Trojan/Backdoor Instability

[RoboPan]

Hello everyone, I am afraid this is a long tale, but I do require help!

A few days ago, I tried to start up my computer, to immediately encounter the screen asking me to run Windows Startup Repair (or start normally) - I was confused, but ran startup repair. Following the "starting windows" screen, I ran into a black screen with a white cursor. I restarted, and picked "start normally" - it refused to advance beyond the windows screen. These two things happened every single time. Upon trying to start in safe mode, it froze halfway, bluescreened, and upon startup, informed me that the BCD was broken. I started up windows windows recovery with an install disc, but it could not run startup repair or system restore, because it could not detect an OS (or the partition that contained it). I was not able to rebuild the BCD through the command prompt.

This continued for some time - programs like Lazesoft and Hirens Boot CD failed to detect the C:\ partition or any OS attached to the computer, so every scan failed. Eventually, nothing would boot from CD except Hirens and the miniXP function (or the DOS programs) - All attempts to reach the windows recovery screen (or any other) would reach a black screen with white cursor, just like if I had picked "repair windows" on startup (I should mention that at some point, the "BCD is missing" screen went away, replaced with the two options presented earlier).

Eventually, I discovered in the DOS of Hirens, a hard drive scanner - a surface scan reported numerous errors and froze. Testdisk could not access the C:\ partition. I ran DRevitalize from DOS and, about 36 hours later, it had discovered and repaired 8 damaged sectors. I could boot again!

However, things were noticeably laggy. I figured this was a result of the repair, and ran Spybot S&D, Malwarebytes, Avast Anti-Virus, and SuperAntiSpyware. The first three detected nothing, but the last detected numerous tracking cookies (pretty normal, sadly) and one very high threat, unnamed, Trojan. At that time I figured I'd need to wipe the computer, and was backing up files (windows stated that there were corrupted files, so that I could not create a system image, so I simply backed up my media files and large program files), and went into Users - and encountered a user that never existed. In it, I found only a folder labeled HRUPPROG.DIE.NOW. Obviously, this was something very bad, and deleted it. I've restarted a few more times since then, found another trojan through a deep scan with Superantispyware (I have found nothing with the other programs) - I have also run RKill, and then Combifix. I am admittedly unsure if they found anything, but I do have the logs.

I am not sure how to proceed. I am strongly tempted just to reformat the HDD, because I'm not sure if I've eliminated the trojan or not. I am also worried that it may have spread in some way to my backup externals simply by being connected (though my programs detected nothing in deep scans of them), and my older HP computer (which runs Vista) just last night restarted, and is having much trouble restarting, out of nowhere (It keeps restarting halfway through boot, although there is no sign of hard drive damage).

I would appreciate any assistance, both with the problems on my Win7 Toshiba, as well as any assistance regarding the new problems with the Vista HP computer, or even how I can check my externals for signs of the malware. Thank you.

[TheDarkKnight]

I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear.

Please read all these directions before proceeding.

When you have the .ISO file downloaded, you need to create a bootable disk or flash drive with it, using a clean PC to do that. The .ISO file is a disk image. It should NOT be burned as a regular file. You need a program like ImgBurn that can burn an .ISO image. I think a CD is best as there is no way anything can write on it after it is made, but the USB may be more convenient and easier.

Be sure to read these:

Download Kaspersky Rescue Disk 10

How to record Kaspersky Rescue Disk 10 to an USB device and boot my computer from it?

How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?

• Please go to a clean computer
• Download the .iso image file.
  
• Create a CD (or flash drive if you prefer).
  
• On the infected computer: put the disk in the drive and reboot.

Follow the directions here, but you will find some differences.

Familiarise yourself with How to create a report file in Kaspersky Rescue Disk 10?

Then, please print the following directions:

Boot from Kaspersky Rescue Disk 10:

Restart your computer and put the disk in the drive while booting.

Press any key. A loading wizard will start (you will see the menu to select the required language). If you do not press any key in 10 seconds, the computer boots from hard drive automatically.

Select the required interface language using the arrow-keys on your keyboard.

Press the Enter key on the keyboard.

