RickNCN Posted December 17, 2012 ID:624228 Share Posted December 17, 2012 FBI ransomware malware was cleaned. At the end, ran combofix. It fixed something that upon reboot WIndows 7 went to a blank screen. Used System Restore to get back to Windows. Ran MS MRT and it found the infection and definitely identified svchost.exe as being infected. I let it clean. Rebooted - back to blank screen. Wondering if I can:1- restore a good copy of svchost.exe2- or should I do system restore again and take a different approachI have already:1- cloned hdd2- ERUNT3- FixExec4- Roguekiller, rkill, thekiller5- MBAM6- DrWeb CureIT7- Super AntiSpyware8- TDSSkiller9- Combofix10- MS MRT Link to post Share on other sites More sharing options...
RickNCN Posted December 18, 2012 Author ID:624541 Share Posted December 18, 2012 I ran another scan with Emsisoft and it indicated explorer, winlogon and svchost are infected but it can't clean or quarantine them. Link to post Share on other sites More sharing options...
kevinf80 Posted December 18, 2012 ID:624547 Share Posted December 18, 2012 Run the following and post the requested log,1. Download Malwarebytes Anti-Rootkit from this link http://www.malwarebytes.org/products/mbar/2. Unzip the File to a convenient location. (Recommend the Desktop)3. Open the folder where the contents were unzipped to run mbar.exe4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)6. The following image opens, select Next.7. The following image opens, select Update8. When the Update completes, select Next9. In the following window ensure "Targets" are ticked. Then select "Scan"10. If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:11. Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:12. Select "Yes" to close down the program. If NO infections were found you will see the following image:13. Select "Exit" to close down.14. Copy and paste the two following logs from the mbar folder:System - logMbar - log Date and time of scan will also be shownPost those two logs in your reply. Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 23, 2012 ID:626292 Share Posted December 23, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts