BCalhoon Posted July 22, 2012 ID:574388 Share Posted July 22, 2012 Ran malwarebytes repeatedly and it kept finding the same two infected trojan files.DDS.txtAttach.txt Link to post Share on other sites More sharing options...
MrCharlie Posted July 22, 2012 ID:574554 Share Posted July 22, 2012 Welcome to the forum.Before we proceed further, please uninstall or disable BitTorrent and BitTorrentBar2 Toolbar and any other peer-to-peer filesharing app. Continued use of filesharing or ill-advised downloads will surely re-infect your system.Risks of File-Sharing Technology.P2P file sharing: Know the risksIt's also against our policy:http://forums.malwarebytes.org/index.php?showtopic=97700---------------------------------------------Then.............Please remove any usb or external drives from the computer before you run this scan!Please download and run RogueKiller to your desktop.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop.MrC Link to post Share on other sites More sharing options...
BCalhoon Posted July 22, 2012 Author ID:574580 Share Posted July 22, 2012 Okay, I uninstalled bit torrent and the toolbar and also removed my external drives and ran the rougekiller program. The report is attached.RKreport1.txt Link to post Share on other sites More sharing options...
MrCharlie Posted July 22, 2012 ID:574586 Share Posted July 22, 2012 Please make sure system restore is running and create a new restore point before continuing.XP <===> Vista & W7XP users > please back up the registry using ERUNT.-----------------------------------------Please download and run TDSSKiller to your desktop as outlined below:Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.-------------------------Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.------------------------Click the Start Scan button.-----------------------If a suspicious object is detected, the default action will be Skip, click on ContinueIf you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on Continue----------------------If malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.--------------------A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.-------------------Here's a summary of what to do if you would like to print it out:If a suspicious object is detected, the default action will be Skip, click on ContinueIf you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on ContinueIf malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.MrC Link to post Share on other sites More sharing options...
BCalhoon Posted July 22, 2012 Author ID:574589 Share Posted July 22, 2012 Here is the log for TDSSKiller.TDSSKiller.2.7.46.0_22.07.2012_10.25.12_log.txt Link to post Share on other sites More sharing options...
MrCharlie Posted July 22, 2012 ID:574600 Share Posted July 22, 2012 Please run it again and Delete this one only.10:27:28.0629 11772 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user10:27:28.0629 11772 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 10:27:31.0208 8448 Deinitialize success----------------------------------Then........Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingcomputer.com/combofix/how-to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed.Please include the C:\ComboFix.txt in your next reply for further review.---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrCMrC Link to post Share on other sites More sharing options...
BCalhoon Posted July 22, 2012 Author ID:574616 Share Posted July 22, 2012 Ran Combofix, and had to reboot the computer a couple of times. Here is the log from ComboFix.combofix log.txt Link to post Share on other sites More sharing options...
MrCharlie Posted July 22, 2012 ID:574624 Share Posted July 22, 2012 Looks Good.....Please Update and run a Quick Scan with MBAM, post the report.Make sure that everything is checked, and click Remove Selected.Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
BCalhoon Posted July 22, 2012 Author ID:574629 Share Posted July 22, 2012 Updated and scanned, no malicious items found. It seems to be running faster too.mbam-log-2012-07-22 (12-22-48).txt Link to post Share on other sites More sharing options...
MrCharlie Posted July 22, 2012 ID:574634 Share Posted July 22, 2012 Great A little clean up to do....Please Uninstall ComboFix: (if you used it)Press the Windows logo key + R to bring up the "run box"Copy and paste next command in the field:ComboFix /uninstallMake sure there's a space between Combofix and /Then hit enter.This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point---------------------------------Please download OTL from one of the links below: (you may already have OTL on the system)http://oldtimer.geekstogo.com/OTL.exehttp://oldtimer.geekstogo.com/OTL.comSave it to your desktop.Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)Any other programs or logs you can manually delete.IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....-------------------------------Any questions...please post back.If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.Take a look at My Preventive Maintenance to avoid being infected again.Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 23, 2012 ID:574940 Share Posted July 23, 2012 Glad we could help. This has been resolved, and now this topic is closed.The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to any other system! Link to post Share on other sites More sharing options...
Recommended Posts