In the start up wizard window that opens, select the Kaspersky Rescue Disk. Graphic Mode

Click Enter.

Click 'A' to accept the agreement.

Select operating system from dropdown menu (select Windows whatever).

Select Objects to scan: check Disk boot sectors, Hidden startup objects, C:

Click My Update Center and update.

Back to other tab and click Start Object Scan.

When scan has completed save a report:

On the upper part of the Kaspersky Rescue Disk window, click on the Report link.

On the bottom right hand corner of the Protection status - Kaspersky Rescue Disk window, click on the Detailed Report button.

On the upper right hand corner of the Detailed report window, click on the Save button.

After clicking Detailed Report and 'SAVE', a browse window opens.

Double-click on the \

Click 'disks'.

All your drives will be shown and you can easily double-click C and save the report to C:\KasperskyRescueDisk10.txt.

Click on the Save button.

The report has been saved to the file.

Remove the disk from the drive (or disconnect USB) and reboot normally.

[RoboPan]

Here is the log. It should be noted that since I posted that, through a combination of the previously mentioned programs, TDSSKiller, Combifix, and Rkill (Does not remove programs, but kills their processes so that you can remove them), I have eliminated at least three "high risk" trojans of indistinct name, two of them hidden in my recovery partition. The log for Kaspersky detected two trojans, one in the drivers, and one right on my desktop - however, the latter was actually Rkill, which is a totally legitimate anti-malware program, so I did not quarantine it as I did the other.

Objects Scan: completed 5 hours ago (events: 2, objects: 3, time: 00:00:31)

6/10/13 10:15 PM Task completed

6/10/13 10:14 PM Task started

Objects Scan: completed 5 hours ago (events: 2, objects: 3, time: 00:00:18)

6/10/13 10:15 PM Task completed

6/10/13 10:15 PM Task started

Objects Scan: completed 5 minutes ago (events: 110, objects: 1474542, time: 05:22:44)

6/10/13 10:16 PM Task started

6/10/13 10:27 PM Detected: HEUR:Backdoor.Win64.Generic sda2/Users/Panda Hero Z/Desktop/rkill.exe/data0000.res

6/10/13 10:27 PM Untreated: HEUR:Backdoor.Win64.Generic sda2/Users/Panda Hero Z/Desktop/rkill.exe/data0000.res Postponed

6/10/13 10:31 PM Detected: HEUR:Worm.Win32.Generic sda2/Users/Panda Hero Z/Desktop/Drivers/TC70124300T.exe/Setup.exe

6/10/13 10:31 PM Untreated: HEUR:Worm.Win32.Generic sda2/Users/Panda Hero Z/Desktop/Drivers/TC70124300T.exe/Setup.exe Postponed

6/10/13 10:32 PM Processing error sda2/Users/Panda Hero Z/Desktop/Drivers/tc70139700m.exe/Packages/Drivers/Display/W86A_INF/B144725/atiumdva.dl_/atiumdva.dll Read error

6/10/13 10:32 PM Processing error sda2/Users/Panda Hero Z/Desktop/Drivers/tc70139700m.exe/Packages/Drivers/Display/W86A_INF/B144725/atiumdva.dl_ Read error

6/10/13 10:32 PM Processing error sda2/Users/Panda Hero Z/Desktop/Drivers/tc70139700m.exe/Packages/Drivers/Display/W8_INF/B144725/atikmdag.sy_/atikmdag.sys Read error

6/10/13 10:32 PM Processing error sda2/Users/Panda Hero Z/Desktop/Drivers/tc70139700m.exe/Packages/Drivers/Display/W8_INF/B144725/atikmdag.sy_ Read error

6/10/13 10:32 PM Processing error sda2/Users/Panda Hero Z/Desktop/Drivers/tc70139700m.exe/Packages/Drivers/Display/W8_INF/B144725/atiumdag.dl_/atiumdag.dll Read error

6/10/13 10:32 PM Processing error sda2/Users/Panda Hero Z/Desktop/Drivers/tc70139700m.exe/Packages/Drivers/Display/W8_INF/B144725/atiumdag.dl_ Read error

