Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PA MBR Alureon (R-K) Virus [Closed]


  • This topic is locked This topic is locked

#16
jazzdazz

jazzdazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Okay I will try again - can I do from my infected computer Attached File  mbr.zip   508bytes   35 downloads

Attached Files

  • Attached File  mbr.zip   508bytes   28 downloads

  • 0

Advertisements


#17
jazzdazz

jazzdazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Did you receive - I tried to send again?
  • 0

#18
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Yes, I've got it now.
  • 0

#19
jazzdazz

jazzdazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi, I tried sending again. It reflects in my summary that I sent it with the attachment - do you see it now?
  • 0

#20
jazzdazz

jazzdazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Should I check back later?
  • 0

#21
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Yes, I have got the file now so you don't have to worry.
  • 0

#22
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

Please download and extract the following file to your USB drive: Attached File  mbr.zip   499bytes   30 downloads

  • Boot from the xPUD CD.
  • Press File.
  • Expand mnt.
  • Click on the folder that represents your USB drive (sdb1).
  • Press Tool at the top.
  • Choose Open Terminal.
  • Type the following and press enter:

    dd if=mbr.bin of=/dev/sda bs=512 count=1

  • Press Enter.
  • Reboot your computer.

Step 2

Boot into Normal Mode and double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.
If Avast asks to download definitions, please say Yes.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image


Things I want to see in your next reply

  • aswMBR.txt

  • 0

#23
jazzdazz

jazzdazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi Ned,

When I extracted the mbr it created a folder? What am I to do with it? I will be able to follow thru with the rest of your instructions this afternoon (5:00 p.m. est-USA)

Jazzdazz
  • 0

#24
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
The mbr.bin file should be inside the folder that was created. You can cut and paste the file outside of the folder and then delete the folder if you like.
  • 0

#25
jazzdazz

jazzdazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi Ned,

Did all that you instructed on last instructions. After the reboot, I tried to run aswMBR.exe to run with no success????

Jazzdazz
  • 0

Advertisements


#26
jazzdazz

jazzdazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi Ned,

This process is a long one and becoming frustrating (not that I don't appreciate your help). Do you think it can be fixed?

JazzDazz
  • 0

#27
jazzdazz

jazzdazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
UPDATE: I renamed the aswMBR.exe to avast.exe and it actually opened. The scan started, but ended after a few seconds. One thing I saw was initialize error - driver not loaded. Something is terminating the program and I suppose that something is the infection????

Don't know if this helps.

Jazzdazz
  • 0

#28
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

One thing I saw was initialize error - driver not loaded.

See if there is another aswMBR window open and close it.
You can rename aswMBR to Nedklaw.exe. If you can't get aswMBR to run then you can run RogueKiller instead.


Step 2

  • Start RogueKiller.exe.
  • Note: If RogueKiller has been blocked, do not hesitate to try several times. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again.
  • Wait until the Prescan has finished.
  • Click on Scan.

    Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
  • The report has been created on the desktop.

Step 3

Download ComboFix from one of these locations and set the Save as type to All Files before saving it.
Rename it to abc123.exe.

Link 1
Link 2
Link 3


IMPORTANT !!! You need to Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.

When finished, it shall produce a log for you. Please copy & paste the contents of this log at C:\ComboFix.txt in your next reply.


Things I want to see in your next reply

  • aswMBR.txt/All RKreport.txt files
  • ComboFix.txt

  • 0

#29
jazzdazz

jazzdazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hi Ned,

I did all that you asked in previous email; however, when Combfix begans to run it seems to get hung up - into an hour I stopped it. I will try again, because I notice SPYBOT displays a window that says attempt of program trying to do a registry change when I run Combatfix.

Also, I had already ran RK - why am I running again, if you don't mind.

One thing I thought about last night. Prior to connecting with Geekstogo and yourself, I had run a registry clean and there were a lot of Reg keys that had error and I deleted them; HOWEVER I did save before I deleted and can put the REG keys back. DO YOU THINK IT's NECESSARY?

JazzDazz
  • 0

#30
jazzdazz

jazzdazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Ned, I wasn't clear on the following, although I renamed after downloading Rogue Killer. What do you mean set the Save as type to All Files before saving it. Maybe that's why the program is getting hung up; because I didn't do this.

set the Save as type to All Files before saving it.
Rename it to abc123.exe.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP