Search the Community
Showing results for tags 'infected help clean partial'.
On 18-January I got infected with WindowsRecovery 2011. It threw a party and invited lots of friends, TDSS/Alureon (in various flavors), System Check, and many, many others. Researched numerous forums and over the course of now three weeks, managed to get system seemingly clean but was uncertain due to redraws during boot. At point of infecton, malware was missed by MSE, SuperAnti-spyware, and Malwarebytes' Antimalware, all three of which were used to scan before launch... It happens. (Yes, I know precisely what I did wrong, and about 48-hrs after I got tagged, updates to all three ID'd the culprit. Better late than never ... but they still miss it inside its ZIP carrier.) Tools used thus far included those as well as unhide, TDSSKiller, RUBotted, RootKitBuster, Housecall, HiJackThis, GMER, ComboFix,and rkill (not in said order). Today after more reading I decided to give it another go to see if any remnants were left lying about, mostly because of the screen draws and (IMO) too-frequent captures of Trojans. So, following the "I'm infected, now what" write up, I ran dds, attach, and ComboFix. Now I need another set of eyes, better trained than mine, to look over the logs and point the way. Also, FWIW, ComboFix quarantined a false positive. I don't have a clue how to get it to sUBs. It nailed the Data Robotics programs that run the dashboard interface between PC and their super-sweet Drobo hot swap storage device. That software is probably hosed and will need an un/re-install but the interface and data exchange between CPU & storage work fine. This is all taking place on an XP-SP3 CPU. Interestingly, I tried to open and launch this puppy on a new Windows 7 SP1 64x ultrabook I just got and Windows refused to run it. That's why I ran it on the XP box. (Yeah, I know. Why do you think it's taken so long for me to reach out?) I have no idea what remnant, if any, got onto the Win 7 64x system. Any help greatly appreciated.