Jump to content

Need help removing trojan.small and rootkit.0access - no repair your computer option


mar1
 Share

Recommended Posts

Hi,

I'm trying to remove viruses from my partners computer. He doesn't have the windows disk and when in advanced boot mode, there was no repair your computer option. (He has vista ultimate sp2)

In safe mode with command prompt Farbar produced only the following information.

Thanks in advance for any help

==================== Memory info ===========================

Percentage of memory in use: 14%

Total physical RAM: 1917.6 MB

Available physical RAM: 1647.86 MB

Total Pagefile: 4077.75 MB

Available Pagefile: 3944.6 MB

Total Virtual: 2047.88 MB

Available Virtual: 1977.34 MB

==================== Partitions ============================

1 Drive c: () (Fixed) (Total:111.72 GB) (Free:24.17 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

3 Drive e: () (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32

4 Drive f: (Iomega_HDD) (Fixed) (Total:465.76 GB) (Free:130.62 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ---------- ------- ------- --- ---

Disk 0 Online 112 GB 0 B

Disk 1 Online 466 GB 0 B

Disk 2 Online 7630 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 71 MB 32 KB

Partition 2 Primary 112 GB 71 MB

==================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C NTFS Partition 112 GB Healthy System (partition with boot components)

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 466 GB 32 KB

==================================================================================

Disk: 1

Partition 1

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 F Iomega_HDD NTFS Partition 466 GB Healthy

==================================================================================

Partitions of Disk 2:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 7629 MB 16 KB

==================================================================================

Disk: 2

Partition 1

Type : 0B

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E FAT32 Removable 7629 MB Healthy

==================================================================================

Last Boot: 2012-09-14 21:19

==================== End Of Log =============================

Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

Please read the directions carefully so you don't end up deleting something that is good!!

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

Run RogueKiller again and click Scan

When the scan completes > click on the Files tab

Put a check next to all of these and uncheck the rest: (if found)

[ZeroAccess][FOLDER] U : C:\Windows\Installer\{93c70fcc-8fee-3b3a-be50-dd8b658d6399}\U --> FOUND

[ZeroAccess][FOLDER] L : C:\Windows\Installer\{93c70fcc-8fee-3b3a-be50-dd8b658d6399}\L --> FOUND

[ZeroAccess][FOLDER] U : C:\Users\janthony\AppData\Local\{93c70fcc-8fee-3b3a-be50-dd8b658d6399}\U --> FOUND

[ZeroAccess][FOLDER] L : C:\Users\janthony\AppData\Local\{93c70fcc-8fee-3b3a-be50-dd8b658d6399}\L --> FOUND

Now click Delete on the right hand column under Options

Reboot and scan the system with RogueKiller and post the new log, MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.