Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

arbitrary shut down/core dumps [Solved]

Started by polloq , Jul 18 2014 10:09 AM

  • This topic is locked This topic is locked

#31
polloq
Posted 30 July 2014 - 05:40 PM

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Windows resource Protection could not perform this operation

ALSO, a 'grep.3XE has stopped working ' error message/dialog box popped up

Edited by polloq, 30 July 2014 - 05:53 PM.

  • 0

Advertisements

#32
emeraldnzl
Posted 30 July 2014 - 07:54 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

 

ALSO, a 'grep.3XE has stopped working ' error message/dialog box popped up

 

I think that is part of ComboFix and not required unless you are running it. Actually, ComboFix has a built in "timeout" (stop working) after a certain period so that might be all it is.

 

 

Windows resource Protection could not perform this operation

 

Which action chkdsk or System File Checker?

 

Also, are you running them as Administrator... see instructions for System File Checker?


  • 0

#33
polloq
Posted 01 August 2014 - 11:13 AM

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

the grep.3xe error is arbitrary.
the sfc /scannow was done as admin


  • 0

#34
emeraldnzl
Posted 01 August 2014 - 03:40 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello polloq,

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    image000q.png
  • Put a checkmark beside loaded modules.

    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    2012081517h0349.png
  • Click the Start Scan button.

