Jump to content

Annoying Audio Ads in background/ Zero Access


Recommended Posts

The rogue audio ads should be gone. Also you should be just about to the point where you could start the factory restore procedure.

Do the following as additional checks.

Step 1

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 / 8 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

IF prompted to update Avast definitions, answer NO.

aswmbr-1_zps5bcff15d.gif

On the following screen:

aswmbr-2_zpse79f2c16.gif

uncheck trace disk IO calls at the bottom left :excl:

Now, Click the "Scan" button to start scan.

Have patience as it scans.

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me)

Now click save log, save it to your desktop and Copy & Paste in your next reply.

Do NOT click any Fix button.

EXIT the tool.

Step 2

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 3

Please download Listparts

Run the tool, click Scan and post the log (Result.txt) it makes.

Link to post
Share on other sites

Alright, scans are all complete. The only problem I encountered was the TDSSkiller, which worked properly, and found 0 infections, but when I clicked report, I was unable to copy the information, and was unable to find any possible file it could have made, I can say for certain it found 0 threats.

aswMBR (No, FIX button did not become enabled):

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2013-03-04 15:24:53

-----------------------------

15:24:53.110 OS Version: Windows x64 6.1.7601 Service Pack 1

15:24:53.111 Number of processors: 1 586 0x7F02

15:24:53.112 ComputerName: JOSEPH-PC UserName: Joseph

15:24:53.781 Initialize success

15:24:53.911 AVAST engine defs: 10092001

15:25:34.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055

15:25:34.021 Disk 0 Vendor: Hitachi_ ST2O Size: 305245MB BusType: 3

15:25:34.038 Disk 0 MBR read successfully

15:25:34.041 Disk 0 MBR scan

15:25:34.047 Disk 0 unknown MBR code

15:25:34.053 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

15:25:34.070 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292917 MB offset 206848

15:25:34.105 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12226 MB offset 600100864

15:25:34.148 Disk 0 scanning C:\Windows\system32\drivers

15:25:42.966 Service scanning

15:26:07.981 Modules scanning

15:26:08.403 AVAST engine scan C:\Windows

15:26:10.002 AVAST engine scan C:\Windows\system32

15:28:36.598 AVAST engine scan C:\Windows\system32\drivers

15:28:47.630 AVAST engine scan C:\Users\Joseph

15:31:57.078 Disk 0 MBR has been saved successfully to "C:\Users\Joseph\Documents\MBR.dat"

15:31:57.093 The log file has been saved successfully to "C:\Users\Joseph\Documents\aswMBR info.txt"

Listparts:

ListParts by Farbar Version: 04-03-2013

Ran by Joseph (administrator) on 04-03-2013 at 15:41:32

Windows 7 (X64)

Running From: C:\Users\Joseph\Downloads

Language: 0409

************************************************************

========================= Memory info ======================

Percentage of memory in use: 43%

Total physical RAM: 2942.49 MB

Available physical RAM: 1648.25 MB

Total Pagefile: 5883.18 MB

Available Pagefile: 4147.77 MB

Total Virtual: 4095.88 MB

Available Virtual: 3991.99 MB

======================= Partitions =========================

1 Drive c: (HP) (Fixed) (Total:286.05 GB) (Free:207.09 GB) NTFS

2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.94 GB) (Free:2.17 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 298 GB 0 B

Disk 1 No Media 0 B 0 B

Disk 2 No Media 0 B 0 B

Disk 3 No Media 0 B 0 B

Disk 4 No Media 0 B 0 B

Partitions of Disk 0:

===============

Disk ID: 1549F232

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 286 GB 101 MB

Partition 3 Primary 11 GB 286 GB

======================================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 SYSTEM NTFS Partition 100 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C HP NTFS Partition 286 GB Healthy Boot

======================================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 D FACTORY_IMA NTFS Partition 11 GB Healthy

======================================================================================================

****** End Of Log ******

Link to post
Share on other sites

With the results of aswMBR & TDSSKILLer, your system does not now have rootkits.

The Lisparts shows normal.

Now you are ready to do the clean Windows install, as you indicated before that is your preference.

If you have the Windows 7 DVD from HP for this computer, you can follow this general reference

see this page How to Do a Clean Installation with Windows 7.

I suggest you delete all existing partitions on the HDD as part of the new Windows 7 install.

IF you do not have the Windows o.s. DVD, you will have to check with HP customer support website on the procedure for factory restore.

For the future, do yourself a super favor and make backups a normal weekly procedure --to offline media.

Backups are your best friend (after antivirus & MBAM).

How to create a Windows system image in Windows 7 and Windows 8

http://www.bleepingcomputer.com/tutorials/create-system-image-in-windows-7-8/

How to use System Image Recovery in the Windows 7 and Windows 8 Recovery Environment

http://www.bleepingcomputer.com/tutorials/system-image-recovery-in-windows-7-8/

Safer practices & malware prevention

Link to post
Share on other sites

I can't thank you enough for you help Mr. Naggar, God bless you for all your help.

I do have some questions:

1. Will my computer be safe to do any transactions (I very rarely make transactions on this computer, perhaps 1 a year or less).

2. Will my computer be safe to log in to websites?

I guess what I'm asking is "Is the backdoor shut," I understand the trojan is gone, but will it be safe enough to use the computer normally? I will probably not be doing any transactions on this computer at all to be on the safe side, but I would hope to be able to log in to websites safely without getting my information stolen.

Link to post
Share on other sites

If you do the factory restore, then after that is done by you, yes it will be safe to use & to go to websites.

The "rogue audio" & the bad guys are gone. However, as you elected to do a factory restore, I stopped any further hunting.

Your system is at the point where you wanted to be, so you could begin the factory restore.

I wish you well.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.