Jump to content

Existing user? Sign In
Sign In

Remember me Not recommended on shared computers

Forgot your password?
Staff Sign In
Sign Up

Resolved Malware Removal Logs

Infected with winrscmde trojan?

winrscmde

kk4flyer

By kk4flyer
November 24, 2012 in Resolved Malware Removal Logs

Share

Recommended Posts

TheDarkKnight

Posted December 4, 2012

- Share

Posted December 4, 2012

Hello kk4flyer.

OK so xPUD won't help at this point in time it seems.

I would like you to please re-run the Kaspersky Disk again, fix anything it finds, and then restart your computer. Let me know how that goes and please post the report produced.

Link to post

Share on other sites

kk4flyer

kk4flyer

Posted December 4, 2012

Author

- Share

Posted December 4, 2012

Here is the Kaspersky log:

<pre style='color:#141312;background-color:#ffffff;'>

bjects Scan: completed 1 minute ago (events: 311, objects: 2743488, time: 06:25:49)

12/4/12 8:06 AM Task completed

12/4/12 8:06 AM Untreated: Rootkit.Boot.Pihar.c /dev/sda Skipped by user

12/4/12 8:06 AM Untreated: Rootkit.Boot.Pihar.c /dev/sda Cannot be disinfected

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 8:06 AM Disinfected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 5:18 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 2:13 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor OTHER.idz Read error

12/4/12 2:12 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor ANSI.idz Read error

12/4/12 2:12 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor ANSI.idz/AI2013_Inventor ANSI Read error

12/4/12 2:12 AM Processing error C:/Autodesk/WI/Autodesk Inventor 2013/Content/DClibrary/DesktopContents/AI2013_Inventor GOST.idz Read error

12/4/12 1:41 AM Untreated: Rootkit.Boot.Pihar.c /dev/sda Postponed

12/4/12 1:41 AM Detected: Rootkit.Boot.Pihar.c /dev/sda

12/4/12 1:40 AM Task started

</pre>

Link to post

Share on other sites

kk4flyer

kk4flyer

Posted December 4, 2012

Author

- Share

Posted December 4, 2012

When I rebooted from hard drive, I got the same results as before: Saw Dell startup screen, then black screen with cursor blinking in upper left corner. Never got to Windows.

Link to post

Share on other sites

TheDarkKnight

Posted December 5, 2012

- Share

Posted December 5, 2012

Hey kk4flyer,

Do you have a Windows 7 disc or repair disc on hand?

Link to post

Share on other sites

kk4flyer

kk4flyer

Posted December 6, 2012

Author

- Share

Posted December 6, 2012

I don't have a Windows 7 disk. I have a "recovery disk" that I made when I first got the computer. Unfortunately I can't find the documentation that told me to make the disk, so I don't know what it's for. It contains folders like "BOOT", "dell", "preload", "recovery", and some other files.

Link to post

Share on other sites

TheDarkKnight

Posted December 7, 2012

- Share

Posted December 7, 2012

Hey kk4flyer,

Please reboot your computer and press F12 repeatedly. A menu should appear, allowing you to choose the boot order. Select CD/DVD drive as order #1, and then save and exit. Insert the recovery CD and see if you can access it.

Link to post

Share on other sites

kk4flyer

kk4flyer

Posted December 8, 2012

Author

- Share

Posted December 8, 2012

I changed setup to boot from CD/DVD and inserted recovery disk. It said "Windows is loading files...", then "Starting Windows", then came to a Dell DataSafe Local Backup screen. It said "Click 'Next' to restore your computer to the most recent Full System Backup. Files added or changed since that backup will be preserved and then copied back to your computer after the restoration is complete". There were 2 choices:

Run the program from my hard disk (recommended)

Continue with your System Recovery Disc

So I chose to run it from hard disk, and clicked Next. It instructed me to remove the Recovery Disk, so I did. It said it was going to reboot from the recovery partition. I clicked Finish and it tried to reboot, but failed as usual - black screen with cursor blinking in upper left.

I don't think I ever did a Full System Backup, so maybe that's why it failed.

Link to post

Share on other sites

TheDarkKnight

Posted December 8, 2012

- Share

Posted December 8, 2012

Hey kk4flyer,

Please try the Full System Backup, and see if that works instead.

Link to post

Share on other sites

kk4flyer

kk4flyer

Posted December 10, 2012

Author

- Share

Posted December 10, 2012

Tried again to boot from Recovery Disk. This time I selected the "continue with recovery disk" option. It gave me 2 options: "Restore computer and preserve my new or changed files (recommended)" and "select other system backup and more options". I tried the first one. It went to an Emergency File & Folder Backup screen and scanned my computer for new or changed files since the last backup; it saved them in an Emergency folder on the C: drive. It looked like it saved just about every file. Then it went to "Restore my computer", which formatted the partition. Oops, I didn't know it was going to do that. Then it started "reinstalling your original content", which took a long time. Then it restarted, and yes.. it got to Windows! Looks like a clean re-install of Windows; it asked me for a bunch of setup stuff. Windows is working, but lots of things need to be set up, like internet connection. I'll try to work on this. If you have any suggestions, let me know. Thanks for your help.

Link to post

Share on other sites

TheDarkKnight

Posted December 10, 2012

- Share

Posted December 10, 2012

Hey kk4flyer,

I'm glad the disc came through. You had the pihar bootkit infection, which is often hard to fix as it stops you from booting into Windows.

Here are some security suggestions:

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :thumbup:

IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections. This is a crucial security measure.

As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Please consider installing and running the following program (there is a free version available):

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster, can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and Add-ons, like Adblock Plus and NoScript, can make it even more secure. To avoid dangerous sites Web of Trust or McAfee SiteAdvisor can be installed. Google Chrome or Opera are other good options.

Two useful programs for keeping your programs up-to-date are FileHippo or Secunia PSI. Running one of these regularly will help you obtain the latest program updates.

Please also read Tony Klein's excellent article: How did I get infected in the first place.

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.

=====

If you need any further help or advice please let me know.

Link to post

Share on other sites

LDTate

Posted December 15, 2012

- Share

Posted December 15, 2012

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post

Share on other sites

Guest

This topic is now closed to further replies.

Share

Go to topic listing

Recently Browsing 0 members
- No registered users viewing this page.

×

×

Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

IPS spam blocked by CleanTalk.