[jazzdazz]

Okay I will try again - can I do from my infected computer  mbr.zip (508bytes)
Number of downloads: 5

Attached File(s)

•  mbr.zip (508bytes)
  Number of downloads: 8

[jazzdazz]

Did you receive - I tried to send again?

[Nedklaw]

Yes, I've got it now.

[jazzdazz]

Hi, I tried sending again. It reflects in my summary that I sent it with the attachment - do you see it now?

[jazzdazz]

Should I check back later?

[Nedklaw]

Hi.
Yes, I have got the file now so you don't have to worry.

[Nedklaw]

Hi.


Step 1

Please download and extract the following file to your USB drive:  mbr.zip (499bytes)
Number of downloads: 6

• Boot from the xPUD CD.
  
• Press File.
  
• Expand mnt.
  
• Click on the folder that represents your USB drive (sdb1).
  
• Press Tool at the top.
  
• Choose Open Terminal.
  
• Type the following and press enter:
  
  

  Quote

  dd if=mbr.bin of=/dev/sda bs=512 count=1
  
  
• Press Enter.
  
• Reboot your computer.

Step 2

Boot into Normal Mode and double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.
If Avast asks to download definitions, please say Yes.




On completion of the scan click save log, save it to your desktop and post it in your next reply.




Things I want to see in your next reply

• aswMBR.txt

[jazzdazz]

Hi Ned,

When I extracted the mbr it created a folder? What am I to do with it? I will be able to follow thru with the rest of your instructions this afternoon (5:00 p.m. est-USA)

Jazzdazz

[Nedklaw]

Hi.
The mbr.bin file should be inside the folder that was created. You can cut and paste the file outside of the folder and then delete the folder if you like.

[jazzdazz]

Hi Ned,

Did all that you instructed on last instructions. After the reboot, I tried to run aswMBR.exe to run with no success????

Jazzdazz

[jazzdazz]

Hi Ned,

This process is a long one and becoming frustrating (not that I don't appreciate your help). Do you think it can be fixed?

JazzDazz

[jazzdazz]

UPDATE: I renamed the aswMBR.exe to avast.exe and it actually opened. The scan started, but ended after a few seconds. One thing I saw was initialize error - driver not loaded. Something is terminating the program and I suppose that something is the infection????

Don't know if this helps.

Jazzdazz

[Nedklaw]

Hi.


Step 1

Quote

One thing I saw was initialize error - driver not loaded.

See if there is another aswMBR window open and close it.
You can rename aswMBR to Nedklaw.exe. If you can't get aswMBR to run then you can run RogueKiller instead.


Step 2

• Start RogueKiller.exe.
  
• Note: If RogueKiller has been blocked, do not hesitate to try several times. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again.
  
• Wait until the Prescan has finished.
  
• Click on Scan.
  
  
  
  
• Wait for the end of the scan.
  
• The report has been created on the desktop.
  
  
• Click on the Delete button.
  
• The report has been created on the desktop.

Step 3

Download ComboFix from one of these locations and set the Save as type to All Files before saving it.
Rename it to abc123.exe.

Link 1
Link 2
Link 3


IMPORTANT !!! You need to Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.

When finished, it shall produce a log for you. Please copy & paste the contents of this log at C:\ComboFix.txt in your next reply.


Things I want to see in your next reply

• aswMBR.txt/All RKreport.txt files
  
• ComboFix.txt

[jazzdazz]

Hi Ned,

I did all that you asked in previous email; however, when Combfix begans to run it seems to get hung up - into an hour I stopped it. I will try again, because I notice SPYBOT displays a window that says attempt of program trying to do a registry change when I run Combatfix.

Also, I had already ran RK - why am I running again, if you don't mind.

One thing I thought about last night. Prior to connecting with Geekstogo and yourself, I had run a registry clean and there were a lot of Reg keys that had error and I deleted them; HOWEVER I did save before I deleted and can put the REG keys back. DO YOU THINK IT's NECESSARY?

JazzDazz

[jazzdazz]

Ned, I wasn't clear on the following, although I renamed after downloading Rogue Killer. What do you mean set the Save as type to All Files before saving it. Maybe that's why the program is getting hung up; because I didn't do this.

set the Save as type to All Files before saving it.
Rename it to abc123.exe.