[heathermb769]

Well.... I guess my system is pretty messed up :-(
Is this the log you were looking for?


More details





Antivirus

Result

Update




AhnLab-V3

-

20120910



AntiVir

BOO/TDss.O

20120911



Antiy-AVL

-

20120910



Avast

MBR:SST [Rtk]

20120910



AVG

-

20120911



BitDefender

Rootkit.MBR.Sst.C (Boot image)

20120911



ByteHero

-

20120910



CAT-QuickHeal

Bootkit.TDSS.TDL4A

20120910



ClamAV

-

20120911



Commtouch

Alureon.A

20120911



Comodo

-

20120911



DrWeb

-

20120911



Emsisoft

Trojan.DOS.Alureon!IK

20120911



eSafe

-

20120907



ESET-NOD32

-

20120910



F-Prot

Alureon.A

20120910



F-Secure

Rootkit.MBR.Sst.C \(Boot image\)

20120911



Fortinet

BOOT/Sst.A!tr.rkit

20120830



GData

Rootkit.MBR.Sst.C

20120911



Ikarus

Trojan.DOS.Alureon

20120911



Jiangmin

-

20120911



K7AntiVirus

Virus

20120910



Kaspersky

Rootkit.Boot.SST.a

20120911



McAfee

-

20120911



McAfee-GW-Edition

-

20120911



Microsoft

Trojan:DOS/Alureon.L

20120911



Norman

Alureon.A

20120910



nProtect

-

20120910



Panda

-

20120910



PCTools

-

20120911



Rising

-

20120911



Sophos

Troj/TdlMbr-D

20120911



SUPERAntiSpyware

-

20120910



Symantec

-

20120911



TheHacker

-

20120910



TotalDefense

-

20120910



TrendMicro

-

20120911



TrendMicro-HouseCall

-

20120911



VBA32

-

20120910



VIPRE

Trojan.Win32.TdlMbr.d (v)

20120911



ViRobot

-

20120911



VirusBuster

-

20120910

[Advertisements]

Do you have the Recovery Console on your computer?

If you are unsure then do this:

Restart your computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
See if the option Repair your computer is there:



Come back and tell me.

[emeraldnzl]

Do you have the Recovery Console on your computer?

If you are unsure then do this:

Restart your computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
See if the option Repair your computer is there:



Come back and tell me.

[heathermb769]

Ok. The option for "Repair your computer" is there - but when I select it, it goes into "windows is loading files" and hangs. I waited about 4 minutes, but nothing happened at all with the status bar.

[heathermb769]

I've got to call it a night. I'll check in the morning for any next steps. Thanks for sticking with me!

[emeraldnzl]

Ok. The option for "Repair your computer" is there - but when I select it, it goes into "windows is loading files" and hangs. I waited about 4 minutes, but nothing happened at all with the status bar.

Hmm... so it goes straight to "windows is loading files" i.e. it doesn't ask you which OS or somesuch first? The reason I ask is because this is the instruction I was going to give you:

• Start the safe mode menu by rebooting and pressing and holding F8
• Select Repair your computer.
• Select the operating system you want to repair, and then click Next.
• Select command prompt
• Type in the following command
  
  Bootrec.exe /FixMbr (note the space... it should be there)
  
• Once finished type Exit

-------------------------------------------------------------------------------------------
So if you can't carry out the above instruction move on to this:

Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
• Put a checkmark beside loaded modules.
  
• A reboot will be needed to apply the changes. Do it.
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
• Then click on Change parameters in TDSSKiller.
• Check all boxes then click OK.
  
• Click the Start Scan button.
  
• The scan should take no longer than 2 minutes.
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
• A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

[emeraldnzl]

I've got to call it a night. I'll check in the morning for any next steps.

Okay, catch you tomorrow.

Thanks for sticking with me!

No problems... it's certainly turning into and interesting one.

[heathermb769]

Unfortunately, I can't do either of the above options.

When I try to run Kaspersky TDSS Killer, I have the same response as when I tried to run aswMBR, in that I get the popup asking me if I want to allow it to make changes. I select yes, the popup window goes away, and nothing happens.

I tried running it as Administrator, with the same (lack of) results.

I also right-clicked and did troubleshoot compatibility. I come up with the same "incompatible application as aswMBR.

Are the viruses affecting the computer's ability to run these items?

Glad that I'm providing you with a challenge :-)

[emeraldnzl]

Are the viruses affecting the computer's ability to run these items?

Yes I think so. Malware often interferes with our tools.

Let's see if this will work.

Download Rogue Kill

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious.

Double-click on rkill.com to run it. You will probably need to run this program a few times to stop the malware process running. The malware will probably complain about being stopped but please ignore this. Do not reboot your computer after running rkill as the malware programs will start again.

Then..

Run TDSSKiller.

[heathermb769]

Here is the log from Rogue Kill.

I still can not run tdss killer

Rkill 2.3.11 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html

Program started at: 09/11/2012 06:44:54 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/11/2012 06:44:57 PM
Execution time: 0 hours(s), 0 minute(s), and 2 seconds(s)

[emeraldnzl]

See if you can run TDSSKiller in Safe Mode.

[heathermb769]

No luck in safe mode.

[emeraldnzl]

Removed.

Edited by emeraldnzl, 11 September 2012 - 10:28 PM.
After consultation potentially misleading

[heathermb769]

Thank you for all your hard efforts.

Before I go and purchase the recovery CD - which I am certain is the same as I have here, and requires a back up and reinstall of Windows 7, can I ask a few questions (that are probably stupid...)

1) I have an external hard drive that I have used to back up another laptop and a PC. If I connect it to this laptop and back up my documents / music / etc., what is the risk of me copying those viruses / MBR infection onto my external hard drive?

2)On my desktop, I have the option of burning recovery CD's such as when I first got this laptop. I did burn a set of recovery cd's - (because I have extraordinary luck, disk one of 3 is missing, but I'm still on the hunt for it.) Can I burn a new set of recovery cd's from this program, or will that carry the infection with it?

3) I know I had a third question, but it has slipped my mind as of right now. I remember - your last post indicates that a reformat / reinstallation of windows won't resolve the problem. How can I be sure that any recovery disk I purchase won't be the same as the one I have here that only reformats?

[emeraldnzl]

Hello heathermb769,

I am going to consult on this one before answering you. Want to make sure I give you the best advice I can.

Might take a bit of time as we are in different time zones.

I will get back to you.

[heathermb769]

Thank you again... just wanted to add a little postscript... I found disk one of the three recovery discs created when I first got the laptop. Don't know if that helps, but.... :-)))