Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix


  • Please log in to reply
13 replies to this topic

#1 lucag74

lucag74

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 17 March 2013 - 04:03 PM

Hi, i'm new for this forum, and my english is not so good: i hope you can help me same.

 

i tought to have a virus in my pc with windows vista, because it was so slowly, and i use Combofix..; i think now it's all ok, i'm  attaching the log, can you help me please to "translate" it ? Could you tell me if there was something wrong?

Really many thanks in advance,


Luca

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:56 AM

Posted 18 March 2013 - 01:17 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
 
Download DDS by sUBs from one of the following links if you no longer have it available.  Save it to your desktop.
 
1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
 
Double click on the DDS icon, allow it to run. 
A small box will open, with an explanation about the tool.  No input is needed, the scan is running. 
Notepad will open with the results. 
Follow the instructions that pop up for posting the results.[/list]Please note:  You may have to disable any script protection running if the scan fails to run.
 
dds_scr.gif
 
Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.===
 
Third party programs if not up to date can be the cause of infiltration an infection.
===
 
Please run this security check for my review.
 
Download Security Check by screen317 from here.
  • Save it to your Desktop.

  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

===
 
Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.
 
Please download AdwCleaner by Xplode onto your Desktop.

  • Close all open programs and internet browsers.

  • Double click on AdwCleaner.exe to run the tool.

  • Click on Delete tab follow the prompts.

  • A log file will automatically open after the scan has finished.

  • Please post the content of that log file with your next answer.

  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

 
Please post the logs and let me know what problem persists.


#3 lucag74

lucag74
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 18 March 2013 - 02:52 PM

Hi, thanks for answer.

I've some problems whit the first 2 steps: 

 

1) dds launch and nothing happens, and no log is generated;  I double click, the program tells me that he is working in quiet mode, which will generate two logs on the desktop .. but does not generates nothing.

 

2) Security Check launch and I get error messages: can not find the path specified.
F1 \ AppData \ Local \ temp \ RarSFX1 \ securitycheck \   is not recognized as an internal or external command ,operable program or batch file.

 

The program go on, and every check it reports the same error; at the end, the log is generated and it is completely empty!

 

Could you help me please?  Maybe i've to disable something before launching the two applications?

 

Thanks,



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:56 AM

Posted 19 March 2013 - 08:08 AM

Are you running these tools from your desktop?

 

In other words did you place these tools on your Desktop?



#5 lucag74

lucag74
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 19 March 2013 - 02:46 PM

Yes..



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:56 AM

Posted 20 March 2013 - 07:38 AM

Try this.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
  • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

    For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

    Post back with the Malwarebytes Anti-Malware log once it's complete.
    ===


#7 lucag74

lucag74
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 20 March 2013 - 06:17 PM

I altrady used malwarebyte before combifix, and it didn't found nothing..; i also run Superantispyware, spybot&destroy, spamfighter, and Microsoft security essential...all these where run before combifix , and no one found malware o riskware or trojan...
I post the log of combofix only to know if (and what) it removed, because i can't understand it..
Then... I don't know why i can't run the 2 software you told me in the first answer, but i read in the instruction that may be my pc has set some script that i should put off..but i don't know how to do and where search these scripts...

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:56 AM

Posted 21 March 2013 - 07:47 AM


Lets have a look at these logs.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
  • Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
    • Click the "Scan" button to start scan.
    • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
    • Please post the contents of that log in your next reply.
    There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
    ===

    Please post the logs for my review.


#9 lucag74

lucag74
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 24 March 2013 - 09:45 AM

Hi, TDSSKiller doesn't find nothing suspicius...; i attach the log of aswMBR.exe, it found something in yellow, but nothing in red...
 
But.. maybe i don't have any virus/rootkit/malware/trojan in my pc? At the beginning I run Combifix, but it doesn't means i' ve absolutely must have something wrong..; if all this programs don't find nothing, maybe i'm safe, right??

