Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant seem to remove DOS:/Rovnix.W and others.


  • Please log in to reply
40 replies to this topic

#1 blamp28

blamp28

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 29 August 2014 - 10:48 AM

Hello,

 

 

I am helping my father with his ultra slow PC running Windows 7 professional 32 bit. He complained of slow speeds and when I checked it out I found that there were anywhere from 7 to 12 instances of exlplorer.exe running at any given time. In looking through the file structure, I found a user account for someone named wangzhisong. I removed the account and scanned with MALWAREBYTES and it looked like I got it but then noticed during the free trial period for the real time protection, that there was almost non-stop activity as indicated by the popups on the lower right of the screen with the software blocking access to various web sites from around the globe. After a couple of weeks, this activity stopped so we thought maybe we had gotten it. 

 

 

The PC ran exceptionally well for a couple of weeks then slowed down again and the multiple instances of exlplorer.exe were running again consuming nearly 100% of the RAM and CPU. With some web searching, I found this site and others with a various approaches and followed the processes that seemed to have been working for others. Eventually, I ended up downloading Microsoft Security Essentials and Microsoft Safety Scan.

 

 

When running Microsoft Safety Scan’s quick scan option, it found and deleted 2 or 3 viruses/malware items including Rovnix.c and made mention of Rovnik.W which it said it had partially removed – recommending a full scan. I rebooted in safe mode and began the scan. This scan took 30 hours or so with 3.8million files. I noticed that while it was scanning, it was scanning files I could not find on the hard drive. I thought I had unhidden these files but it was scanning temporary internet files in my dad’s user profile that did not appear to exist. I had cleaned them out.

 

 

Another symptom is that the system is nearly at the hard drive capacity of 80GB with about 1GB available. When I look to see what is taking all the space, I find that by looking at the user profile for my dad, the total is 47.5 GB. He has 5.5GB of documents etc. in his “my documents” files but there seems to be nothing else visible that could consume all that space. His Windows directory on the C: drive is 16GB too.

 

 

We did buy a new hard drive and cloned the disk when we thought everything was fine but now that I realize all is not well, I realize we most certainly duplicated our problem and have not used the new 500GB disc at all. The power and data cables remain unplugged until we solve this issue.

 

 

He bought the PC from a local PC recycler with a good reputation. He brought the virus in himself when he opened a cleverly titled email. He remembers doing it. The hard part is that the licensing for the Windows as well as the MS office 2010 that is on the system does not permit fresh installs from media so I think we will have to work with the clone once we clean this up. He is on a fixed income so I am trying to learn all I can to eliminate this without any cost to him. He has even considered throwing in the towel and going after a new PC with Windows 7 since they can still be bought from Tiger direct and he does not want to learn yet another version of Windows at 78years old. He would still have to buy office again since the licenses for the software are still tied to the infected PC.

 

 

Any suggestions or help would be appreciated.


Edited by hamluis, 29 August 2014 - 11:44 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:02:11 AM

Posted 29 August 2014 - 11:27 AM

Please post the Malwarebytes log.  To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.

Please run the ESET OnlineScan

***Please note. If you run this scan using Internet Explorer you won't need to download the Eset Smartinstaller.***

  • Click on this link to open ESET OnlineScan in a new window.
  • The ESET Online Scanner page will open, click on Yes, I agree to the trems of use, then click on Start, the scan will now begine.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

Please download AdwCleaner and install it.
 
When AdwCleaner opens you will see an image like the one below.
 
adwcleaner11_zps48314883.png
 
Click on Scan to start the scan.
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 blamp28

blamp28
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 29 August 2014 - 12:28 PM

Thanks for the quick response. I will most likely have to do this later after my work day ends. 



#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:02:11 AM

Posted 29 August 2014 - 12:45 PM

I will probably catch up with this topic in the morning if you are going to be this late in responding.  Due to a family emergency my time here is limited till things get back to normal.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 blamp28

blamp28
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 29 August 2014 - 01:02 PM

Sorry to hear and thanks. I have begun the process remotely via a Teamviewer connection. I have the MB log but it says that it could not access the logs. see below. I have logs from that last few MD scans on my laptop but they are all XML files I have the ESET scan running now and it is 75% complete.

