Infected Computer with possible backdoor Trojans and rootkits [Solved]
#16
Posted 05 August 2013 - 08:49 PM
#17
Posted 05 August 2013 - 08:54 PM
#18
Posted 05 August 2013 - 09:00 PM
#19
Posted 05 August 2013 - 09:05 PM
#20
Posted 05 August 2013 - 09:11 PM
#21
Posted 05 August 2013 - 09:12 PM
Press the Windows Key+R. At the Run window copy and paste the following command (including the quotation marks) and click OK:
cmd /c findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >"%Userprofile%\desktop\sfcdetails.txt"
A report, (sfcdetails.txt) will be produced on your desktop. See if Notepad can open it or have it uploaded to the link above.
#22
Posted 05 August 2013 - 09:13 PM
#23
Posted 07 August 2013 - 01:38 PM
#24
Posted 07 August 2013 - 07:48 PM
Press Start, type CMD and press the CTRL+SHIFT+ENTER keys simultaneously. This should open the Adminitrator Command Prompt. At the Prompt copy and paste the following command (including the quotation marks) and press Enter:
findstr /c:"[SR]" C:\Windows\logs\cbs\cbs.log >"%Userprofile%\desktop\sfcdetails.txt"
A report, (sfcdetails.txt) will be produced on your desktop. See if Notepad can open it or have it uploaded to the link above.
#25
Posted 08 August 2013 - 01:40 PM
Attached Files
#26
Posted 08 August 2013 - 04:04 PM
tzres.dll.mui
lmhosts.sam
tcpmon.ini
Windows Exclamation.wav
settings.ini
Lets check the services and MBR.
Please download the latest version of TDSSKiller from here and save it to your Desktop.
- Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
- Put a checkmark beside loaded modules.
- A reboot will be needed to apply the changes. Do it.
- TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
- Then click on Change parameters in TDSSKiller.
- Check all boxes then click OK.
- Click the Start Scan button.
- The scan should take no longer than 2 minutes.
- If a suspicious object is detected, the default action will be Skip, click on Continue.
- If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed. - A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
#27
Posted 08 August 2013 - 04:33 PM
Attached Files
#28
Posted 08 August 2013 - 10:15 PM
\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
Download OTL to your Desktop
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- OTL should now start. Change the following settings
- Change Drivers to All
- Change Standard Registry to All
- Under File Scans, change File age to 30
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
- Please post the contents of the OTL.txt file and attach the Extras.Txt, if any, in your next reply.
How is the computer doing?
#29
Posted 08 August 2013 - 10:21 PM
#30
Posted 09 August 2013 - 08:46 AM
To help remove the cookies in your computer, use Superantispyware.I will go ahead and do that. It seems okay, it just won't run any scans. It freezes. Except, we had about 4 hours of horrific thunderstorms here and the power went out well I was using my computer {my battery doesn't work}. After we got power back, my computer went to that grey screen that said it had to repair windows. It wanted to use system restore, but I clicked cxl. Also, I noticed that when I Google my "name" items show up all over "spam" pages, including things that were private on my computer and Facebook. I can only think malicious tracking cookies? Thanks for all your help. I really appreciate it.
Download and scan with SUPERAntiSpyware (Free for Home Users) and follow these instructions
If you feel the your information has been exploited, change your password on all these sites. That should provide some protection.
Please download Farbar Service Scanner and run it on the computer with the issue.
- Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please copy and paste the log to your reply.
Keep me posted.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users