Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About suchek

  • Rank
    New Member
  1. Maurice, I'll work on burning the CD. I can do this from a separate, non-infected machine. A few questions: 1) Since I've already reformatted the C-drive and reinstalled the OS, there's no data that I'm trying to retain. This is probably a dumb question, but could the suspicious 4th partition be deleted or reformatted? 2) Should I reformat the Recovery D-drive? 3) "IF you have an attached external HDD drive, please disconnect it now." — Is there an infection risk to external and flash drives? I don't currently have an external HDD attached, but I did use an external HDD to back up my data be
  2. Hi, Maurice. Thank you very much for your help. I was able to run all the scans you instructed, and the logs are pasted below. As a side note: I had shut down the infected machine after posting my initial help request yesterday. When I rebooted today to run the scans, the "Malicious software was removed" notification was no longer popping up from the task bar. The popup hasn't recurred yet during this session. However, I'm still not using the machine other than to follow your instructions. I also disconnected it from the internet and disabled the wireless adapter. Scan notes: • RogueKille
  3. After getting a backdoor Trojan infection (Win32/Kryptik.ALQD.trojan) on my Dell laptop, I reformatted my C-drive yesterday and reinstalled the Win7 OS. Then today, after installing all my Windows security updates, I started getting a popup from my taskbar: "Malicious software was removed from your computer. Click here to complete the removal process." I don't know if this is a legitimate Windows popup or a rogue? The Trojan I got that led to me reformatting involved rogue HDD popup warnings, so I don't want to click on this "malicious software" taskbar popup unless it's legitimate. The only
  4. Maniac, I'm not sure what steps to take next? My machine still isn't functioning quite properly (still getting the " *.exe is not a valid Win32 application" error and running into some sort of unidentified program that seems to be running in the background). I haven't uninstalled Combofix or deleted/cleaned up any of the quarantines. Waiting for instructions ... Thank you for all your help so far.
  5. Hello. I'm being helped by Maniac here: http://forums.malwarebytes.org/index.php?showtopic=116050 I'd sent you a PM on the 22nd about the second thread w. Maniac. I'm sorry for the confusion.
  6. Sorry for this follow-up post, Maniac, I just noticed a couple additional issues when I went to shut down the infected machine: 3) When I went to shut down the machine, I got the message that Windows was waiting for background programs to close. The only thing I'd tried to do after booting up was launch TDSSKiller, which failed. I didn't click on, launch, or run anything else, and my computer isn't hooked up to the internet. (I'd disabled the wireless network adapter and turned off my wireless router.) I don't know what was running in the background — the computer was shutting down, so I
  7. Thank you very much! The machine is better, although not quite all the way back to its pre-infection state. All my programs, folders, and files seem to be visible and accessible now, and I haven't had any recurrences of the HDD or "Write Fault" error messages. Additionally, the rogue HDD-error icon that had appeared in my system tray (red circle w. a white X) is now gone. However, a couple of things that are still non-functional or a little off: 1) I clicked on the TDSSKiller.exe file on my desktop to see if I could get it to launch. I wasn't going to run the scan — I planned on cancelling
  8. Maniac, I went ahead and ran the ESET scan w. the additional scan options checked. Log is below. When the scan was finished, I had the option to choose "Uninstall application on close" and "Delete quarantined files." I left both unchecked, so ESET is still installed. -------------------------------------------------------------------------------- ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255) # OnlineScanner.ocx= # api_version=3.0.2 # EOSSerial=29ee5187ebb
  9. ok, I have "Remove found threats" and "Scan for potentially unwanted applications" both checked. There are three additional options; should any of these also be checked?: • Scan archives • Scan for potentially unsafe applications • Enable Anti-Stealth technology The Anti-Stealth option is checked by default; the other two are not checked.
  10. ok, I've created a zip file of the Qoobox Quarantine folder and sent you a PM w. the link to access it.
  11. Thank you for your guidance. Maniac. I backed up my data files. Here's the ComboFix log: -------------------------------------------------------------------------------- ComboFix 12-09-22.02 - v 09/22/2012 21:41:42.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6007.4478 [GMT -7:00] Running from: c:\users\v\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\
  12. Thank you, Maniac. I downloaded the Panda USB vaccine and have vaccinated my USB drive as well as the machine I've been using to download the cleaner programs. I'd already used the USB drive between the infected machine and the clean one — before you sent the Panda link — so I'm running malware scans on the second machine to make sure it's still clean. So far, scans haven't detected anything. As far as the infected machine: 1) What steps should I take next? I'm still not able to run TDSSKiller. I get the "not a valid Win32 application" error when I double-click on the tdsskiller.exe icon
  13. I downloaded TDSSKiller using IE and then Chrome (I'd originally used Firefox), and I got the same error, "tdsskiller.exe is not a valid Win32 application," when trying to run either. Note: I'm downloading the tdsskiller.exe file from a different machine to a USB drive and then copying the file from the USB drive onto the desktop of the infected machine — I don't know if that makes a difference. Because of the backdoor danger, I didn't want to hook the infected machine up to the internet in order to download the needed cleaner programs. So I've been copying the programs over to the infected
  14. Hello, Maniac. Thank you for the backdoor warning. I understand. Yes, please, I would still like to try to clean this machine. Thank you so much for your help, the speedy reply, and your easy-to-follow instructions. I'd already disconnected this machine from the Internet and have kept it shut down. After booting up today to run the programs you listed for me, I disabled the wireless adapter before running the programs. I booted up in Normal mode and was able to run both Unhide and RKill. (I was able to run the rkill.exe version.) Logs are below. However, when I try to run TDSSKiller fro
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.