Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

is system32/root/system32.exe a virus?


  • Please log in to reply
21 replies to this topic

#1 dare2winn

dare2winn

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 27 March 2013 - 03:26 PM

when i installed windows 7 any version after installing the drivers a dialog box poped up saying system32.exe has stopped working and many such box appeared at once....then when i got a software called combofix.exe which was a boon to me and ran then in the result it deleted system32/root/system32.exe and system32/root folder too,,,,, then pc worked and no such warning again

my question is
1. is that path which i have mention is not needed
2. was that virus
3, does Ur c drive contains that folder or not please confirm me friends...
4,,,in reality (healthy pc) that path and directory is available or it was only created in my pc and later deleted....is that directory needed or not
4. main strange is that when it is been deleted and pc works well then when i re install any version of win 7 same thing repeated and i have to run the software again,,,why does it reappears in each installation with drive formatting even though it is deleted



plese help me exeperts with the solution that same thing doesn't appear in new installation

 

 

this is the log after combofix finished it work.....please  suggest me what i need to do

 

ComboFix 13-03-24.03 - Dare2winn 03/27/2013  21:40:46.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3990.2630 [GMT 5.75:45]
Running from: d:\new amd\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dare2winn\AppData\Roaming\logs.dat
c:\windows\root
c:\windows\root\system32.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-27 to 2013-03-27  )))))))))))))))))))))))))))))))
.
.
2013-03-28 04:31 . 2013-03-27 14:50    --------    d-----w-    c:\windows\Panther
2013-03-28 04:31 . 2013-03-28 04:31    --------    d-----w-    C:\Boot
2013-03-27 15:58 . 2013-03-27 15:58    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-03-27 15:50 . 2012-07-11 11:24    64856    ----a-w-    c:\windows\system32\klfphc.dll
2013-03-27 15:49 . 2013-03-27 15:49    --------    d-----w-    c:\windows\ELAMBKUP
2013-03-27 15:49 . 2013-03-27 15:50    --------    d-----w-    c:\programdata\Kaspersky Lab
2013-03-27 15:49 . 2012-08-13 12:39    89432    ----a-w-    c:\windows\system32\drivers\klflt.sys
2013-03-27 15:49 . 2012-08-13 12:39    611160    ----a-w-    c:\windows\system32\drivers\klif.sys
2013-03-27 15:24 . 2013-03-27 15:49    --------    d-----w-    c:\program files (x86)\Kaspersky Lab
2013-03-27 15:23 . 2013-03-27 15:23    --------    d-----w-    c:\program files\WinRAR
2013-03-27 15:12 . 2013-03-27 15:12    --------    d-----w-    c:\programdata\ATI
2013-03-27 15:11 . 2013-03-27 15:11    0    ----a-w-    c:\windows\ativpsrm.bin
2013-03-27 15:10 . 2013-03-27 15:10    --------    d-----w-    c:\program files\Common Files\Intel
2013-03-27 15:10 . 2013-03-27 15:10    --------    d-----w-    c:\program files (x86)\Common Files\Intel
2013-03-27 15:09 . 2013-03-27 15:09    --------    d-----w-    c:\program files (x86)\AMD APP
2013-03-27 15:09 . 2013-03-27 15:09    --------    d-----w-    c:\program files\Common Files\ATI Technologies
2013-03-27 15:07 . 2013-03-27 15:07    --------    d-----w-    c:\program files\Synaptics
2013-03-27 15:06 . 2011-04-22 12:37    66856    ----a-w-    c:\windows\SysWow64\SynTPEnhPS.dll
2013-03-27 15:06 . 2011-04-22 12:37    107816    ----a-w-    c:\windows\SysWow64\SynTPCOM.dll
2013-03-27 15:06 . 2011-04-22 12:37    225576    ----a-w-    c:\windows\system32\SynTPAPI.dll
2013-03-27 15:06 . 2011-04-22 12:37    148264    ----a-w-    c:\windows\system32\SynTPCo0.dll
2013-03-27 15:06 . 2009-08-07 05:04    1721576    ----a-w-    c:\windows\system32\WdfCoInstaller01009.dll
2013-03-27 15:06 . 2011-04-22 12:39    1438768    ----a-w-    c:\windows\system32\drivers\SynTP.sys
2013-03-27 15:06 . 2011-04-22 12:37    276264    ----a-w-    c:\windows\system32\SynCtrl.dll
2013-03-27 15:06 . 2011-04-22 12:37    222504    ----a-w-    c:\windows\SysWow64\SynCtrl.dll
2013-03-27 15:06 . 2011-04-22 12:37    411432    ----a-w-    c:\windows\system32\SynCOM.dll
2013-03-27 15:06 . 2011-04-22 12:37    177448    ----a-w-    c:\windows\SysWow64\SynCOM.dll
2013-03-27 15:06 . 2013-03-27 15:06    --------    d-----w-    c:\program files (x86)\Dell
2013-03-27 15:05 . 2010-11-30 08:17    74272    ----a-w-    c:\windows\system32\RtNicProp64.dll
