Jump to content

I'm Infected!


Recommended Posts


First of all, thanks for your time.

Recently it seems I have somehow ended up infecting my computer, unfortunately. The main 'symptoms' I've been having are the usual constant pop ups to strange websites, though most of them are being blocked by the MBAM website blocker, but some still manage to open (I usually quickly close them before they load fully).

Some other strange things that have been happening are:

After entering my password to log on, it seems to log on as normal but nothing is shown on screen except for my cursor. I have to press ctrl+alt+del, click log off, and then log on again.

Not long ago I was also having some trouble with web browsers. I would double click on firefox but nothing would open, though when I looked in the task manager and it would say that firefox.exe is running. If I had clicked on the application a couple of times, it would list more than one firefox.exe, but to actually open the browser, I would then have to end all of the firefox.exe processes and try again.

The same thing was sometimes happening when I tried Internet Explorer.

After running a full MBAM scan and deleting the dangerous results that were found, this seems to have stopped however.

Altough, when I try Google Chrome, it opens but gets stuck in a loop trying to load the homepage forever. (Not a problem with the download/install as it was all working fine not long ago)

Anyway, here are the logs:

(Attach.txt and ark.txt are attached)



DDS (Ver_10-11-10.01) - NTFSx86

Run by Aden at 15:59:55.90 on 12/11/2010

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_19



Link to post
Share on other sites


Please don't attach the scan results, use Copy/Paste

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

Thanks a lot :)

TDSSKiller Log:

2010/11/14 14:31:29.0114 TDSS rootkit removing tool Nov 8 2010 10:52:22

2010/11/14 14:31:29.0114 ================================================================================

2010/11/14 14:31:29.0114 SystemInfo:

2010/11/14 14:31:29.0114

2010/11/14 14:31:29.0114 OS Version: 6.0.6002 ServicePack: 2.0

2010/11/14 14:31:29.0114 Product type: Workstation

2010/11/14 14:31:29.0114 ComputerName: ADENS-DAW

2010/11/14 14:31:29.0114 UserName: Aden

2010/11/14 14:31:29.0114 Windows directory: C:\Windows

2010/11/14 14:31:29.0114 System windows directory: C:\Windows

2010/11/14 14:31:29.0114 Processor architecture: Intel x86

2010/11/14 14:31:29.0114 Number of processors: 4

2010/11/14 14:31:29.0114 Page size: 0x1000

2010/11/14 14:31:29.0114 Boot type: Normal boot

2010/11/14 14:31:29.0114 ================================================================================

2010/11/14 14:31:29.0528 Initialize success

2010/11/14 14:32:01.0273 ================================================================================

2010/11/14 14:32:01.0273 Scan started

2010/11/14 14:32:01.0273 Mode: Manual;

2010/11/14 14:32:01.0273 ================================================================================

2010/11/14 14:32:06.0169 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/11/14 14:32:06.0173 ================================================================================

2010/11/14 14:32:06.0173 Scan finished

2010/11/14 14:32:06.0173 ================================================================================

2010/11/14 14:32:06.0184 Detected object count: 1

2010/11/14 14:32:17.0281 \HardDisk0 - will be cured after reboot

2010/11/14 14:32:17.0281 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2010/11/14 14:32:20.0077 Deinitialize success

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.