Jump to content

Recommended Posts

Hi,

I have 2 desktops (one Vista, one XP-SP3), they are connected to internet through an SMC gateway/router with SPI firewall enabled and unique password/username.

Would appreciate some help in a puzzling situation, here is what happened chronologically:

1. internet service was cut off by ISP due to Mebroot / rootkit (that's what they told me)

2. ran MBAM on both desktops in safe mode and nothing was found

3. to play safe, ran fixmbr, bootfix on both desktops, afterwards, ran MBAM again, found nothing

4. to even play safer, ran scan with 2 other free virus scanner and found nothing

5. both desktops have MBAM installed, up to date and enabled

6. called ISP and told them what actions were taken, service was turned back on

7. 6 days later, service was shut off again with same virus signature, during this period, both desktops were only used for simple browsing, no download (especially P2P), no online gaming, no questionable web sites etc.

8. MBAM found nothing but I repeated 3 & 4 anyway

9. called ISP which re-enabled my service

10. 4 days later, ISP shut me off again, same virus..

Questions:

1. How do I know if ISP is correctly identifying a virus?

2. Before reformatting and reinstalling Windows on both desktops, any simple way confirming desktops do have virus?

3. I am asuming MBAM will detect mebroot and continue to safeguard desktops from it, correct?

4. Both desktops are running smoothly, no slow down, no browser redirection, absolutely no issue, I checked the registry and cannot find entries related to the virus as suggested by some people.

Really puzzled, would appreciate some help.

Thanks in advance.

Link to post
Share on other sites

Hi and Welcome to the Malwarebytes' Forum,

We can only work on one PC at a time, so I would like to work on your Vista Computer first.

I need some more information to troubleshoot your PC, so please perform the following scan:

Download DDS & Save it to your desktop from one of the following locations:

DDS.scr

DDS.com

DDS.pif

Double click on the DDS icon, & allow it to run.

A small box will open, with some explanatory info about the tool while the scan is in progress.

When the scan is complete, Notepad will open two logs to display the scan results (DDS.txt & attach.txt).

Save both reports to your desktop.

Please copy and paste dds.txt into your next reply and hold on to attach.txt for now.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

================

Some background information on what we're planning to do can be found HERE

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

To sum it up - I'd like your to copy/paste dds.txt and the tdsskiller log into your next reply. Thank You!

Link to post
Share on other sites

My sincere apology, I was on business travel and did not have time to check up on this issue, just returned home yesterday.

Before I have a chance to do anything, my friend decided to re-installed Windows and reformatted the drives, so far so good, no ISP cutoff since then.

Once again, sorry for not keeping in touch and appreciated your assistance.

Thanks

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.