2013-03-27 15:05 . 2010-11-30 08:17    412264    ----a-w-    c:\windows\system32\drivers\Rt64win7.sys
2013-03-27 15:05 . 2010-11-30 08:17    107552    ----a-w-    c:\windows\system32\RTNUninst64.dll
2013-03-27 15:04 . 2013-03-27 15:04    --------    d-----w-    c:\programdata\Intel
2013-03-27 15:03 . 2013-03-27 15:03    --------    d-----w-    c:\program files\Intel
2013-03-27 15:02 . 2013-03-27 15:02    --------    d-----w-    c:\windows\system32\SRSLabs
2013-03-27 15:02 . 2013-03-27 15:02    --------    d-----w-    c:\windows\SysWow64\RTCOM
2013-03-27 15:02 . 2013-03-27 15:02    --------    d-----w-    c:\program files\Realtek
2013-03-27 15:00 . 2011-01-12 12:06    439320    ----a-w-    c:\windows\system32\drivers\iaStor.sys
2013-03-27 14:59 . 2013-03-27 15:06    --------    d-----w-    c:\programdata\Dell
2013-03-27 14:59 . 2013-03-27 14:59    --------    d-----w-    c:\program files\Dell
2013-03-27 14:58 . 2010-10-04 07:17    53248    ----a-w-    c:\windows\SysWow64\CSVer.dll
2013-03-27 14:58 . 2010-12-20 12:23    8192    ----a-w-    c:\windows\system32\drivers\IntelMEFWVer.dll
2013-03-27 14:58 . 2013-03-27 14:58    --------    d-----w-    c:\program files (x86)\Common Files\postureAgent
2013-03-27 14:58 . 2013-03-27 15:10    --------    d-----w-    c:\program files (x86)\Intel
2013-03-27 14:58 . 2010-10-19 10:49    56344    ----a-w-    c:\windows\system32\drivers\HECIx64.sys
2013-03-27 14:56 . 2013-03-27 14:56    --------    d-----w-    c:\windows\SysWow64\sda
2013-03-27 14:56 . 2013-03-27 15:05    --------    d-----w-    c:\program files (x86)\Realtek
2013-03-27 14:56 . 2010-12-01 10:27    9888360    ----a-w-    c:\windows\SysWow64\RtsUStoricon.dll
2013-03-27 14:56 . 2010-12-01 10:27    422504    ----a-w-    c:\windows\system32\RtsUStor.dll
2013-03-27 14:56 . 2010-12-01 10:27    250984    ----a-w-    c:\windows\system32\drivers\RtsUStor.sys
2013-03-27 14:56 . 2013-03-27 14:56    --------    d-----w-    C:\Intel
2013-03-27 14:54 . 2013-03-27 15:50    --------    d-sh--w-    c:\windows\Installer
2013-03-27 14:53 . 2013-03-27 14:53    --------    d-----w-    C:\Dell
2013-03-27 14:50 . 2013-03-27 14:51    --------    d-----w-    c:\users\Dare2winn
2013-03-27 14:50 . 2013-03-27 14:50    --------    d-----w-    C:\Recovery
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-16 343168]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-08-17 218880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-05-25 29016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-07-25 29016]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-06-08 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-16 203264]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-07 499200]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-07 869376]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2010-10-25 75264]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-08-09 12289472]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-09-13 95744]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-09-13 212992]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 412264]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - KL1
*NewlyCreated* - KLIM6
*NewlyCreated* - KLTDI
*NewlyCreated* - KNEPS
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-12-14 6561384]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-11-14 1605632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-HKLM - c:\windows\root\system32.exe
HKLM_Wow6432Node-ActiveSetup-{08B0E5JF-4FCB-11CF-AAA5-00401C6XX500} - c:\windows\root\system32.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Kaspersky Internet Security 2013 13.0.1.4190 - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-27  21:44:42
ComboFix-quarantined-files.txt  2013-03-27 15:59
.
Pre-Run: 85,119,176,704 bytes free
Post-Run: 85,347,393,536 bytes free
.
- - End Of File - - E6ACDB0583DC26B54308C12ADE6DA908
 

Attached Files


Edited by Noviciate, 27 March 2013 - 03:36 PM.
Log added from attachment


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:57 PM

Posted 29 March 2013 - 08:08 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

4. main strange is that when it is been deleted and pc works well then when i re install any version of win 7 same thing repeated and i have to run the software again,,,why does it reappears in each installation with drive formatting even though it is deleted

Your computer is infected. Why do you have to re install windows 7?

