PA MBR Alureon (R-K) Virus [Closed]
Started by
jazzdazz
, May 03 2012 05:05 AM
#16
Posted 05 May 2012 - 02:59 PM
#17
Posted 05 May 2012 - 03:01 PM
Did you receive - I tried to send again?
#18
Posted 05 May 2012 - 03:02 PM
Yes, I've got it now.
#19
Posted 05 May 2012 - 03:04 PM
Hi, I tried sending again. It reflects in my summary that I sent it with the attachment - do you see it now?
#20
Posted 05 May 2012 - 03:07 PM
Should I check back later?
#21
Posted 05 May 2012 - 03:09 PM
Hi.
Yes, I have got the file now so you don't have to worry.
Yes, I have got the file now so you don't have to worry.
#22
Posted 06 May 2012 - 03:46 PM
Hi.
Step 1
Please download and extract the following file to your USB drive: mbr.zip 499bytes 83 downloads
Step 2
Boot into Normal Mode and double click aswMBR.exe to run it.
Click the "Scan" button to start the scan.
If Avast asks to download definitions, please say Yes.
On completion of the scan click save log, save it to your desktop and post it in your next reply.
Things I want to see in your next reply
Step 1
Please download and extract the following file to your USB drive: mbr.zip 499bytes 83 downloads
- Boot from the xPUD CD.
- Press File.
- Expand mnt.
- Click on the folder that represents your USB drive (sdb1).
- Press Tool at the top.
- Choose Open Terminal.
- Type the following and press enter:
dd if=mbr.bin of=/dev/sda bs=512 count=1
- Press Enter.
- Reboot your computer.
Step 2
Boot into Normal Mode and double click aswMBR.exe to run it.
Click the "Scan" button to start the scan.
If Avast asks to download definitions, please say Yes.
On completion of the scan click save log, save it to your desktop and post it in your next reply.
Things I want to see in your next reply
- aswMBR.txt
#23
Posted 07 May 2012 - 05:03 AM
Hi Ned,
When I extracted the mbr it created a folder? What am I to do with it? I will be able to follow thru with the rest of your instructions this afternoon (5:00 p.m. est-USA)
Jazzdazz
When I extracted the mbr it created a folder? What am I to do with it? I will be able to follow thru with the rest of your instructions this afternoon (5:00 p.m. est-USA)
Jazzdazz
#24
Posted 07 May 2012 - 08:09 AM
Hi.
The mbr.bin file should be inside the folder that was created. You can cut and paste the file outside of the folder and then delete the folder if you like.
The mbr.bin file should be inside the folder that was created. You can cut and paste the file outside of the folder and then delete the folder if you like.
#25
Posted 07 May 2012 - 06:43 PM
Hi Ned,
Did all that you instructed on last instructions. After the reboot, I tried to run aswMBR.exe to run with no success????
Jazzdazz
Did all that you instructed on last instructions. After the reboot, I tried to run aswMBR.exe to run with no success????
Jazzdazz
#26
Posted 07 May 2012 - 07:07 PM
Hi Ned,
This process is a long one and becoming frustrating (not that I don't appreciate your help). Do you think it can be fixed?
JazzDazz
This process is a long one and becoming frustrating (not that I don't appreciate your help). Do you think it can be fixed?
JazzDazz
#27
Posted 07 May 2012 - 07:41 PM
UPDATE: I renamed the aswMBR.exe to avast.exe and it actually opened. The scan started, but ended after a few seconds. One thing I saw was initialize error - driver not loaded. Something is terminating the program and I suppose that something is the infection????
Don't know if this helps.
Jazzdazz
Don't know if this helps.
Jazzdazz
#28
Posted 08 May 2012 - 02:26 PM
Hi.
Step 1
You can rename aswMBR to Nedklaw.exe. If you can't get aswMBR to run then you can run RogueKiller instead.
Step 2
Step 3
Download ComboFix from one of these locations and set the Save as type to All Files before saving it.
Rename it to abc123.exe.
Link 1
Link 2
Link 3
IMPORTANT !!! You need to Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.
When finished, it shall produce a log for you. Please copy & paste the contents of this log at C:\ComboFix.txt in your next reply.
Things I want to see in your next reply
Step 1
See if there is another aswMBR window open and close it.One thing I saw was initialize error - driver not loaded.
You can rename aswMBR to Nedklaw.exe. If you can't get aswMBR to run then you can run RogueKiller instead.
Step 2
- Start RogueKiller.exe.
- Note: If RogueKiller has been blocked, do not hesitate to try several times. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again.
- Wait until the Prescan has finished.
- Click on Scan.
- Wait for the end of the scan.
- The report has been created on the desktop.
- Click on the Delete button.
- The report has been created on the desktop.
Step 3
Download ComboFix from one of these locations and set the Save as type to All Files before saving it.
Rename it to abc123.exe.
Link 1
Link 2
Link 3
IMPORTANT !!! You need to Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here.
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.
When finished, it shall produce a log for you. Please copy & paste the contents of this log at C:\ComboFix.txt in your next reply.
Things I want to see in your next reply
- aswMBR.txt/All RKreport.txt files
- ComboFix.txt
#29
Posted 09 May 2012 - 08:40 AM
Hi Ned,
I did all that you asked in previous email; however, when Combfix begans to run it seems to get hung up - into an hour I stopped it. I will try again, because I notice SPYBOT displays a window that says attempt of program trying to do a registry change when I run Combatfix.
Also, I had already ran RK - why am I running again, if you don't mind.
One thing I thought about last night. Prior to connecting with Geekstogo and yourself, I had run a registry clean and there were a lot of Reg keys that had error and I deleted them; HOWEVER I did save before I deleted and can put the REG keys back. DO YOU THINK IT's NECESSARY?
JazzDazz
I did all that you asked in previous email; however, when Combfix begans to run it seems to get hung up - into an hour I stopped it. I will try again, because I notice SPYBOT displays a window that says attempt of program trying to do a registry change when I run Combatfix.
Also, I had already ran RK - why am I running again, if you don't mind.
One thing I thought about last night. Prior to connecting with Geekstogo and yourself, I had run a registry clean and there were a lot of Reg keys that had error and I deleted them; HOWEVER I did save before I deleted and can put the REG keys back. DO YOU THINK IT's NECESSARY?
JazzDazz
#30
Posted 09 May 2012 - 08:43 AM
Ned, I wasn't clear on the following, although I renamed after downloading Rogue Killer. What do you mean set the Save as type to All Files before saving it. Maybe that's why the program is getting hung up; because I didn't do this.
set the Save as type to All Files before saving it.
Rename it to abc123.exe.
set the Save as type to All Files before saving it.
Rename it to abc123.exe.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users