 

 

 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs
mbam-log-2014-07-29 (21-04-12).xml       File Size: 21788     BYTES FileVersion:  N/A            MD5: [a356614aac66fe64f278042b05c51635]
mbam-log-2014-07-29 (21-08-08).xml       File Size: 6400      BYTES FileVersion:  N/A            MD5: [1f863f3ee9f0363a5133fe67ce8e01ba]
mbam-log-2014-07-29 (21-28-40).xml       File Size: 2500      BYTES FileVersion:  N/A            MD5: [f565aa01e9bdcd6d7c47fb1a20e4ec26]
mbam-log-2014-07-30 (08-08-18).xml       File Size: 2506      BYTES FileVersion:  N/A            MD5: [e9e67c51b22530d7fe39c6ab3317640f]
mbam-log-2014-08-25 (12-38-56).xml       File Size: 3056      BYTES FileVersion:  N/A            MD5: [5e6beb76be4ec0e416399177c606637f]
mbam-log-2014-08-25 (13-57-26).xml       File Size: 2500      BYTES FileVersion:  N/A            MD5: [79ea939aab33a1b5bb9d4a0badc3a7a3]
mbam-log-2014-08-25 (14-27-46).xml       File Size: 2498      BYTES FileVersion:  N/A            MD5: [646e7eecaf24452a38f04a5c1645d59e]
protection-log-2014-07-29.xml           File Size: 21698     BYTES FileVersion:  N/A            MD5: [a12908b6702676a60bf91dd9f4028b70]
protection-log-2014-07-30.xml           File Size: 14614296  BYTES FileVersion:  N/A            MD5: [edc8d1524411790d805d41615ac7d596]
protection-log-2014-08-25.xml           File Size: 1279      BYTES FileVersion:  N/A            MD5: [588c7c6f13b135ca73fa4a5c361d7e3c]
 
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Quarantine
 
Malware Exclusions:
===================
Unable to access exclusion information: Error code 20001Web Exclusions:
================
Unable to access exclusion information: Error code 20001Quarantined Items:
===================
Unable to access quarantine information: Error code 20001===============================================================
END OF FILE


#6 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:02:11 AM

Posted 29 August 2014 - 01:12 PM

What version of Malwarebytes did you run?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#7 blamp28

blamp28
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 29 August 2014 - 01:29 PM

Version is 2.0.2.1012



#8 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:02:11 AM

Posted 29 August 2014 - 02:16 PM

Did you check for updates before running the scan?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#9 blamp28

blamp28
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 29 August 2014 - 02:31 PM

Sure did. By the way the scan is at 91% complete and has been at 91% for a long while. It is currently scanning the users\owner\appdata\microsoft\windows\temporary internet files   I did get these to be visible and there are 40GB of them even though I ran the disc cleanup tool this morning and specifically made sure they were deleted.



#10 blamp28

blamp28
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 30 August 2014 - 07:13 AM

Ok, back at it.

 

First, I just remembered another symptom. When I originally ran Malwarebytes on the 29th of July, that's also the day we noticed the user account for someone named wangzhisong and removed the account. Since that time, the PC clock and calendar don't advance or move slowly perhaps. Until this week, all documents were saved as having been completed on 7/29. I changed the settings but it still does not advance. I was going to put a new CMOS battery in the PC but I just realized that this behaviour started the same day. That sure seems like more than a coincidence don't you think?

 

ESET scan ran for several more hours last night scanning the same directory as mentioned above then froze at the same 91% mark. I stopped it and recorded the 6 items it found.

 

ESET Scan results:

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5I0JQMVT\klbb2vb8jw[1].htm JS/Exploit.Agent.NHE trojan
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\70IE0QRZ\f4bc11ce27657aadec821054c0576c144043f48d[1].htm HTML/Iframe.B.Gen virus
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\70IE0QRZ\main[4].htm JS/Kryptik.ARJ trojan
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GCSTXA7I\ifCAZ69V5Z.htm HTML/Iframe.B.Gen virus
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GCSTXA7I\impCAXJM8MX.js HTML/Iframe.B.Gen virus
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GCSTXA7I\ttjCA7789CV.js HTML/Iframe.B.Gen virus
 
 
AdwCleaner[R0].txt
# AdwCleaner v3.308 - Report created 27/08/2014 at 22:09:29
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Owner\daemonprocess.txt
File Found : C:\Windows\system32\roboot.exe
Folder Found : C:\Program Files\Mobogenie
Folder Found : C:\Program Files\MyPC Backup
Folder Found : C:\Program Files\Viewpoint
Folder Found : C:\ProgramData\Viewpoint
Folder Found : C:\Users\Owner\AppData\Roaming\Systweak
Folder Found : C:\Users\Owner\AppData\Roaming\UpdaterEX
 
***** [ Scheduled Tasks ] *****
 
Task Found : UpdaterEX
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\UpdaterEX
Key Found : HKLM\SOFTWARE\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Key Found : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Found : HKLM\SOFTWARE\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2A498D792D0AD2F4DADF03B3C066122B
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C697F962E048A434B8AE269E702964C8
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\Viewpoint
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16563
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Search Provider] : hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP3B270E39-E3A3-4DEA-822F-1C34E5189A0D&q={searchTerms}&SSPV=
Found [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dstrmsd&cd=2XzuyEtN2Y1L1QzutDtDtCtAtBtC0DyD0CtAtDtDtBtAyEtDtN0D0Tzu0CyCzztCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1Q1B2Z1C1H1B1Q&cr=423399000&ir=
 
*************************
 
AdwCleaner[R0].txt - [4518 octets] - [27/08/2014 22:09:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4578 octets] ##########
 


#11 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:02:11 AM

Posted 30 August 2014 - 09:10 AM


Please download TDSSKiller from here and save it to your Desktop.
 
