Jump to content

Dell-Latitude D610-WinXP-Removed Virus/No Internet/Cannot run DDS


Recommended Posts

Trying to follow the beginning instructions.  I have tried both downloads of dds and both time laptop freezes, also tried in safe mode (unavailable).  I am trying help a friend with their laptop which had been turned off for 2 years, no updates and no antivirus.  They allowed someone to use it to get on the internet and I assume that's when this mess happened.  I updated java and tried to begin the microsoft updates, but could tell it was infected.  I followed the 'select real security' and maybe a few other suggestions around the web to remove the bugs.  I now have a laptop which will not stay connected to the internet.  I can reboot and have access for about 3-4 min. then I get 'can't display the webpage..'.

 

I have been here for help before, I would so appreciate your help again. 

Link to post
Share on other sites

  • Replies 57
  • Created
  • Last Reply

Top Posters In This Topic

  • Root Admin

Please see if you can run this from Normal Mode.  If not then tap the F8 key during startup and choose Safe Mode with Networking and see if you can run it from there.

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

  • Root Admin

Please try the following.

 

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.



If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.
 
Link to post
Share on other sites

Here you go - first time server crashed.....

 

19:29:53.0738 0x0f24  TDSS rootkit removing tool 3.0.0.17 Nov 12 2013 19:54:52
19:30:16.0411 0x0f24  ============================================================
19:30:16.0411 0x0f24  Current date / time: 2013/11/13 19:30:16.0411
19:30:16.0411 0x0f24  SystemInfo:
19:30:16.0411 0x0f24  
19:30:16.0411 0x0f24  OS Version: 5.1.2600 ServicePack: 3.0
19:30:16.0411 0x0f24  Product type: Workstation
19:30:16.0411 0x0f24  ComputerName: USER-PC
19:30:16.0411 0x0f24  UserName: Tater
19:30:16.0411 0x0f24  Windows directory: C:\WINDOWS
19:30:16.0411 0x0f24  System windows directory: C:\WINDOWS
19:30:16.0411 0x0f24  Processor architecture: Intel x86
19:30:16.0411 0x0f24  Number of processors: 1
19:30:16.0411 0x0f24  Page size: 0x1000
19:30:16.0411 0x0f24  Boot type: Normal boot
19:30:16.0411 0x0f24  ============================================================
19:30:20.0755 0x0f24  System UUID: {46C0397C-E6EE-5C65-EB00-A438F1A60A68}
19:30:23.0662 0x0f24  Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:30:23.0662 0x0f24  Drive \Device\Harddisk1\DR2 - Size: 0x1DD180000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:30:23.0662 0x0f24  ============================================================
19:30:23.0662 0x0f24  \Device\Harddisk0\DR0:
19:30:23.0662 0x0f24  MBR partitions:
19:30:23.0662 0x0f24  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
19:30:23.0662 0x0f24  \Device\Harddisk1\DR2:
19:30:23.0662 0x0f24  MBR partitions:
19:30:23.0662 0x0f24  \Device\Harddisk1\DR2\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xEE8BC1
19:30:23.0662 0x0f24  ============================================================
19:30:23.0708 0x0f24  C: <-> \Device\Harddisk0\DR0\Partition1
19:30:23.0708 0x0f24  ============================================================
19:30:23.0708 0x0f24  Initialize success
19:30:23.0708 0x0f24  ============================================================
19:32:27.0528 0x0ed8  Deinitialize success
 

**************************************************************************************************************************

2nd ONE is attachment (post too long).....found nothing.

 

2nd one- messed up thought malware was off, then realized firewall...etc.  Anyway, there wasn't anything.  I also saw in the c: drive other logs.  KASPERKY is one of several I had previously ran however I didn't run it the same as I did today.  If you want info logs from c: drive on those, let me know.

TDSSKiller2nd.txt

Link to post
Share on other sites

  • Root Admin

Well that does not find any rootkits either.

 

You can run the following offline for scanning if you want.  Please download the following tool from Kaspersky and burn it to CD from a clean working computer and then boot from it on the affected computer.
 
Make sure you watch this video which describes how to create the CD to use it.
 
How to create the Kaspersky Rescue Disk 10 CD
 
 
Please visit the Kaspersky site and review the information and then download and burn the ISO image to CD to use on the affected computer.
Make sure you update the definitions for Kaspersky before doing the actual scan.  Make sure to also write down what it finds or does as some users have trouble saving and accessing the log afterwards.
 

 

 

Link to post
Share on other sites

  • 4 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

  • Root Admin

I don't have KAV-RD running so not sure where that is shown.  I'm guessing they've changed it some as its normally right there easy to see.

 

Please restart the computer in Normal Mode and see if you can run the following.

 

 

Please download Malwarebytes Anti-Rootkit from HERE
If needed there is a self help tutorial here: MBAR tutorial
 

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

 

Link to post
Share on other sites

It's taken awhile  bc I have to manually plug into router vs using wireless bc it keeps disconnecting.  My control panel is only partially working.  Showing two icons for network connections.  Cannot get the display setting to come up via the control panel nor by right clicking on the desktop.  PC continually goes into hybernation mode and won't wake up causing me to do a hard shut down.  Let me know if you need anything else.

mbar-log-2013-12-18 (05-46-04).txt

system-log.txt

Link to post
Share on other sites

  • Root Admin

Well let's try the following again.   Very odd that some tools cannot seem to run yet others do.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


 

Link to post
Share on other sites

  • Root Admin

You appear to have a corrupted task that normally would be good so let's try to remove that task as well as a couple other items and then see how things work out.

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

 

fixlist.txt

Link to post
Share on other sites

Icon at bottom right screen shows wireless internet connection 'connected', won't load webpages.  I click on repair and it hangs at disabling wireless network adapter (will not let me cancel the action).  My only option after that is do a system shutdown, then system hangs again on 'windows is shutting down', here I have to do a hard button shutdown to get pc back up.  Control panel still showing two icons for network connections.  Also still cannot access 'display' functions.  Thanks

Link to post
Share on other sites

  • Root Admin

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome
Chrome - Reset browser settings

Opera
How to Perform a (really) clean Reinstall of Opera
 
 
 

Link to post
Share on other sites

Okay, I've done that.  I'm still having the same above issues.  I'm plugged directly to the router, would prefer using the wireless network adapter.  Upon rebooting the system, I noticed that before windows XP is loaded, bios is going thru 1.  BROADCOM ..... 2. BROADCOM BASS CODE....3. CLIENT MAC ADDRESS......                  and then at this point it hangs 3-4 minutes on    4. DHCP.   Finally moves on after 'NO BOOT FILE NAME RECEIVED'.   Just giving a bits of information as it comes to my attention.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.