6/10/13 10:46 PM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/data1.cab Read error

6/10/13 10:46 PM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/ApplicationInstaller.cab Read error

6/10/13 10:46 PM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/CommonModules.cab Read error

6/10/13 10:46 PM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/CommunicationCentre.cab Read error

6/10/13 10:46 PM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/ContentCopier.cab Read error

6/10/13 10:46 PM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/GetConnected.cab Read error

6/10/13 10:46 PM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/ImageStore.cab Read error

6/10/13 10:46 PM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/Modems.cab Read error

6/10/13 10:46 PM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/MusicManager.cab Read error

6/10/13 10:46 PM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/qt_Language_loc.cab Read error

6/10/13 10:46 PM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/OneTouchAccess.cab Read error

6/10/13 10:46 PM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/PCSync.cab Read error

6/10/13 10:46 PM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/PcSync2_Language_loc.cab Read error

6/10/13 10:46 PM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/PhoneBrowser.cab Read error

6/10/13 10:46 PM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/QT.cab Read error

6/10/13 10:46 PM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/VideoManager.cab Read error

6/10/13 10:46 PM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/PCSuite_Help_loc.cab Read error

6/10/13 10:46 PM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/PC_Suite_UserGuide_loc.cab Read error

6/10/13 10:47 PM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/PCCS/Setup/PCCS.msi/data1.cab Read error

6/10/13 10:47 PM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/PCCS/Setup/PCCS.msi Read error

6/10/13 10:47 PM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/VC80_x64/Setup/VC80_x64.msi/VC80_x64.cab Read error

6/10/13 10:47 PM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/VC80_x86/Setup/VC80_x86.msi/VC80_x86.cab Read error

6/10/13 10:47 PM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/VC80_x86/Setup/VC80_x86.msi Read error

6/10/13 10:47 PM Processing error sda2/Users/Panda Hero Z/Documents/ROMS/2426.rar/cvn-d2srwzh.iso Read error

6/10/13 10:47 PM Processing error sda2/Users/Panda Hero Z/Documents/ROMS/2426.rar Read error

6/10/13 10:48 PM Processing error sda2/Users/Panda Hero Z/Documents/ROMS/2636.rar/cvn-d2srwsh.iso Read error

6/10/13 10:48 PM Processing error sda2/Users/Panda Hero Z/Documents/ROMS/2636.rar Read error

6/10/13 11:10 PM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/PCCS/Setup/PCCS.msi/data1.cab Read error

6/10/13 11:10 PM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/PCCS/Setup/PCCS.msi Read error

6/10/13 11:10 PM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/VC80_x64/Setup/VC80_x64.msi/VC80_x64.cab Read error

6/10/13 11:10 PM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/VC80_x86/Setup/VC80_x86.msi/VC80_x86.cab Read error

6/10/13 11:10 PM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/VC80_x86/Setup/VC80_x86.msi Read error

6/10/13 11:11 PM Processing error sda2/Users/Panda Hero Z/Documents/ROMS/2426.rar/cvn-d2srwzh.iso Read error

6/10/13 11:11 PM Processing error sda2/Users/Panda Hero Z/Documents/ROMS/2426.rar Read error

6/10/13 11:12 PM Processing error sda2/Users/Panda Hero Z/Documents/ROMS/2636.rar/cvn-d2srwsh.iso Read error

6/10/13 11:12 PM Processing error sda2/Users/Panda Hero Z/Documents/ROMS/2636.rar Read error

6/11/13 12:25 AM Processing error sda2/Games/World_of_Tanks/Updates/wot_84.2264_84.2263_client.patch/res/packages/01_karelia.pkg Read error

6/11/13 12:25 AM Processing error sda2/Games/World_of_Tanks/Updates/wot_84.2264_84.2263_client.patch/res/packages/02_malinovka.pkg Read error

6/11/13 12:25 AM Processing error sda2/Games/World_of_Tanks/Updates/wot_84.2263_client.patch/res/packages/vehicles_american.pkg Read error

6/11/13 12:25 AM Processing error sda2/Games/World_of_Tanks/Updates/wot_84.2263_client.patch Read error

