SuperAntiSpyware portable ran, but did not detect the intrusion. I used Rkill and renamed the MB executable to stop it from intercepting Malwarebytes, and I thought it had been removed, but it has since come back twice. Both times there has been an executable in the C:/users/MyUserName/AppData/Local/ folder, a Windows Security icon in the taskbar, and popups (particularly when I try to run MalwareBytes or access windows security). It also blocked browsing of web sites in FireFox and IE with a "this page could be dangerous" page.
I have been attempting to follow the instructions at http://www.geekstogo...ity-2012-issue/ among other threads on this malware, but so far have been unsuccessful so I am hoping I can get some help removing this thing.
The initial rkill log terminated the processes iyq.exe (the executable from AppData/Local) and rundll. The more recent one doesn't show names, although it did allow me to access the internet and Malwarebytes. I am attaching logs from OTL, MBAM, TDSKiller, and MBRCheck. I also attempted to run aswMBR.exe, but it twice resulted in a BSOD, although at different points in the scanning process.
Thank you in advance for your help,
Garuga S. Monk
Attached Files
-
OTL.Txt 121.58KB
65 downloads
-
Extras.Txt 39.08KB
105 downloads
-
mbam-log-2011-12-21 (01-52-15).txt 1.62KB
96 downloads
-
TDSSKiller.2.6.23.0_21.12.2011_02.20.30_log.txt 82.32KB
88 downloads
-
MBRCheck_12.21.11_02.24.15.txt 20.35KB
180 downloads
Sign In
Create Account
