. Should I initiate the ESET Scan at that time?

 

Sudsy


Edited by sudsy, 19 February 2013 - 08:27 PM.

UFO pilot

#6 sudsy

sudsy
  • Topic Starter

  • Members
  • 463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US East Coast
  • Local time:09:57 AM

Posted 19 February 2013 - 08:27 PM

cooling machine down. Will initiate ESET Scan in little while. Very strange happenings with this machne.


UFO pilot

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:57 AM

Posted 19 February 2013 - 08:31 PM

Please do not any other tools when you are being assisted.I never asked you to run Emsisoft Emergency Kit.

 

Can you explain why you cant download TDSSkiller?



#8 sudsy

sudsy
  • Topic Starter

  • Members
  • 463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US East Coast
  • Local time:09:57 AM

Posted 19 February 2013 - 09:46 PM

I will try again but it said it could not be downloaded. I will restart machine now and try again.


UFO pilot

#9 sudsy

sudsy
  • Topic Starter

  • Members
  • 463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US East Coast
  • Local time:09:57 AM

Posted 19 February 2013 - 09:59 PM

OK. It says.

 

"This program couldn't be downloaded."

 

Using IE explorer. I removed Firefox and only have IE explorer.


UFO pilot

#10 sudsy

sudsy
  • Topic Starter

  • Members
  • 463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US East Coast
  • Local time:09:57 AM

Posted 19 February 2013 - 10:06 PM

The ICON is on the desktop but when I try to open it the download window comes up and it shows a partial download and a complete download. The complee download says it couldn't e downloaded. The partial just won't work.


UFO pilot

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:08:57 AM

Posted 19 February 2013 - 10:06 PM

Copy the tool from a different PC and run it.



#12 sudsy

sudsy
  • Topic Starter

  • Members
  • 463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US East Coast
  • Local time:09:57 AM

Posted 19 February 2013 - 10:40 PM

Roger


UFO pilot

#13 sudsy

sudsy
  • Topic Starter

  • Members
  • 463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US East Coast
  • Local time:09:57 AM

Posted 19 February 2013 - 11:23 PM

OK. Did that. TDSSKiller found no threats.


UFO pilot

#14 sudsy

sudsy
  • Topic Starter

  • Members
  • 463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US East Coast
  • Local time:09:57 AM

Posted 19 February 2013 - 11:42 PM

ok. do I move on to aswMBR?


UFO pilot

#15 sudsy

sudsy
  • Topic Starter

  • Members
  • 463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US East Coast
  • Local time:09:57 AM

Posted 20 February 2013 - 12:08 AM

OK. I'm going to bed. aswMBR scan running now.

Edited by sudsy, 20 February 2013 - 12:32 AM.

UFO pilot




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users