6/11/13 12:25 AM Processing error sda2/Games/World_of_Tanks/Updates/wot_85.2493_84.2429_client.patch Read error

6/11/13 12:46 AM Processing error sda2/Games/World_of_Tanks/Updates/wot_84.2264_84.2263_client.patch/res/packages/shared_content.pkg Read error

6/11/13 12:47 AM Processing error sda2/Games/World_of_Tanks/Updates/wot_84.2264_84.2263_client.patch Read error

6/11/13 1:01 AM Detected: HEUR:Backdoor.Win64.Generic sda2/Users/Panda Hero Z/Desktop/rkill.exe/data0000.res

6/11/13 1:01 AM Untreated: HEUR:Backdoor.Win64.Generic sda2/Users/Panda Hero Z/Desktop/rkill.exe/data0000.res Postponed

6/11/13 1:03 AM Processing error sda2/Users/Panda Hero Z/Desktop/Drivers/tc30499400c.exe/x86/setup32.exe/TOSHIBA Function Key.msi/ISSetup.dll/PE_Patch.PECompact Read error

6/11/13 1:03 AM Processing error sda2/Users/Panda Hero Z/Desktop/Drivers/tc30499400c.exe/x86/setup32.exe/TOSHIBA Function Key.msi/Data1.cab Read error

6/11/13 1:03 AM Processing error sda2/Users/Panda Hero Z/Desktop/What is WITH all this stuff/Microsoft Office Installer/OFFICE.part2.rar/CD3.bin Read error

6/11/13 1:03 AM Processing error sda2/Users/Panda Hero Z/Desktop/What is WITH all this stuff/Microsoft Office Installer/OFFICE.part2.rar Read error

6/11/13 1:03 AM Processing error sda2/Users/Panda Hero Z/Desktop/Drivers/TC40187300D.exe Read error

6/11/13 1:04 AM Processing error sda2/Users/Panda Hero Z/Desktop/What is WITH all this stuff/Microsoft Office Installer/OFFICE.part1.exe Read error

6/11/13 1:04 AM Detected: HEUR:Worm.Win32.Generic sda2/Users/Panda Hero Z/Desktop/Drivers/TC70124300T.exe/Setup.exe

6/11/13 1:04 AM Untreated: HEUR:Worm.Win32.Generic sda2/Users/Panda Hero Z/Desktop/Drivers/TC70124300T.exe/Setup.exe Postponed

6/11/13 1:18 AM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/PCCS/Setup/PCCS.msi/data1.cab Read error

6/11/13 1:18 AM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/PCCS/Setup/PCCS.msi Read error

6/11/13 1:18 AM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/VC80_x64/Setup/VC80_x64.msi/VC80_x64.cab Read error

6/11/13 1:18 AM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/VC80_x86/Setup/VC80_x86.msi/VC80_x86.cab Read error

6/11/13 1:18 AM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/VC80_x86/Setup/VC80_x86.msi Read error

6/11/13 1:18 AM Processing error sda2/Users/Panda Hero Z/Documents/ROMS/2426.rar/cvn-d2srwzh.iso Read error

6/11/13 1:18 AM Processing error sda2/Users/Panda Hero Z/Documents/ROMS/2426.rar Read error

6/11/13 1:19 AM Processing error sda2/Users/Panda Hero Z/Documents/ROMS/2636.rar/cvn-d2srwsh.iso Read error

6/11/13 1:19 AM Processing error sda2/Users/Panda Hero Z/Documents/ROMS/2636.rar Read error

6/11/13 1:40 AM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/CommonModules.cab/NGSCM.dll Read error

6/11/13 1:40 AM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/CommonModules.cab Read error

6/11/13 1:40 AM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/CommunicationCentre.cab Read error

6/11/13 1:40 AM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/ContentCopier.cab Read error

6/11/13 1:40 AM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/GetConnected.cab Read error

6/11/13 1:40 AM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/ImageStore.cab Read error

6/11/13 1:40 AM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/Modems.cab Read error

6/11/13 1:40 AM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/MusicManager.cab Read error

6/11/13 1:40 AM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/qt_Language_loc.cab Read error