    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    62117367.jpg

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


  • 0

#35
polloq
Posted 03 August 2014 - 12:14 PM

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

11:59:45.0407 0x0a98  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
11:59:46.0094 0x0a98  ============================================================
11:59:46.0094 0x0a98  Current date / time: 2014/08/03 11:59:46.0094
11:59:46.0094 0x0a98  SystemInfo:
11:59:46.0094 0x0a98 
11:59:46.0094 0x0a98  OS Version: 6.1.7601 ServicePack: 1.0
11:59:46.0094 0x0a98  Product type: Workstation
11:59:46.0094 0x0a98  ComputerName: KOOSK-PC
11:59:46.0094 0x0a98  UserName: koosk
11:59:46.0094 0x0a98  Windows directory: C:\Windows
11:59:46.0094 0x0a98  System windows directory: C:\Windows
11:59:46.0094 0x0a98  Processor architecture: Intel x86
11:59:46.0094 0x0a98  Number of processors: 2
11:59:46.0094 0x0a98  Page size: 0x1000
11:59:46.0094 0x0a98  Boot type: Normal boot
11:59:46.0094 0x0a98  ============================================================
11:59:46.0140 0x0a98  BG loaded
11:59:52.0848 0x0a98  System UUID: {92FDE736-0780-7E1A-2284-EC1B85237D5E}
11:59:57.0369 0x0a98  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:59:57.0650 0x0a98  ============================================================
11:59:57.0650 0x0a98  \Device\Harddisk0\DR0:
11:59:57.0665 0x0a98  MBR partitions:
11:59:57.0665 0x0a98  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
11:59:57.0665 0x0a98  ============================================================
11:59:58.0133 0x0a98  C: <-> \Device\Harddisk0\DR0\Partition1
11:59:58.0133 0x0a98  ============================================================
11:59:58.0133 0x0a98  Initialize success
11:59:58.0133 0x0a98  ============================================================
12:00:44.0497 0x02c8  ============================================================
12:00:44.0559 0x02c8  Scan started
12:00:44.0559 0x02c8  Mode: Manual; SigCheck; TDLFS;
12:00:44.0559 0x02c8  ============================================================
12:00:44.0559 0x02c8  KSN ping started
12:00:55.0869 0x02c8  KSN ping finished: true
12:01:15.0385 0x02c8  ================ Scan system memory ========================
12:01:15.0385 0x02c8  System memory - ok
12:01:15.0385 0x02c8  ================ Scan services =============================
12:01:22.0373 0x02c8  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:01:28.0769 0x02c8  1394ohci - ok
12:01:30.0485 0x02c8  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:01:30.0563 0x02c8  ACPI - ok
12:01:30.0657 0x02c8  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:01:31.0203 0x02c8  AcpiPmi - ok
12:01:32.0108 0x02c8  [ A6B6AB9502B63F43A9A56AE6AFB22078, DD1F0BA3D8F3333F52A71EAE3719A001F6EF844D647FFABF0E4C56C6C764ACA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:01:32.0451 0x02c8  AdobeFlashPlayerUpdateSvc - ok
12:01:32.0591 0x02c8  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
12:01:32.0967 0x02c8  adp94xx - ok
12:01:33.0060 0x02c8  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
12:01:33.0107 0x02c8  adpahci - ok
12:01:33.0201 0x02c8  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
12:01:33.0248 0x02c8  adpu320 - ok
12:01:33.0560 0x02c8  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:01:34.0340 0x02c8  AeLookupSvc - ok
12:01:34.0496 0x02c8  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
12:01:34.0527 0x02c8  Suspicious file ( Forged ): C:\Windows\system32\drivers\afd.sys. Real md5: D0B388DA1D111A34366E04EB4A5DD156, sha256: 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938, fake md5: 6FD6C45AFD5FB7C3165CA4166D510C82, fake sha256: 2BA0B5ADB00030FA044D51F7EAEB144758B5ADA63100987DCBC2D3F33FBF51F7
12:01:34.0527 0x02c8  AFD - detected ForgedFile.Multi.Generic ( 1 )
12:01:45.0182 0x02c8  Object is SCO, delete is not allowed
12:01:45.0182 0x02c8  AFD ( ForgedFile.Multi.Generic ) - warning
12:01:45.0322 0x02c8  Force sending object to P2P due to detect: AFD
12:01:48.0162 0x02c8  Object send P2P result: true
12:01:51.0064 0x02c8  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
12:01:51.0157 0x02c8  agp440 - ok
12:01:51.0329 0x02c8  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
12:01:51.0360 0x02c8  aic78xx - ok
12:01:51.0657 0x02c8  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
12:01:51.0906 0x02c8  ALG - ok
12:01:52.0125 0x02c8  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:01:52.0296 0x02c8  aliide - ok
12:01:52.0405 0x02c8  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] amacpi          C:\Windows\system32\DRIVERS\null.sys
12:01:53.0622 0x02c8  amacpi - ok
12:01:53.0685 0x02c8  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
12:01:53.0747 0x02c8  amdagp - ok
12:01:53.0919 0x02c8  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:01:53.0981 0x02c8  amdide - ok
12:01:54.0106 0x02c8  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:01:54.0683 0x02c8  AmdK8 - ok
12:01:54.0948 0x02c8  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:01:55.0120 0x02c8  AmdPPM - ok
12:01:55.0245 0x02c8  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:01:55.0276 0x02c8  amdsata - ok
12:01:55.0354 0x02c8  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
12:01:55.0401 0x02c8  amdsbs - ok
12:01:55.0557 0x02c8  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:01:55.0572 0x02c8  amdxata - ok
12:01:55.0681 0x02c8  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
12:01:56.0883 0x02c8  AppID - ok
12:01:57.0163 0x02c8  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:01:57.0460 0x02c8  AppIDSvc - ok
12:01:57.0756 0x02c8  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
12:01:58.0053 0x02c8  Appinfo - ok
12:01:59.0098 0x02c8  [ 6B73E94F9FE82D45781B8C8A09483082, C35EEAE7457168387A7C77A315524A3703ABDE49D9F23F59057315D9249D3473 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:01:59.0207 0x02c8  Apple Mobile Device - ok
12:01:59.0535 0x02c8  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
12:01:59.0613 0x02c8  arc - ok
12:01:59.0675 0x02c8  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
12:01:59.0722 0x02c8  arcsas - ok
 


  • 0

#36
emeraldnzl
Posted 03 August 2014 - 05:09 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello polloq,

 

  • Please go to VirSCAN.org FREE on-line scan service - Note: Please use Internet Explorer for this one
  • Click on  "Choose file"box on the top of the page:
  • Navigate to Local Disk C > Windows Old > Windows > System32 > Drivers and click on afd.sys
  • Click on the Scan button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

 

 


  • 0

#37
polloq
Posted 03 August 2014 - 08:13 PM

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

VirSCAN.org Scanned Report :
Scanned time   : 2014-08-04 10:08:11
Scanner results: 0%的杀软(0/39)报告发现病毒
File Name      : afd.sys
File Size      : 338944 byte
File Type      : application/x-dosexec
MD5            : d0b388da1d111a34366e04eb4a5dd156
SHA1           : 9c7f9df1d32761eb8089a52500fbaab842bf50f9
Online report  : http://r.virscan.org...a1ef10e6b249841

Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result
ahnlab         9.9.9          9.9.9             2013-05-28     4    Found nothing                
antivir        1.9.2.0        1.9.159.0         7.11.165.22    16   Found nothing                
antiy          120611         AVL140716         2014-07-17     5    Found nothing                
arcavir        1.0            2011              2014-05-30     8    Found nothing                
asquared       9.0.0.4157     9.0.0.4157        2014-07-03     25   Found nothing                
avast          140803-0       4.7.4             2014-08-03     28   Found nothing                
avg            2109/7410      10.0.1405         2014-07-24     1    Found nothing                
baidu          2.0.1.0        4.1.3.52192       2.0.1.0        6    Found nothing                
baidusd        1.0            1.0               2014-04-02     1    Found nothing                
bitdefender    7.56190        7.90123           2014-08-04     9    Found nothing                
clamav         19258          0.97.5            2014-08-03     1    Found nothing                
comodo         15023          5.1               2014-07-17     3    Found nothing                
ctch           4.6.5          5.3.14            2013-12-01     1    Found nothing                
drweb          5.0.2.3300     5.0.1.1           2014-07-30     28   Found nothing                
fortinet       22.576         5.1.153           2014-08-04     1    Found nothing                
fprot          4.6.2.117      6.5.1.5418        2014-08-03     1    Found nothing                
fsecure        2014-04-02-01  9.13              2014-04-02     7    Found nothing                
gdata          24.3195        24.3195           2014-07-17     11   Found nothing                
hauri          2.73           2.73              2014-07-16     1    Found nothing                
ikarus         1.06.01        V1.32.31.0        2014-08-03     14   Found nothing                
jiangmin       16.0.100       1.0.0.0           2014-07-11     31   Found nothing                
kaspersky      5.5.33         5.5.33            2014-04-01     20   Found nothing                
kingsoft       2.1            2.1               2013-09-22     4    Found nothing                
mcafee         7474           5400.1158         2014-06-19     11   Found nothing                
nod32          9809           3.0.21            2014-05-16     1    Found nothing                
panda          9.05.01        9.05.01           2014-07-16     4    Found nothing                
pcc            10.962.04      9.500-1005        2014-08-03     2    Found nothing                
qh360          1.0.1          1.0.1             1.0.1          13   Found nothing                
qqphone        1.0.0.0        1.0.0.0           2014-08-04     1    Found nothing                
quickheal      14.00          14.00             2014-07-16     3    Found nothing                
rising         25.23.00.02    25.23.00.02       2014-07-14     1    Found nothing                
sophos         5.02           3.51.0            2014-06-20     6    Found nothing                
sunbelt        3.9.2595.2     3.9.2595.2        2014-07-16     2    Found nothing                
symantec       20030814.017   1.3.0.24          2003-08-14     1    Found nothing                
tachyon        9.9.9          9.9.9             2013-12-27     3    Found nothing                
thehacker      6.8.0.5        6.8.0.5           2014-07-11     1    Found nothing                
tws            17.47.17308    1.0.2.2108        2014-07-17     7    Found nothing                
vba            3.12.26.3      3.12.26.3         2014-08-01     3    Found nothing                
virusbuster    15.0.867.0     5.5.2.13          2014-08-03     13   Found nothing                


Edited by polloq, 03 August 2014 - 08:17 PM.

  • 0

#38
polloq
Posted 03 August 2014 - 08:17 PM

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

NOTE:  no 'Old Windows' folder could be 'seen'.


  • 0

#39
emeraldnzl
Posted 03 August 2014 - 11:12 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

 

NOTE:  no 'Old Windows' folder could be 'seen'.

 

I used my machine as a guide (Win 7 Professional). I guess I must have got it wrong or mine may not be typical. In any event it looks like afd.sys was scanned and found clean.

 

Moving on

 

Please download Security Check by screen317 from here .
 

 

  • Save it to your Desktop.
       
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
       
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 


  • 0

#40
polloq
Posted 05 August 2014 - 05:08 AM

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

 Results of screen317's Security Check version 0.99.86 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 AML Free Registry Cleaner 4.7
 JavaFX 2.1.1   
 Java 7 Update 13 
 Java version out of Date!
 Adobe Flash Player  14.0.0.145 
 Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 

NOTE: could not download file to desktop, only a 'partial' download achieved.


Edited by polloq, 05 August 2014 - 09:00 AM.

  • 0

Advertisements

#41
emeraldnzl
Posted 05 August 2014 - 03:06 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Hello again polloq,
 

NOTE: could not download file to desktop, only a 'partial' download achieved.

 
Seems to have run okay.
 
Now

Your Java is out of date. Older versions are vunerable to attack.

