Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removed Disk Antivirus Pro - still infected?


  • Please log in to reply
5 replies to this topic

#1 Enva

Enva

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 07 March 2013 - 09:44 AM

Hello Bleep-Team!

 

I followed your Remove Disk Antivirus Pro (uninstall guide) but it seems as if I still have virus/malware on my pc. Could you please help me?

 

Thanks, best regards Enva



BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:03 AM

Posted 07 March 2013 - 10:56 AM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg

  • Check Loaded Modules  and Detect TDLFS file systemDo not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png

  • Click Start Scan and allow the scan process to run

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    tds6.jpg

  • Click Reboot computer
  • Please post the contents of  TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply


===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.


    aswMBR1.png
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


    aswMBR2.png
  • Please post the contents of the log in your next reply.

NOTE:  aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan  This process may may take several hours, that is normal

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

    esetsmartinstaller_enu.png

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:

    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply.   Note:  If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log
  • ESET results


 



#3 Enva

Enva
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 11 March 2013 - 05:36 PM

ESET log

 

C:\Windows.old\Documents and Settings\Cibo\AppData\Local\Microsoft\Windows\Temporary

Internet Files\Content.IE5\1UQZKLQC\cbsidlm-tr1_11-HyperCam-ORG-75000937 (1).exe 

Win32/DownloadAdmin.G application 
C:\Windows.old\Documents and Settings\Cibo\AppData\Local\Microsoft\Windows\Temporary

Internet Files\Content.IE5\NLMY48BQ\optimizerpro26[1].exe a variant of

Win32/Adware.SpeedingUpMyPC.A application 
C:\Windows.old\Documents and

Settings\Cibo\AppData\Local\temp\jar_cache1719093176464448893.tmp multiple

threats 
C:\Windows.old\Documents and

Settings\Cibo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\21ec13c0-29d81863 

Java/Exploit.CVE-2012-0507.BR trojan 
C:\Windows.old\Documents and

Settings\Cibo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\118609ab-1aba368d 

Java/Exploit.CVE-2012-0507.BR trojan 
C:\Users\Cibo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5

\1UQZKLQC\cbsidlm-tr1_11-HyperCam-ORG-75000937 (1).exe Win32/DownloadAdmin.G

application cleaned by deleting - quarantined
C:\Users\Cibo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5

\NLMY48BQ\optimizerpro26[1].exe a variant of Win32/Adware.SpeedingUpMyPC.A application 

cleaned by deleting - quarantined
C:\Users\Cibo\AppData\Local\temp\jar_cache1719093176464448893.tmp multiple

threats deleted - quarantined
C:\Users\Cibo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\21ec13c0-29d81863 

Java/Exploit.CVE-2012-0507.BR trojan cleaned by deleting - quarantined
C:\Users\Cibo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\118609ab-1aba368d 

Java/Exploit.CVE-2012-0507.BR trojan cleaned by deleting - quarantined
C:\Windows.old\Users\mostar\Documents\Programi s neta\thoosje-sidebar-2.5-installer.exe 

Win32/Adware.ADON application cleaned by deleting - quarantined
C:\Windows.old\Users\mostar\Documents\Programi s

neta\Thoosje_Vista_Sidebar_2_5_by_Thoosje.zip Win32/Adware.ADON application deleted

- quarantined
Operating memory probably a variant of Win32/Ponmocup.AA trojan 



#4 Enva

Enva
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 11 March 2013 - 05:39 PM

aswMBR LOG

 

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-10 23:57:44
-----------------------------
23:57:44.413    OS Version: Windows 6.0.6002 Service Pack 2
23:57:44.414    Number of processors: 2 586 0x605
23:57:44.416    ComputerName: CIBO-PC  UserName: Cibo
23:58:32.449    Initialize success
00:01:57.859    AVAST engine defs: 13031001
00:02:31.520    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:02:31.523    Disk 0 Vendor: ST332062 3.AD Size: 305245MB BusType: 3
00:02:31.549    Disk 0 MBR read successfully
00:02:31.552    Disk 0 MBR scan
00:02:31.559    Disk 0 Windows VISTA default MBR code
00:02:31.563    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       54 MB offset 63
00:02:31.575    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        10240 MB offset 112640
00:02:31.594    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       294949 MB offset 21084160
00:02:31.616    Disk 0 scanning sectors +625139712
00:02:31.691    Disk 0 scanning C:\Windows\system32\drivers
00:02:42.551    Service scanning
00:03:05.370    Modules scanning
00:03:09.911    Disk 0 trace - called modules:
00:03:09.929    ntkrnlpa.exe CLASSPNP.SYS disk.sys iastorv.sys hal.dll
00:03:09.934    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b97818]
00:03:09.940    3 CLASSPNP.SYS[87fac8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84df0030]
00:03:10.839    AVAST engine scan C:\Windows
00:03:12.964    AVAST engine scan C:\Windows\system32
00:06:12.588    AVAST engine scan C:\Windows\system32\drivers
00:06:27.440    AVAST engine scan C:\Users\Cibo
00:31:51.750    Disk 0 MBR has been saved successfully to "C:\Users\Cibo\Desktop\MBR.dat"
00:31:51.759    The log file has been saved successfully to "C:\Users\Cibo\Desktop\aswMBR.txt"


 



#5 Enva

Enva
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:03 AM

Posted 11 March 2013 - 05:44 PM

The last TDDS killer log is too long to post, where cvan I attach and upload it?



#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:03 AM

Posted 11 March 2013 - 05:44 PM

Just post the last few lines of the log.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users