Jump to content

Recommended Posts

Hello, Please note I am posting this from an uninfected computer. On the infected computer I can log on easily, but when I log on, after awhile I am unable to open ANYTHING. From Task Manager to Word to Internet Explorer, you name it, it won't open. My computer has been showing signs of a virus. I scanned it using the Malwarebytes Trial Version and it found 2 viruses: PUP.Crossfire.SA and some Adware. I tried to remove them and it seemed to have worked. But my computer had the same symptoms when I rebooted. I scanned again and it found nothing. Also, immediately after the scan, the Malwarebytes Trial "ended".prematurely. I tried re-downloading it but it didn't work. Can someone please help?

Share this post


Link to post
Share on other sites

Welcome to the forum, see if you can do any of this...

please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites

Re-opened per request of PRXD4

@ PRXD4

Please do what MrC had outlined. And copy/paste the logs soonest.

IF in future you might be delayed, please take a moment & let MrC know on the forum.

Share this post


Link to post
Share on other sites

Unfortunately, as you probably know, the scans from Malwarebytes didn't work. I already posted the DDS and Attach texts but RogueKiller will not work. I fear the virus is trying to screw with me. As soon as the system finds something, I get a STOP error message. Something about BIOS drivers? Probably fake. Also when I downloaded Malwarebytes, the files dealing with Malwarebytes Chameleon wouldn't download. Any suggestions?

Share this post


Link to post
Share on other sites

See if you can run TDSSKiller, it can be run in safe mode:

Please read the directions carefully so you don't end up deleting something that is good!!

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Share this post


Link to post
Share on other sites

Is safe mode required? Whenever I have tried it an error message comes up and I think this is the virus' doing.

Share this post


Link to post
Share on other sites

Great, looks like TDSSKiller found the infection.

Run TDSSKiller again and choose Delete for this one only: (no need to "load the module" or post the log)

16:18:32.0953 3004 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

16:18:32.0953 3004 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

~~~~~~~~~~~~~~~~

See if you can..........

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Share this post


Link to post
Share on other sites

Okay, I deleted the file from TDSSKiller and I successfully Updated and Scanned. I click all boxes and selected "Remove Selected." Here is the report. My computer is running slow but I am able to open the Internet and other things from the desktop. An improvement. Hopefully everything is gone. I DEFINITELY need to delete some stuff from this computer for the Quick Scan took over 30 minutes. Any suggestions to help my computer keep more secure? Also, I'm afraid to reboot. Will it reappear? And, I have two log-ons for my computer. Should I have to follow the same steps for both? Thank you SO much for your time.

mbam-log-2012-09-30 (17-13-40).txt

Share this post


Link to post
Share on other sites

I would like you to run ComboFix but first......

Please back up the registry:

http://www.geekstogo...ry-using-erunt/

Please create a new system restore point also.

If after running ComboFix you can't connect to the internet, please navigate to

the C:\WINDOWS\ERDNT folder and run ERDNT.exe, that will restore the registry.

Reboot and see how it is.

If that doesn't work....use that system restore point and that will correct the problem.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Share this post


Link to post
Share on other sites

Is it supposed to take two hours? I've been running it for about that much and it hasn't gotten past the point of "Completed Stage_50"

Share this post


Link to post
Share on other sites

No, stop it and................

Try it like this......

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown: (copy and paste)

"%userprofile%\desktop\combofix.exe" /nombr

See if it will run successfully now. MrC

Share this post


Link to post
Share on other sites

Crud! Safe Mode won't work. This is the error mode I'm seeing, "STOP: c0000139 {Entry Point Not Found} The procedure entry point RtlExtendHeap could notbe located in the dynamic link library ntdll.dll."

Share this post


Link to post
Share on other sites

I scanned using Microsoft Security Essentials and removed what it found.

Share this post


Link to post
Share on other sites

I scanned using Microsoft Security Essentials and removed what it found.

Share this post


Link to post
Share on other sites

I scanned using Microsoft Security Essentials and removed what it found.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.