Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
COM Surrogate, powershell
Message
<blockquote data-quote="Wanderer" data-source="post: 286832" data-attributes="member: 29729"><p>Thanks for the reply!</p><p></p><p>I manually changed my IE security settings so I could download the software. By the way, I double checked my OS and instead of Vista I have Windows 7 64 bit. Hope that doesn't change your recommendations.</p><p></p><p>Below I've pasted a file from TDSSKiller, which looks like it may just document the installation. It also created another text file whose contents are too big to paste here, so I've attached it. I'm also attaching the two FRST files.</p><p></p><p>18:04:40.0564 0x0c48 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58</p><p>18:04:50.0326 0x0c48 ============================================================</p><p>18:04:50.0326 0x0c48 Current date / time: 2014/10/28 18:04:50.0326</p><p>18:04:50.0326 0x0c48 SystemInfo:</p><p>18:04:50.0326 0x0c48 </p><p>18:04:50.0326 0x0c48 OS Version: 6.1.7601 ServicePack: 1.0</p><p>18:04:50.0326 0x0c48 Product type: Workstation</p><p>18:04:50.0326 0x0c48 ComputerName: JASON-HP</p><p>18:04:50.0326 0x0c48 UserName: Jason</p><p>18:04:50.0326 0x0c48 Windows directory: C:\Windows</p><p>18:04:50.0326 0x0c48 System windows directory: C:\Windows</p><p>18:04:50.0326 0x0c48 Running under WOW64</p><p>18:04:50.0326 0x0c48 Processor architecture: Intel x64</p><p>18:04:50.0326 0x0c48 Number of processors: 4</p><p>18:04:50.0326 0x0c48 Page size: 0x1000</p><p>18:04:50.0326 0x0c48 Boot type: Normal boot</p><p>18:04:50.0326 0x0c48 ============================================================</p><p>18:04:50.0386 0x0c48 KLMD registered as C:\Windows\system32\drivers\79712640.sys</p><p>18:04:50.0486 0x0c48 System UUID: {0FC84968-61B5-3CDB-BD1F-942236DBA97F}</p><p>18:04:51.0096 0x0c48 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040</p><p>18:04:51.0106 0x0c48 ============================================================</p><p>18:04:51.0106 0x0c48 \Device\Harddisk0\DR0:</p><p>18:04:51.0106 0x0c48 MBR partitions:</p><p>18:04:51.0106 0x0c48 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800</p><p>18:04:51.0106 0x0c48 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0xC1A2000</p><p>18:04:51.0106 0x0c48 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC206000, BlocksNum 0x2443000</p><p>18:04:51.0106 0x0c48 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xB, StartLBA 0xE649800, BlocksNum 0x32800</p><p>18:04:51.0106 0x0c48 ============================================================</p><p>18:04:51.0106 0x0c48 C: <-> \Device\Harddisk0\DR0\Partition2</p><p>18:04:51.0106 0x0c48 D: <-> \Device\Harddisk0\DR0\Partition3</p><p>18:04:51.0106 0x0c48 ============================================================</p><p>18:04:51.0106 0x0c48 Initialize success</p><p>18:04:51.0106 0x0c48 ============================================================</p><p>18:05:37.0990 0x2b94 KLMD registered as C:\Windows\system32\drivers\82149664.sys</p><p>18:05:38.0540 0x2b94 Deinitialize success</p></blockquote><p></p>
[QUOTE="Wanderer, post: 286832, member: 29729"] Thanks for the reply! I manually changed my IE security settings so I could download the software. By the way, I double checked my OS and instead of Vista I have Windows 7 64 bit. Hope that doesn't change your recommendations. Below I've pasted a file from TDSSKiller, which looks like it may just document the installation. It also created another text file whose contents are too big to paste here, so I've attached it. I'm also attaching the two FRST files. 18:04:40.0564 0x0c48 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58 18:04:50.0326 0x0c48 ============================================================ 18:04:50.0326 0x0c48 Current date / time: 2014/10/28 18:04:50.0326 18:04:50.0326 0x0c48 SystemInfo: 18:04:50.0326 0x0c48 18:04:50.0326 0x0c48 OS Version: 6.1.7601 ServicePack: 1.0 18:04:50.0326 0x0c48 Product type: Workstation 18:04:50.0326 0x0c48 ComputerName: JASON-HP 18:04:50.0326 0x0c48 UserName: Jason 18:04:50.0326 0x0c48 Windows directory: C:\Windows 18:04:50.0326 0x0c48 System windows directory: C:\Windows 18:04:50.0326 0x0c48 Running under WOW64 18:04:50.0326 0x0c48 Processor architecture: Intel x64 18:04:50.0326 0x0c48 Number of processors: 4 18:04:50.0326 0x0c48 Page size: 0x1000 18:04:50.0326 0x0c48 Boot type: Normal boot 18:04:50.0326 0x0c48 ============================================================ 18:04:50.0386 0x0c48 KLMD registered as C:\Windows\system32\drivers\79712640.sys 18:04:50.0486 0x0c48 System UUID: {0FC84968-61B5-3CDB-BD1F-942236DBA97F} 18:04:51.0096 0x0c48 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:04:51.0106 0x0c48 ============================================================ 18:04:51.0106 0x0c48 \Device\Harddisk0\DR0: 18:04:51.0106 0x0c48 MBR partitions: 18:04:51.0106 0x0c48 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800 18:04:51.0106 0x0c48 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0xC1A2000 18:04:51.0106 0x0c48 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC206000, BlocksNum 0x2443000 18:04:51.0106 0x0c48 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xB, StartLBA 0xE649800, BlocksNum 0x32800 18:04:51.0106 0x0c48 ============================================================ 18:04:51.0106 0x0c48 C: <-> \Device\Harddisk0\DR0\Partition2 18:04:51.0106 0x0c48 D: <-> \Device\Harddisk0\DR0\Partition3 18:04:51.0106 0x0c48 ============================================================ 18:04:51.0106 0x0c48 Initialize success 18:04:51.0106 0x0c48 ============================================================ 18:05:37.0990 0x2b94 KLMD registered as C:\Windows\system32\drivers\82149664.sys 18:05:38.0540 0x2b94 Deinitialize success [/QUOTE]
Insert quotes…
Verification
Post reply
Top