Thanks,

 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-03-24 15:16:58
-----------------------------
15:16:58.953    OS Version: Windows 6.0.6002 Service Pack 2
15:16:58.953    Number of processors: 4 586 0xF0B
15:16:58.953    ComputerName: PC-LUCAEFRANCY  UserName: Luca&Francy
15:17:10.575    Initialize success
15:27:48.225    AVAST engine defs: 13032400
15:28:26.601    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:28:26.601    Disk 0 Vendor: ST350041 CC38 Size: 476940MB BusType: 8
15:28:26.679    Disk 0 MBR read successfully
15:28:26.679    Disk 0 MBR scan
15:28:26.695    Disk 0 unknown MBR code
15:28:26.695    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       466641 MB offset 63
15:28:26.726    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        10296 MB offset 955682816
15:28:26.742    Disk 0 scanning sectors +976769024
15:28:26.773    Disk 0 scanning C:\Windows\system32\drivers
15:28:42.747    Service scanning
15:28:53.620    Service MpKsl0968ab7e c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{413023C2-2285-4DB0-9B9D-838A57341541}\MpKsl0968ab7e.sys **LOCKED** 32
15:28:53.667    Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
15:29:10.390    Modules scanning
15:29:13.713    Disk 0 trace - called modules:
15:29:13.729    ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 
15:29:13.729    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86102030]
15:29:13.729    3 CLASSPNP.SYS[8a7c48b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x855c0028]
15:29:18.190    AVAST engine scan C:\Windows
15:29:24.228    AVAST engine scan C:\Windows\system32
15:33:00.334    AVAST engine scan C:\Windows\system32\drivers
15:33:21.644    AVAST engine scan C:\Users\Luca&Francy
15:36:48.443    Disk 0 MBR has been saved successfully to "C:\Users\Luca&Francy\Desktop\MBR.dat"
15:36:48.521    The log file has been saved successfully to "C:\Users\Luca&Francy\Desktop\aswMBR.txt"

Attached Files


Edited by nasdaq, 24 March 2013 - 12:37 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:56 AM

Posted 24 March 2013 - 12:44 PM

 
Nothing bad was found on your logs.
 
Refer to post No 2.
 
Run the Security Check and  AdwCleaner tools again.
 
This time Right Click on the .exe files and run as Administrator.
 
Can you now post the logs?
 
Let me know if you have any difficulties with this computer.


#11 lucag74

lucag74
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 24 March 2013 - 01:41 PM

adwclenaer works as an administrator..ad you can read the post attached..; program security check does not work, I also tried to re-download from site screen317, but I have always the same error, even though the launch as administrator: 

 

 "can not find the path specified"

  "F-1 \ AppData \ local \ temp\RarSFX2 \ securitycheck \ is not recognized as an internal or external command, operable program or batch file "

 

one question: the program is that of the Symantec Security Check which is located in this link?    http://security.symantec.com/sscv6/home.asp?langid=it&venid=sym&plfid=24&pkj=AFWTPJUIYCZRWEJGSSK     Or is it a similar program?

Attached Files



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:56 AM

Posted 25 March 2013 - 07:27 AM

"can not find the path specified"
"F-1 \ AppData \ local \ temp\RarSFX2 \ securitycheck \ is not recognized as an internal or external command, operable program or batch file "

one question: the program is that of the Symantec Security Check which is located in this link? http://security.symantec.com/sscv6/home.asp?langid=it&venid=sym&plfid=24&pkj=AFWTPJUIYCZRWEJGSSK Or is it a similar program?

Copy the Security Check .exe file to your desktop.
Run it from there.
===

The Symentec Security check is not the same.

The one I suggested just reports information on outdated programs.

#13 lucag74

lucag74
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 25 March 2013 - 07:53 AM

Already done, but same error message.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,909 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:56 AM

Posted 25 March 2013 - 08:30 AM

We never have any difficulties in running this simple tool.

Could the ( & ) pound sign in your user name be the reason?
Luca&Francy

 

Copy the Security Tool .exe to your c:\ (root) and run it from there.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users