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
  • Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
    • Click the "Scan" button to start scan.
    • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
    • Please post the contents of that log in your next reply.
    There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
    ===

    Please post the logs for my review.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:57 PM

Posted 04 April 2013 - 08:37 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#4 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,259 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:08:57 PM

Posted 30 April 2013 - 11:38 AM

This topic has been re-opened at the request of the person who originally posted.

#5 dare2winn

dare2winn
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 30 April 2013 - 12:27 PM

thanks admin



#6 dare2winn

dare2winn
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 30 April 2013 - 12:30 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

4. main strange is that when it is been deleted and pc works well then when i re install any version of win 7 same thing repeated and i have to run the software again,,,why does it reappears in each installation with drive formatting even though it is deleted

Your computer is infected. Why do you have to re install windows 7?

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.
  • Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
    • Click the "Scan" button to start scan.
    • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
    • Please post the contents of that log in your next reply.
    There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
    ===

    Please post the logs for my review.

     

    This topic has been re-opened at the request of the person who originally posted.

     

    how to attach the files like txt ftles and images,,,,,i didnt find the option ,,,there is one tab of image when i click that it ask the url but i want to attach from my drive///help

 



#7 dare2winn

dare2winn
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 30 April 2013 - 12:31 PM

This topic has been re-opened at the request of the person who originally posted.

how to attach the files like txt ftles and images,,,,,i didnt find the option ,,,there is one tab of image when i click that it ask the url but i want to attach from my drive///help



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:57 PM

Posted 30 April 2013 - 01:29 PM

Click on the Reply to this topic button on top of the topic.

You will be able to post the results of your files and attach the file using the Browse button available to you.

#9 dare2winn

dare2winn
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 30 April 2013 - 01:52 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

 


this is one  log,,,,,tdsskiller log is 498 but it allows only file upto 488k, and doesnt supports zip and dat file..what to do? i had re installed but same problem is seen,,,Attached File  aswMBR.txt   2.33KB   0 downloadssdAttached File  aswMBR.txt   2.33KB   0 downloadsAttached File  aswMBR.txt   2.33KB   0 downloads



#10 dare2winn

dare2winn
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 30 April 2013 - 01:59 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

 


i have attached both log ..but dat file is not supported by uploader,,,how to upload files more than 490k ,,,,any way eventhouh it is late reply but you are the only hope cause today i had formatted c drive by useng partition manager thinking everything  will be erased but same thing is seen,,,,,i dont know know is it conincident or what,,,when i installed antivirus KIS then it started to appear...is it true? i have attached the pic of that dialog box too,,,so please help me cause we believe you,,,

 

regardsAttached File  aswMBR.txt   2.33KB   0 downloadsAttached File  tdss log.txt   248.51KB   1 downloadsAttached File  Capture.PNG   35.34KB   3 downloads



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:57 PM

Posted 01 May 2013 - 08:53 AM

Please download RogueKiller© by Tigzy from one of the links below and save it to your desktop.
Link 1 Bleepingcomputer
Link 2 RogueKiller (par Tigzy)

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop, DO NOT ATTACH THE LOG.

====

Edited by nasdaq, 01 May 2013 - 08:54 AM.


#12 dare2winn

dare2winn
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 04 May 2013 - 11:22 AM

Please download RogueKiller08 by Tigzy from one of the links below and save it to your desktop.
Link 1 Bleepingcomputer
Link 2 RogueKiller (par Tigzy)

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop, DO NOT ATTACH THE LOG.

====

Thank you for the purpose. i am sorry to say i didn't understand what you mean to say. you mean . i need to run the program but which result of desktop.

i would tell you the whole story.probably it would help you to understand. when i reinstall the window 7 and install all dell driver,every thing is ok. but when i install kaspersky then the problem is seen.when i restore pc to back then again no such virus is seen. the i tried all othe antivirus like avast,esetg,avg etc then no such problem is seen. the problem is seen only i istal kaspersky int security. so why is this with kaspersky not with other av? did it give any idea to you. waiting response. thanks

#13 dare2winn

dare2winn
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 04 May 2013 - 11:29 AM

nasdaq, what if i press fix all. to choose fix all option is strickly prohobited or it can be done?quite unclear .reply. thank you

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:57 PM

Posted 05 May 2013 - 06:53 AM

It might just be that Kaspersky is reaporting the bad file system32/root/system32.exe that ComboFix removed and placed in the it's quarantine folder.

Lets check it out.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:
    :filefind
    system32.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

#15 dare2winn

dare2winn
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 06 May 2013 - 07:33 AM

It might just be that Kaspersky is reaporting the bad file system32/root/system32.exe that ComboFix removed and placed in the it's quarantine folder.

Lets check it out.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe

  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:
    :filefind
    system32.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

 The log can also be found on your Desktop entitled SystemLook.txtk

 

 

thanks for the reply..... i have not installed any anitivirus rightnow so i want to ask that,,,,should i do ths system check after installing kaspersky and getting that problem again or can i use system look at this condition where no antivirus is  installed ? thanks

 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users