6/11/13 1:40 AM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/OneTouchAccess.cab Read error

6/11/13 1:40 AM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/PCSync.cab Read error

6/11/13 1:40 AM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/PcSync2_Language_loc.cab Read error

6/11/13 1:40 AM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/PhoneBrowser.cab Read error

6/11/13 1:40 AM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/QT.cab Read error

6/11/13 1:40 AM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/VideoManager.cab Read error

6/11/13 1:40 AM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/PCSuite_Help_loc.cab Read error

6/11/13 1:40 AM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/Nokia_PC_Suite/Setup/Nokia_PC_Suite.msi/PC_Suite_UserGuide_loc.cab Read error

6/11/13 1:40 AM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/PCCS/Setup/PCCS.msi/data1.cab Read error

6/11/13 1:40 AM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/PCCS/Setup/PCCS.msi Read error

6/11/13 1:40 AM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/VC80_x64/Setup/VC80_x64.msi/VC80_x64.cab Read error

6/11/13 1:40 AM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/VC80_x86/Setup/VC80_x86.msi/VC80_x86.cab Read error

6/11/13 1:40 AM Processing error sda2/Users/Panda Hero Z/Documents/Nokia PC Suite/Nokia_PC_Suite_7_1_26_1_eng_us_web.exe/Packages/VC80_x86/Setup/VC80_x86.msi Read error

6/11/13 1:41 AM Processing error sda2/Users/Panda Hero Z/Documents/ROMS/2426.rar/cvn-d2srwzh.iso Read error

6/11/13 1:41 AM Processing error sda2/Users/Panda Hero Z/Documents/ROMS/2426.rar Read error

6/11/13 1:42 AM Processing error sda2/Users/Panda Hero Z/Documents/ROMS/2636.rar/cvn-d2srwsh.iso Read error

6/11/13 1:42 AM Processing error sda2/Users/Panda Hero Z/Documents/ROMS/2636.rar Read error

6/11/13 2:23 AM Detected: HEUR:Worm.Win32.Generic sda2/Users/Panda Hero Z/Desktop/Drivers/TC70124300T.exe/Setup.exe

6/11/13 3:36 AM Detected: HEUR:Backdoor.Win64.Generic sda2/Users/Panda Hero Z/Desktop/rkill.exe/data0000.res

6/11/13 3:39 AM Untreated: HEUR:Backdoor.Win64.Generic sda2/Users/Panda Hero Z/Desktop/rkill.exe/data0000.res Write not supported

6/11/13 3:39 AM Task completed

[TheDarkKnight]

Good morning RoboPan,

I'm afraid I have bad news about your computer.

Your log shows a dangerous trojan residing on your computer which has a backdoor functionality. It is possible that a remote attacker has already breached your computer.

Please consider disconnecting this computer from the Internet after you finish reading this and use a known clean computer to follow my suggestions regarding your personal information.

If you do any banking or other financial transactions on the computer, or if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be removed, your computer is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the Operating System.

Please visit the following sites for more information on internet theft and when to reformat!

How Do I Handle Possible Identity Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

I will of course do my best to help clean the computer of any infections that I can see if you would like to continue.

If you have any questions before making a final decision, please feel free to ask.

Instructions on how to format and reinstall Windows can be found here

=====

If you decide you wish to attempt to clean your computer in spite of this threat then please proceed with these instructions:

Please download OTL.exe by OldTimer to your Desktop.

• Close all windows and double click OTL.exe.
  
• In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:
  
  netsvcs
  drivers32
  %SYSTEMDRIVE%\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  
  
• Click Run Scan and let the program run uninterrupted.
  
• When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  
• You may need to use two posts to get it all.

=====

Also, please download Malwarebytes Anti-Rootkit here.

• Unzip the contents to a folder on the Desktop.
  
• Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7).
  
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  
• Wait while the system shuts down and the cleanup process is performed.
  
• Please post the two logs produced.

Please note: This tool is still in BETA mode, so please ensure you have backed up any important files.

=====

Please post the 4 logs from OTL and MBAR in your reply. How is your computer currently running?

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!