[maliprog]

Let's install the free Avast on your infected PC. AVAST have Boot time technology that we need right now.

AVAST Free

Once you have it installed and it has updated, right click on it and select Open Avast! User Interface then click on Scan Computer, then on
Boot-Time Scan then Schedule Now.

Reboot and let it run a scan. It will take many hours (like overnight) and unfortunately you may need to check back with it once in a while to see if it needs an input from you. If the scan hangs that may indicate a hardware problem.

[Advertisements]

I got it running again, I think it just froze. It's been doing that from time to time. I got the log open (although only 49% through). Would you like to see that first, and let VRT finish looking, or go ahead with Avast?

[Psu22UL]

I got it running again, I think it just froze. It's been doing that from time to time. I got the log open (although only 49% through). Would you like to see that first, and let VRT finish looking, or go ahead with Avast?

[maliprog]

Yes please. If you have log post it here for me.

If VRT freezes again then turn it off and try AVAST boot scan. That should run just fine.

[Psu22UL]

Trying to paste it but Mozilla keeps not responding every time I do.

[Psu22UL]

Couldn't get it pasted..so next best thing:

[maliprog]

It's OK. We tried. Please continue with VRT if it runs, or AVAST if VRT doesn't run.

[Psu22UL]

Alright. I thought I'd attached the log but..it didn't appear. Computer is running at a super slow speed right now. 1 trojan as I said is disinfected (copied, but disinfected I guess?)

Edit: When/if VRT finishes, do you want me to save the log onto a flash drive, and try pasting it from this computer that's working?

Edit2: Might be helpful, but the trojan VRT could do nothing about is named MEM:Rootkit.Win32.TDSS.fa

Edited by Psu22UL, 23 October 2012 - 11:45 PM.

[maliprog]

Yes that was helpful!

Can you please stop VRT scan for now? We need different tool for that infection. Let me know when you stop VRT scan.

[Psu22UL]

VRT scan stopped. When I awoke this morning the scan had slowed to a crawl (estimated 2 days before completion). I've downloaded Avast, it's running a quick scan then I'll run the full scan and post the logs.

[maliprog]

Please don't run any scans for now. I have new steps based on VRT infection found. Stop all scans and do this:

Download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
• Check the boxes beside:
  
  
  • Loaded modules
    
    
• A reboot will be needed to apply the changes. Do it.
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
• Then click on Change parameters in TDSSKiller.
• Make sure to check:
  
  
  • Services and drivers
  • Boot sectors
  • Loaded modules
  • Verify Driver Digital Signature
  • Detect TDLFS file system
    
    
• then click OK.
• Click the Start Scan button to start the scan.
• If a suspicious object is detected, the default action will be Skip
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
• Ensure Cure is selected for malicious objects
  
  
• Click Continue then Reboot now to finish the cleaning process.
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\\ folder) in the form of \"TDSSKiller.[Version]_[Date]_[Time]_log.txt\". Please copy and paste its contents on your next reply.

[Psu22UL]

Tried posting the log, but it said my post was too long.

[maliprog]

Please do the following now:

• Right-click that file, point to Send To, and then click Compressed (zipped) Folder.
• A new compressed file is created.
• Please attach that file in your next reply.

How to add an attachment to a new topic or reply

[Psu22UL]

Here you are:  TDSSKiller.2.8.13.0_24.10.2012_09.12.47_log.zip   125.45KB   86 downloads

Cure wasn't available as an option, so I did as you said and skipped.

Edited by Psu22UL, 24 October 2012 - 07:36 AM.

[maliprog]

Hi Psu22UL,

Step 1

Please run TDSSKiller again and for this line

\Device\Harddisk0\DR0 ( TDSS File System )

Select Delete option and remove it. Post log after the scan.

Step 2

Now that you have Avast installed and updated, right click on it and select Open Avast! User Interface then click on Scan Computer, then on
Boot-Time Scan then Schedule Now.

Reboot and let it run a scan. It will take many hours (like overnight) and unfortunately you may need to check back with it once in a while to see if it needs an input from you. If the scan hangs that may indicate a hardware problem.

Step 3

Please don't forget to include these items in your reply:

• TDSSKiller log

It would be helpful if you could post each log in separate post using "Add Reply" button

[Psu22UL]

I ran the tdsskiller, selected delete for it. However, when I went to find the log later after running avast, it's no where to be found. I'm not sure if it somehow didn't get saved or what. Run it again?

Avast found 2 items which I assumed I was to delete.