Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm told that my computer is badly infected.


  • This topic is locked This topic is locked
71 replies to this topic

#1 cruzsculpture

cruzsculpture

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rockford IL
  • Local time:01:04 PM

Posted 30 March 2014 - 05:02 PM

Hi,

 

I'm told that my computer is badly infected. 

 

And given the nature of some of the things found on my computer ( as I've been trying to learn "Internet Marketing"

 

and have limited tech skills ) such as keyword research software and email marketing software, that I have not actually

 

used or never actually learned how to use or used and didn't like how they intruded on my prospects and therefore didn't

 

use . . . and other "bright shiny things" purchased on the Warrior Forum as educational materials and tools that were

 

meant to assist me with building an email list and marketing to my followers [ never really got off the ground ]

 

. . . it was decided that my computer was too infected to be helped and partially because the Malwarebytes scan took 49

 

hrs. I didn't get much sleep during that time.

 

 

[ I have O.C.D. and A.D.D. and find it difficult to send stuff to the recycle bin. ]

 

 

My hope is that you will be willing to look at the DDS logs and the full scan of Malwarebytes and make your own

 

determination. I'm going to be purchasing another computer soon yet there is much on this machine that I will want to save.

 

 

Thanks in advance for any assistance you are willing to render.

 

                                                                                                      Axel Cruz / CruzSculpture

 

 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:04 PM

Posted 31 March 2014 - 04:09 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 
Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 cruzsculpture

cruzsculpture
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rockford IL
  • Local time:01:04 PM

Posted 01 April 2014 - 05:35 PM

Hello Marius,

 
I just found your reply and will begin the work as instructed, shortly . . . I do have a class this evening and will need to leave 
 
here in an hour and a half from now.
 
I'll stay in touch as you direct me through this process !
 
Gracias,
 
           Cruz
 
. . . replying directly to the email does not work . . . 
 
After I downloaded the two software programs, I attempted to run the first one as instructed,
 
yet it would not run and I got the following message:
 
C:\Documents and  Settings\Axel\My Documents\Downloads\FRST.exe is not a valid Win32 Application
 
Please Advise.
 
Thanks,
 
            Cruz


#4 cruzsculpture

cruzsculpture
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rockford IL
  • Local time:01:04 PM

Posted 01 April 2014 - 06:10 PM

Marius,

 

I need to leave by 6:20 pm CST and will return at approximately 10 pm.

 

Cheers,

 

             Cruz



#5 cruzsculpture

cruzsculpture
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rockford IL
  • Local time:01:04 PM

Posted 01 April 2014 - 10:02 PM

Marius,

 

Again, cannot seem to get the program to run, I even deleted the initial one and downloaded another, and I keep getting the same message :  

 

C:\Documents and  Settings\Axel\My Documents\Downloads\FRST.exe is not a valid Win32 Application

 

It's going 10 pm and I'll most likely be up for another 4 to 5 hours. I'll check back periodically for your input.

 

Respectfully,

                     Cruz

 

                   



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:04 PM

Posted 02 April 2014 - 06:29 AM

Let´s try that in a different way - which windows version is installed?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 cruzsculpture

cruzsculpture
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rockford IL
  • Local time:01:04 PM

Posted 02 April 2014 - 11:37 AM

WindowsXP Professional



#8 cruzsculpture

cruzsculpture
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rockford IL
  • Local time:01:04 PM

Posted 02 April 2014 - 12:47 PM

I went to:  Start > Computer> Properties>

 

System

      Microsoft WindowsXP

      Home Edition

      Version 2002

      Service Pack 3

 

Registered to:

      Axel

 

Computer

      ADM Athlon™ 64X2 Dual

      Core Processor 4200+

      2.21 GHz, 2.00 GB of Ram

      Physical Address Extention

 

A friend helped me set up Open Office to access documents

because Windows wound no longer open those documents . . . 



#9 cruzsculpture

cruzsculpture
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rockford IL
  • Local time:01:04 PM

Posted 02 April 2014 - 07:26 PM

Hi Marius,

 

I'm sure that you are busy with others and having a life . . . I check in often to see if you have posted a reply.

 

I do not have class again until Friday at 7 pm CST. 

 

Respectfully,

 

                    Cruz



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:04 PM

Posted 03 April 2014 - 04:38 AM

Please reboot your computer into safe mode and try to run the scans there.

I´ll be noticed by Email if you reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 cruzsculpture

cruzsculpture
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rockford IL
  • Local time:01:04 PM

Posted 03 April 2014 - 04:46 AM

Good Morning Marius,

 

What is the procedure to reboot in safe made ?

 

Cruz



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:04 PM

Posted 03 April 2014 - 04:53 AM

Scan with FRST in safe mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 cruzsculpture

cruzsculpture
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rockford IL
  • Local time:01:04 PM

Posted 03 April 2014 - 05:05 AM

Marius,

 

Again, cannot seem to get the program to runand I keep getting the same message :  

 

C:\Documents and  Settings\Axel\My Documents\Downloads\FRST.exe is not a valid Win32 Application

 

Please advise.



#14 cruzsculpture

cruzsculpture
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rockford IL
  • Local time:01:04 PM

Posted 03 April 2014 - 07:08 AM

Marius,

 

T time of day that I am usually asleep because I work what is referred to as the "Graveyard Shift".

 

I'll stay a while longer . . . 

 

Again, I've downloaded FRST three times and attempted to Run the program . . It will not start and I get the following message :

 

C:\Documents and  Settings\Axel\My Documents\Downloads\FRST.exe is not a valid Win32 Application

 

Is my WindowsXP corrupted or possibly missing parts ?

 

I'll try to stay awake another hour . . . 

 

Cruz



#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:04 PM

Posted 04 April 2014 - 02:22 AM

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users