1.  Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
 
 
tds2.jpg
 
2.  Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system.
 
If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
 
 
2012081514h0118.png
 
3.  Click Start Scan and allow the scan process to run.
 
 
tds4-1.jpg
 
4.  If threats are detected select Skip or Cure (if available) for all of them unless otherwise instructed.
 
***Do NOT select Delete!
Click Continue.
 
 
tds6.jpg[/*]
 
5.  Click Reboot computer.
 
Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#12 blamp28

blamp28
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 30 August 2014 - 01:03 PM

There are three loggs and they are too large to post. The forum page hangs up. How can I attach them?

 



#13 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:02:11 AM

Posted 30 August 2014 - 01:15 PM

Are each of these too long, or collectively?

 

If they are tool long individually break the logs into two or three parts.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#14 blamp28

blamp28
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 30 August 2014 - 01:46 PM

Collectively. I will post in three posts. Here is the first.

 

TDSSKiller.3.0.0.40_27.08.2014_21.33.59_log.txt:

 

21:33:59.0501 0x169c  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58

21:34:08.0382 0x169c  ============================================================

21:34:08.0382 0x169c  Current date / time: 2014/08/27 21:34:08.0382

21:34:08.0382 0x169c  SystemInfo:

21:34:08.0383 0x169c 

21:34:08.0383 0x169c  OS Version: 6.1.7601 ServicePack: 1.0

21:34:08.0383 0x169c  Product type: Workstation

21:34:08.0383 0x169c  ComputerName: OWNER-PC

21:34:08.0385 0x169c  UserName: Owner

21:34:08.0385 0x169c  Windows directory: C:\Windows

21:34:08.0385 0x169c  System windows directory: C:\Windows

21:34:08.0386 0x169c  Processor architecture: Intel x86

21:34:08.0386 0x169c  Number of processors: 2

21:34:08.0386 0x169c  Page size: 0x1000

21:34:08.0386 0x169c  Boot type: Normal boot

21:34:08.0386 0x169c  ============================================================

21:34:13.0024 0x169c  KLMD registered as C:\Windows\system32\drivers\12248001.sys

21:34:17.0362 0x169c  System UUID: {248257C1-9ED5-8A13-80FA-CE58799B0048}

21:34:24.0118 0x169c  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 ( 74.53 Gb ), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

21:34:24.0158 0x169c  Drive \Device\Harddisk1\DR1 - Size: 0xEB000000 ( 3.67 Gb ), SectorSize: 0x200, Cylinders: 0x1DF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

21:34:24.0160 0x169c  ============================================================

21:34:24.0160 0x169c  \Device\Harddisk0\DR0:

21:34:24.0168 0x169c  MBR partitions:

21:34:24.0168 0x169c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

21:34:24.0169 0x169c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x94DC000

21:34:24.0169 0x169c  \Device\Harddisk1\DR1:

21:34:24.0169 0x169c  MBR partitions:

21:34:24.0169 0x169c  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x30, BlocksNum 0x757FD0

21:34:24.0169 0x169c  ============================================================

21:34:24.0250 0x169c  C: <-> \Device\Harddisk0\DR0\Partition2

21:34:24.0251 0x169c  ============================================================

21:34:24.0251 0x169c  Initialize success

21:34:24.0251 0x169c  ============================================================

21:35:21.0777 0x17d8  KLMD registered as C:\Windows\system32\drivers\70565805.sys

21:35:23.0780 0x17d8  Deinitialize success



#15 blamp28

blamp28
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:11 AM

Posted 30 August 2014 - 01:57 PM

The second is 146 pages when read as a word document. It stalled the forum page again. Here are the last few lines. If you need more of this log let me know. This one is titled

 

TDSSKiller.3.0.0.40_27.08.2014_21.20.42_log.txt:

 

21:24:07.0706 0x0398  Scan finished

21:24:07.0706 0x0398  ============================================================

21:24:07.0935 0x024c  Detected object count: 1

21:24:07.0936 0x024c  Actual detected object count: 1

21:24:28.0945 0x024c  \Device\Harddisk0\DR0\Partition1 - copied to quarantine

21:24:32.0999 0x024c  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot

21:24:33.0014 0x024c  \Device\Harddisk0\DR0\Partition1 - ok

21:24:33.0014 0x024c  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Cure

21:24:39.0111 0x024c  KLMD registered as C:\Windows\system32\drivers\43370187.sys

21:24:52.0779 0x0f34  Deinitialize success 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users