Astromenda Virus Issues

[Conmaan]

I have been experiencing issues with my computer having been affected with the astromenda virus.

 

I have attached the reports from various other virus detection programs (I think?).

 

Also, here is the report from roguekiller.

 

 

 

 

 

 

 

 

RogueKiller V9.2.9.0 (x64) [Jul 11 2014] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : https://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : user [Admin rights]

Mode : Scan -- Date : 09/04/2014  17:28:26

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 36 ¤¤¤

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BRDriver64 -> FOUND

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BRSptSvc -> FOUND

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BRDriver64 -> FOUND

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BRSptSvc -> FOUND

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\BRDriver64 -> FOUND

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\BRSptSvc -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.1.1  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.1.1  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 10.0.1.1  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{137398F7-09A3-44B4-BCB9-AC1240F59C9F} | DhcpNameServer : 10.0.1.1  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2C83CB18-ADDD-4492-BF50-C27758129ECB} | DhcpNameServer : 10.0.0.100  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3056D1C3-1A96-4A97-815A-5A661BC7C944} | DhcpNameServer : 10.0.1.1  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{510F0D65-042E-474F-8583-95AB76F84388} | DhcpNameServer : 10.0.0.100  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6CE91352-A585-4917-901F-FC7E5CB0CDDC} | DhcpNameServer : 10.0.0.100  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{137398F7-09A3-44B4-BCB9-AC1240F59C9F} | DhcpNameServer : 10.0.1.1  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2C83CB18-ADDD-4492-BF50-C27758129ECB} | DhcpNameServer : 10.0.0.100  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3056D1C3-1A96-4A97-815A-5A661BC7C944} | DhcpNameServer : 10.0.1.1  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{510F0D65-042E-474F-8583-95AB76F84388} | DhcpNameServer : 10.0.0.100  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6CE91352-A585-4917-901F-FC7E5CB0CDDC} | DhcpNameServer : 10.0.0.100  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{137398F7-09A3-44B4-BCB9-AC1240F59C9F} | DhcpNameServer : 10.0.1.1  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2C83CB18-ADDD-4492-BF50-C27758129ECB} | DhcpNameServer : 10.0.0.100  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{3056D1C3-1A96-4A97-815A-5A661BC7C944} | DhcpNameServer : 10.0.1.1  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{510F0D65-042E-474F-8583-95AB76F84388} | DhcpNameServer : 10.0.0.100  -> FOUND

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6CE91352-A585-4917-901F-FC7E5CB0CDDC} | DhcpNameServer : 10.0.0.100  -> FOUND

[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> FOUND

[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> FOUND

[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> FOUND

[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> FOUND

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1030572126-3596625163-4150191179-1017\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1030572126-3596625163-4150191179-1017\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1030572126-3596625163-4150191179-1017\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> FOUND

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1030572126-3596625163-4150191179-1017\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ HOSTS File : 0 ¤¤¤

 

¤¤¤ Antirootkit : 1 (Driver: LOADED) ¤¤¤

[Filter(Kernel.Filter)] \Driver\Disk @ Unknown : \Driver\SiRemFil @ Unknown (\SystemRoot\System32\drivers\rdyboost.sys)

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: ST310005 24AS SCSI Disk Device +++++

--- User ---

[MBR] 7497a1bdc4742045b3571ee72315f3da

[bSP] eee339912599d221c76bfcb33f4bc99d : Windows Vista/7/8 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13047 MB

1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 26722304 | Size: 142 MB

2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 27013120 | Size: 940679 MB

User = LL1 ... OK

Error reading LL2 MBR! ([1] Incorrect function. )

Addition.txt

FRST.txt

[Conmaan]

Can I get any assistance removing this virus or...?

[TwinHeadedEagle]

Please be patient. People here volunteer their time to help people clean their infected computers. Sometimes we have a lot of cases and cannot make it to everyone instant.
 
 
 
Scan with ZOEK
 
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;autoclean;emptyalltemp;chrdefaults;ffdefaults;ipconfig /flushdns;b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

[Conmaan]

Please be patient. People here volunteer their time to help people clean their infected computers. Sometimes we have a lot of cases and cannot make it to everyone instant.

 

 

 

Scan with ZOEK

 

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:

  createsrpoint;autoclean;emptyalltemp;chrdefaults;ffdefaults;ipconfig /flushdns;b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

I understand that people are giving their free time to help. I just wanted to make sure that this thread had been seen before I started to look at alternative solutions.

[Conmaan]

I should also mention that I did run a scan with SpyHunter4, and it found 512 infected files on the computer, including Astromenda, 2o7, and a number of others. 

 

I, however, do not have a paid account for SpyHunter4 so I cannot remove said files.

[TwinHeadedEagle]

Just follow my instructions.

[TwinHeadedEagle]

Still with me?

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!