Please follow these steps:

Note: Before you download/install ensure you uncheck any other third party software options that might be offered. That is foistware and often they are undesirable programs.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.

       
  • Click Start > Control Panel > Unistall a program
       
  • Remove all Java updates except the latest one you have just installed.

Step 2

Your Adobe Acrobat Reader is out of date. Older versions are vunerable to attack.

Please go to the link below to update.

Note: Before you download/install ensure you uncheck the "Yes install Chrome as default browser and Google Toolbar for Internet Explorer" or any other third party software option. That is foistware.

http://www.adobe.com.../readstep2.html

Note: From time to time software suppliers change the foistware options so it may not show the one quoted in the instructions above. Just take care to untick any boxes offering an option to download or install any other program.
 
 
After those actions

 

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you may need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Disable your security programs.

  • Click the blue Run ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
     then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow/install to install. If your firewall asks whether you want to allow installation, say yes. If asked, click yes to allow the program to run on your computer.
  • Check "Enable detection of potentially unwanted applications"
  • Click on Start and say yes to allow the program to proceed.
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed click "List of found threats" and click again on Copy to clipboard. Open notepad and past in the clipboard list. Save it as ESET log somewhere that you can find .
  • After that click the button "Back"
  • Select and check Uninstall application on close and Delete quarantined files.
  • Then click on: Finish
  • Copy and paste the ESET log back here and tell me how your machine is now.

 


  • 0

#42
polloq
Posted 05 August 2014 - 04:55 PM

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

...got to step 2 of 4 after ticking 'enable' detection of potentially unwanted applications, at initializing, got a : unexpected error 2002

 

Tried again, at step 2 of 4 initializing BOLD red error: Can not get update. Is proxy configured, back tracked, checked proxy config, it wants Proxy address, port, username & password, regardless whether I tick it or not


Edited by polloq, 05 August 2014 - 05:46 PM.

  • 0

#43
emeraldnzl
Posted 05 August 2014 - 05:05 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I don't know what happened there. I took that from my data base and for some reason it's picked up an old, unfinished test run.

 

My apologies for that.

 

I have edited my post to include the correct (hopefully) instructions. Tell me if you have any problems. :)


  • 0

#44
polloq
Posted 06 August 2014 - 08:05 AM

polloq

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts

I could not Delete Quarantined files (option not given), hence a VERY unstable machine now, with core dumps GALORE & an endless loop of reboot..... :(

notepad went bezerk, so i saved (renamed/overwrote) to flash drive *.txt file (my only little victory)

 

C:\FRST\Quarantine\C\Users\koosk\AppData\Local\Temp\239e6e95-3c0e-4cdc-b844-1c1e47719221.exe.xBAD    a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\FRST\Quarantine\C\Users\koosk\AppData\Local\Temp\cloud_backup_setup.exe.xBAD    Win32/MyPCBackup.A potentially unwanted application
C:\FRST\Quarantine\C\Users\koosk\AppData\Local\Temp\speedupmypc.exe.xBAD    Win32/SpeedUpMyPC.A potentially unwanted application
C:\FRST\Quarantine\C\Users\koosk\AppData\Local\Temp\swa1_23.exe.xBAD    a variant of MSIL/Adware.StrongVault.A application
C:\FRST\Quarantine\C\Users\koosk\AppData\Local\Temp\wajam_download.exe.xBAD    Win32/Wajam.B potentially unwanted application
C:\Users\koosk\AppData\Roaming\Apple Computer\MobileSync\Backup\82350d73fb03e50956343323a08d65273d8c7377\a0f6dbc7aeebe0658d1d79fa91cf9cbde24f7dd3    a variant of Win32/ExFriendAlert.B potentially unwanted application
C:\Users\Public\Documents\Server\hlp.dat    Win32/Bamital.EB trojan


Edited by polloq, 06 August 2014 - 08:07 AM.

  • 0

#45
emeraldnzl
Posted 06 August 2014 - 02:52 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

So are you saying that ESET tried to remove FRST quarantine, couldn't, and then your machine went into an endless loop?

 

But it seems you were able to access your computer to get the text file that you have posted.

 

I take it that the FRST quarantine file hasn't been removed... I think it likely that the infection has locked one or more of the files in quarantine.

 

Assuming you are able to access your machine let's do this to remove the FRST quarantine:

 

 

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

After that

 

If you machine is stable please run another FRST scan with the Addition.txt box ticked and post back the two logs generated - FRST.txt and Addition.txt.


  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP