Jump to content

Badly infected with rootkit (?) - can't use MBAM

JonahFalcon

By JonahFalcon
in Resolved Malware Removal Logs

 Share

Recommended Posts

JonahFalcon

JonahFalcon

Posted
Posted

And the first time I attempted to post here Firefox crashed. All my browser software seems to be infected.

Here's the zip.

Odd. I dunno if the attach zip worked.

Anyway, Windows Defender identified:

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

Items:

file:C:\Windows\Temp\Temporary Internet Files\Content.IE5\CGVZLL5F\lazkano_net[1].htm->(UTF-8)->(SCRIPT0006)

And for some reason, I can't post - I keep getting "connection was reset"

Odd. I dunno if the attach zip worked.

Anyway, Windows Defender identified:

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

Items:

file:C:\Windows\Temp\Temporary Internet Files\Content.IE5\CGVZLL5F\lazkano_net[1].htm->(UTF-8)->(SCRIPT0006)

And for some reason, I can't post - I keep getting "connection was reset"

It's STILL there, because when I reinstall Malwarebytes (using a fake name, of course), when I attempt a scan it gets damaged. So I'm still infected. :(

It's STILL there, because when I reinstall Malwarebytes (using a fake name, of course), when I attempt a scan it gets damaged. So I'm still infected. :(

AND Windows Defender is GONE, too.

I have not received a response and this is a pain in the butt.

Seems like Malwarebytes has no idea how to deal with JS/Blacole.A because everything they suggest fails. It'll even act like it's cured then send in the clowns - like allowing a new malware called CloudSecurity.

Link to post
Share on other sites
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

-screen317

Link to post
Share on other sites
JonahFalcon

JonahFalcon

Posted
  • Author
Posted

Well, my computer is dead. Last time I tried to boot it, it kept giving me "No internet". Now I have a black screen, and the monitor works FINE. Maybe this trojan killed my graphic drivers or something, I dunno. But my computer is completely, utterly dead and there's nothing I can do to revive it.

As for TDDS and DDS and all that stuff - I tried it a week ago. Didn't work. Malwarebytes failed in stopping the incursion (which I can't figure out how) and the trojan disabled any and all attempts at my trying to use anti-virus software.

I will say this: the trojan hit itself in Temporary Internet Files, because it made that file invisible and inaccessible. It also did something to Cookies as well, because THAT file was inaccessible.

I'd thought to get an external HD and copy my docs, pics and videos over to it, but there's no way now save taking the hard drive, copying them and cleaning them, then buying a new computer.

Link to post
Share on other sites
JonahFalcon

JonahFalcon

Posted
  • Author
Posted

Well, my computer is dead. Last time I tried to boot it, it kept giving me "No internet". Now I have a black screen, and the monitor works FINE. Maybe this trojan killed my graphic drivers or something, I dunno. But my computer is completely, utterly dead and there's nothing I can do to revive it.

As for TDDS and DDS and all that stuff - I tried it a week ago. Didn't work. Malwarebytes failed in stopping the incursion (which I can't figure out how) and the trojan disabled any and all attempts at my trying to use anti-virus software.

I will say this: the trojan hit itself in Temporary Internet Files, because it made that file invisible and inaccessible. It also did something to Cookies as well, because THAT file was inaccessible.

I'd thought to get an external HD and copy my docs, pics and videos over to it, but there's no way now save taking the hard drive, copying them and cleaning them, then buying a new computer.

Sorry for the play by play here, but my screen is back, but now Windows insists there's NO internet access at all. Which is ridiculous or I'd have no phone or access with this laptop. Problem is, I have no idea to send you those txt files when my computer won't let me on the internet.

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept