Jump to content

Recommended Posts

Hi,

Two days ago, I contracted "windows recovery" malware. I am running a sony vaio with 32-bit vista home premium OS. I have two hard drives in a raid 0 array that is controlled by Intel Matrix Storage Manager. I ran malwarebytes immediately in safe mode. I removed 4 infections. Subsequently malwarebyte full scans show no infections. At the time, the malware caused my computer to lock and I was in the middle of a read-write operaton on my C: drive. I disconnected the power. This or the malware infection is now causing Intel Matrix Storage Manager to show an error on Port 0 hard drive. Also, I could initially boot in normal mode but got the blue physical memory dump screen and now can only boot in safe mode. While in normal mode, a toolbar icon from intel stated that one of my hard drives was failing and to back up the data. Currently, spot checks of files on the C: indicate that it is still functioning. I have ordered a new hard drive, but would like to not have to recover my system and re-install and configure everything, if possible, as it might be possible that my OS believes my hard drive is failing only because of the previous infection. I would appreciate any help. Here is my malwarebytes log from immediately after the infection followed by the dds.txt. The other files are attached as asked. Thanks-Seth

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6260

Windows 6.0.6002 Service Pack 2 (Safe Mode)

Internet Explorer 8.0.6001.19019

4/3/2011 7:02:17 PM

mbam-log-2011-04-03 (19-02-17).txt

Scan type: Full scan (C:\|)

Objects scanned: 500189

Time elapsed: 1 hour(s), 12 minute(s), 39 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pCMnAnUyWW (Trojan.FakeAlert) -> Value: pCMnAnUyWW -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\programdata\pcmnanuyww.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\programdata\42458888.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.

c:\Users\Seth\AppData\Local\Temp\0.8651104639060871.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

********************************

.

DDS (Ver_11-03-05.01) - NTFSx86 NETWORK

Run by Seth at 21:55:21.29 on Tue 04/05/2011

Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_16

Microsoft

attach.zip

Link to post
Share on other sites

Hello and :welcome:

Have you tried to completely reinstall the Intel Matrix Storage drivers?

Lets also scan for leftover malware, starting with rootkits.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.