I have a second HDD that has my original install but it's not enabled. The logs are from safe mode with networking, the computer lock up and reboots before either scan completes.
blacole virus or the like
- Thread starter phreaknes
- Start date
Fiery
Level 1
- Jan 11, 2011
- 2,007
Hi and welcome to MalwareTips! 
I'm Fiery and I would gladly assist you in removing the malware on your computer.
Before we start:
<hr>
I see you have ran combofix, can you post that log?
Open OTL. Under custom scan/fixes, copy and paste the following:
Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.
I'm Fiery and I would gladly assist you in removing the malware on your computer.
Before we start:
- Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
- Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
- Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
- Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
- The absence of symptoms does not mean your PC is fully disinfected.
- If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
- Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.
<hr>
I see you have ran combofix, can you post that log?
Open OTL. Under custom scan/fixes, copy and paste the following:
Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.
All processes killed
========== OTL ==========
C:\Users\Phreak\AppData\Local\Temp20.html moved successfully.
C:\Users\Phreak\AppData\Local\Temp1.html moved successfully.
ADS C:\ProgramData\TEMP:4FC01C57 deleted successfully.
File PTYTEMP] not found.
File SETHOSTS] not found.
OTL by OldTimer - Version 3.2.69.0 log created on 03232013_180856
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
========== OTL ==========
C:\Users\Phreak\AppData\Local\Temp20.html moved successfully.
C:\Users\Phreak\AppData\Local\Temp1.html moved successfully.
ADS C:\ProgramData\TEMP:4FC01C57 deleted successfully.
File PTYTEMP] not found.
File SETHOSTS] not found.
OTL by OldTimer - Version 3.2.69.0 log created on 03232013_180856
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Fiery
Level 1
- Jan 11, 2011
- 2,007
Hi,
You did not copy the OTL script probably.
Open OTL. Under custom scan/fixes, copy and paste the following:
Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.
Then download Farbar Recovery Scan Tool from the below link:
<ul><li>For 64 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><>Farbar Recovery Scan Tool x64</></a> and save it to a USB/flash drive.</li>
Also download Listparts 64 bit and save it to the USB/flash drive also.
<li>Plug the flashdrive into the infected PC.</li>
<li>Enter <>System Recovery Options</>.</li>
<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>
<li>On the System Recovery Options menu you will get the following options:</span>
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <><span style="color: #ff0000;">e</span>:\frst64</> and press <>Enter</>
<>Note:</><span style="color: #ff0000;"> Replace letter <>e</> with the drive letter of your flash drive.</span></li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Back in the command prompt, type <><span style="color: #ff0000;">e</span>:\listparts64.exe</> and press <>Enter</>
<li>ListParts will start to run. Check the box beside List BCD and click Scan
<li>When finished scanning it will make a log Result.txt on the flash drive
<li>Type exit</li>
<li>Please copy and paste both FRST.txt and Result.txt logs in your next reply</li></li>
</ol>
</ul>
You did not copy the OTL script probably.
Open OTL. Under custom scan/fixes, copy and paste the following:
Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.
Then download Farbar Recovery Scan Tool from the below link:
<ul><li>For 64 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><>Farbar Recovery Scan Tool x64</></a> and save it to a USB/flash drive.</li>
Also download Listparts 64 bit and save it to the USB/flash drive also.
<li>Plug the flashdrive into the infected PC.</li>
<li>Enter <>System Recovery Options</>.</li>
<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>
<li>On the System Recovery Options menu you will get the following options:</span>
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <><span style="color: #ff0000;">e</span>:\frst64</> and press <>Enter</>
<>Note:</><span style="color: #ff0000;"> Replace letter <>e</> with the drive letter of your flash drive.</span></li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Back in the command prompt, type <><span style="color: #ff0000;">e</span>:\listparts64.exe</> and press <>Enter</>
<li>ListParts will start to run. Check the box beside List BCD and click Scan
<li>When finished scanning it will make a log Result.txt on the flash drive
<li>Type exit</li>
<li>Please copy and paste both FRST.txt and Result.txt logs in your next reply</li></li>
</ol>
</ul>
Last edited by a moderator:
Fiery
Level 1
- Jan 11, 2011
- 2,007
Upload a File to Virustotal
Please visit Virustotal.com
Please visit Virustotal.com
- Click the Choose file... button
- Navigate to the file C:\Windows\system32\drivers\ckrusbls.sys
- Click the Open button
- Click the Scan It button
- Copy and paste the results back here.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2013
Ran by SYSTEM at 2013-03-23 23:54:02 Run:2
Running from G:\
==============================================
c:\windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP not found.
03874148 service deleted successfully.
20509947 service deleted successfully.
22133398 service deleted successfully.
==== End of Fixlog ====
Ran by SYSTEM at 2013-03-23 23:54:02 Run:2
Running from G:\
==============================================
c:\windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP not found.
03874148 service deleted successfully.
20509947 service deleted successfully.
22133398 service deleted successfully.
==== End of Fixlog ====
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2013
Ran by SYSTEM at 2013-03-24 00:21:30 Run:3
Running from G:\
==============================================
C:\sh4ldr moved successfully.
==== End of Fixlog ====
Ran by SYSTEM at 2013-03-24 00:21:30 Run:3
Running from G:\
==============================================
C:\sh4ldr moved successfully.
==== End of Fixlog ====
It boot's and this time stayed in normal mode a little longer than the last few times I was there. but Still blue screens, then bootldr.
Fiery
Level 1
- Jan 11, 2011
- 2,007
Download and Run Windows Repair (all in one)
Download Windows Repair (all in one)
Download Windows Repair (all in one)
- Install the program then run it.
- Go to step 2 and allow it to run Disc check by clicking Do It
- Go to step 3 and allow it to run SFC
- Go to start repairs tab and click start.
- Allow the program to create a system restore and backup registries when prompted.
- Check the box next to "Restart/Shutdown system when finished" and ensure all the boxes are checked along with the
default checks - Then click Start.
Similar threads
-
- Locked
