8 replies to this topic

[hamneggs]

I have been trying without success to disinfect a Windows Vista computer for 4 days. The infection Trojan:win32.generic!BT is detected and cleaned by AdAware. However after restarting the computer it is detected again.

The latest version of AdAware was installed on 5 Aug, confirmed up to date today.

The output files from DDS run in Safe Mode are attached.

I could not run DDS normally without a blue screen occurring (DRIVER_IRQL_NOT_LESS_OR_EQUAL failing on mbr.sys)

Thanks for your help.

Attached Files

•  attach.txt   34.04K   119 downloads
•  dds.txt   12.96K   98 downloads

Edited by hamneggs, 10 August 2012 - 02:43 AM.

[Blade81]

Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingc...to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
  Remember to re-enable them afterwards.
  
  
• Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

[hamneggs]

Thank you for your quick reply.

I ran ComboFix as instructed. It did not complete as described, as there was a blue screen crash after running for around an hour. The message was DRIVER_VERIFIER_DETECTED_VIOLATION and the filing module was PROCEXP113.SYS.

I have attached the file ComboFix.txt located in the root of C:\

DDS still will not run without crashing in Normal mode, I have attached the output files from running in Safe mode.

Attached Files

•  ComboFix.txt   12.92K   90 downloads
•  dds.txt   13.93K   69 downloads
•  attach.txt   34.64K   96 downloads

[Blade81]

Hi again,

DDS still will not run without crashing in Normal mode, I have attached the output files from running in Safe mode.

Yes, on some machines DDS won't run without crashing. Good thing safe mode works.

Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\programdata\Babylon

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (Adobe Reader 10.1 and separate 10.1.1, 10.1.2 & 10.1.3 updates for it) here or get Foxit Reader here. Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Uninstall your current Adobe shockwave player and get the fresh one here if needed.


* Go here to run an online scanner from ESET.

• Note: You will need to use Internet explorer for this scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
• Click Scan
• Wait for the scan to finish.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log. Is the problem still present?

[hamneggs]

CFScript dragged onto CombiFix.exe. Log attached.

Attached Files

•  CombiFixLog.txt   11.63K   83 downloads

[Blade81]

Hi,

Were you able to take other steps listed?

[hamneggs]

While doing the ESET scan a BSOD crash occurred and on restarting, windows found substantial file corruption. I immediately restored the OS and lost all of the results, and am still running scans as something seems unhappy with AntiVirus checks.

[Blade81]

Ok. If you still need help post fresh DDS logs and let me know about remaining problems.

[Blade81]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !