Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware infection.


  • This topic is locked This topic is locked
52 replies to this topic

#1 mattsccm

mattsccm

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 16 September 2013 - 05:15 AM

I am posting here at the advice of those present on the introduce yourself section.

Very briefly, for some time I have been blocked from opening attachments and have received messages telling me that they are a virus. Accompanying this is the small red and white shield  that looks as if its linked to Windows 7 security centre or something similar. The same problem has occurred when my wife tries to access attachments from work.  In all cases we are happy that there is no virus, my wife's are coming from local government computers.

Today my pc has decided to stop me opening MS word docs that were fine over the weekend. All those files have an orange icon now.

I started a thread on the Forum attached to PC advisor magazine and ultimately the suggestion was to use Combofix.

At this point I have hesitated as I have been told that Combofix is powerful and could cause issues .

 I am unable post post a link to that forum for some reason. I can copy it but it won't paste here

 

http://www.pcadvisor.co.uk/forum/28/windows-7-help-4251101/av-message-about-attachments-incorrect/?pn=1

 That's the typed version.

It appears that the Pc is slowly being overtaken

Your help would be appreciated.

Thank you, Matt



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 PM

Posted 16 September 2013 - 05:31 AM

If you have already help at another forum, you should follow the advice there. If you want to get help in here, tell the helpers at the other forum that you want to skip their procedure.

 

Following the instructions of more than one helper could cause unforeseen consequences.


Edited by TB-Psychotic, 16 September 2013 - 05:32 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 mattsccm

mattsccm
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 16 September 2013 - 06:28 AM

Nothing was done based on the recommendations of another forum. I was advised that the use of Combofix needed some expert support and that here was the place to try. This problem was initially thought to be a Norton 360 issue. After several forum posts it was decided that was not the case. I thanked the members of the Norton forum for their help, remarking on the suggestions made as in my link posted. I was then told to look here for more expert help which I am doing.

No actions were taken and any help from here will be starting from scratch.

I posted the link to the other forum in case it provided useful information.



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 PM

Posted 16 September 2013 - 06:55 AM

OK! :)

 

 

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs

DDS.txt: save to your desktop then post its contents in your topic
Attach.txt: save to your desktop then attach it to your next reply

 

 

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 mattsccm

mattsccm
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 16 September 2013 - 10:18 AM

Thank you.

I will give this some time later.

I am in the UK so that may affect the timings of my posts compared to yourself.

Matt



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 PM

Posted 16 September 2013 - 10:23 AM

No, not much as I´m from germany...^^


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 mattsccm

mattsccm
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 17 September 2013 - 03:11 AM

Hi again.

Question one.

In your first step you say to disable any script blocker.

What is this and how would I know where to find such a thing and how to disable it?  I may be aware of it but may not realise what it is. I am using Norton 360, is it linked to that?

 

Question two

You also say DDS.txt: and save to the desktop. Is it obvious where to type DDS.txt?

I then post its contents in my topic. Is that self evident? What is my topic. You then say attach it in my reply. How.

I apologise for these rather basic questions. My knowledge has large gaps and I do not want to get so far and then find myself confused.

Thank you


Edited by mattsccm, 17 September 2013 - 03:15 AM.


#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 PM

Posted 17 September 2013 - 03:55 AM

1)

No, that is no script blocker. If you would have one installed by yourself, you would know how to disable it.

 

2)Your topic is your forum thread in which we are posting at the moment. Select all of the content of dds.txt and put in in your next reply.

You´ll find the option to attach files when selecting "More reply options" on the bottom right.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 mattsccm

mattsccm
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 18 September 2013 - 02:09 AM

Here are the DDS files straight from my desk top.

 



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 PM

Posted 18 September 2013 - 02:21 AM

That didn´t work...


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 mattsccm

mattsccm
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 18 September 2013 - 02:40 AM

Here is the aswMBR log

I think! The only other one that mentions MBR is the MBRdat one you mention above



#12 mattsccm

mattsccm
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 18 September 2013 - 02:42 AM

I bet the other one didn't work either then. I click more reply options then    ah ha . I din't attach them

I will try again. Is there one here?



#13 mattsccm

mattsccm
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 18 September 2013 - 02:43 AM

Trying again. I  thought I clicked "attach this file".

Just checked.

I see nothing that has told me that an attachment has been sent.

 

By the way, can I attach all 3 logs at once? Maybe by holding a key when I click?


Edited by mattsccm, 18 September 2013 - 02:44 AM.


#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 PM

Posted 18 September 2013 - 02:57 AM

You have to upload every file on its own.

Select one, click "attach this file" and wait until the symbol with the file name occurs.

 

Then repeat that with the other files.

 

Once you have uploaded them all, click "add reply"


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 mattsccm

mattsccm
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 18 September 2013 - 03:09 AM

I still don't think this is working. More to the point I am not doing it properly>

I can get the file in the box at the bottom, to the right of the big clip. I click attach this file and the browse/clear box goes but the attach this file stays. The clip stays. I click "add reply"

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users