[ldtate]

After the reboot do this

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply

[Advertisements]

Restarted the computer desktop returned to normal I got a message that bonjour has stopped working this is a simmilar message to what I have been seeing when I started having problems, i also after a few minuets got the "host process service has stopped working windows can check online" The alert looks really suspicious and low quality so I didn't do anything to it most I went online and went to a few sites and that seems to be working fine. Also the same windows shield that I think is linked to the virus because it appeared when I started having problems is still over the desktop icons to Hitman Pro, Maleware Bytes and ATF cleaner. But the shield is gone from combo fix and dds.scr other than that it seems ok.

[JayJoss007]

Restarted the computer desktop returned to normal I got a message that bonjour has stopped working this is a simmilar message to what I have been seeing when I started having problems, i also after a few minuets got the "host process service has stopped working windows can check online" The alert looks really suspicious and low quality so I didn't do anything to it most I went online and went to a few sites and that seems to be working fine. Also the same windows shield that I think is linked to the virus because it appeared when I started having problems is still over the desktop icons to Hitman Pro, Maleware Bytes and ATF cleaner. But the shield is gone from combo fix and dds.scr other than that it seems ok.

[JayJoss007]

I just downloaded aswMBR and the download box the one that you click on that lest you direct were the file goes looked kinda funny but I clicked ok and the file downloaded and it gained the windows shield again going to run the program now

[JayJoss007]

when I downloaded the program I tried to run it and got the can run programs message I have been getting. so I restarted ran the program took like a second and got this log:



aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-11 14:42:03
-----------------------------
14:42:03.754 OS Version: Windows 6.0.6001 Service Pack 1
14:42:03.754 Number of processors: 2 586 0xE0C
14:42:03.754 ComputerName: JAYS-PC UserName: Jason
14:42:10.680 Initialize success
14:42:19.104 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
14:42:19.104 Disk 0 Vendor: Hitachi_HTS541612J9SA00 SBDOC74P Size: 114473MB BusType: 3
14:42:19.104 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000063
14:42:19.120 Disk 1 Vendor: ( Size: 114473MB BusType: 0
14:42:19.120 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000064
14:42:19.120 Disk 2 Vendor: ( Size: 114473MB BusType: 0
14:42:19.136 Disk 0 MBR read error 0
14:42:19.136 Disk 0 MBR scan
14:42:19.136 Disk 0 unknown MBR code
14:42:19.151 MBR BIOS signature not found 0
14:42:19.151 Disk 0 scanning sectors +234439600
14:42:19.151 Disk 0 scanning C:\Windows\system32\drivers
14:42:36.810 Disk 0 MBR has been saved successfully to "C:\Users\Jason\Desktop\Desktop\Desktop\Desktop\MBR.dat"
14:42:36.810 The log file has been saved successfully to "C:\Users\Jason\Desktop\Desktop\Desktop\Desktop\aswMBR.txt"

[ldtate]

Try combofix
If that doesn't run, try DDS

If still a no go,

Print out these instructions as we may need to close every window that is open later in the fix.


It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Do not reboot your computer after running rkill as the malware programs will start again.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

• rkill.exe
• rkill.com
• rkill.scr
• WiNlOgOn.exe
• uSeRiNiT.exe

Do not reboot your computer after running rkill as the malware programs will start again.


Next:Try combofix

[ldtate]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.