Infected?? Not sure
- Thread starter cloud3213
- Start date
Fiery
Level 1
- Jan 11, 2011
- 2,007
Hi and welcome 
If you reformatted, it's highly unlikely that you still have malware on your PC. Please post the combofix log in your next reply.
Also,
If you reformatted, it's highly unlikely that you still have malware on your PC. Please post the combofix log in your next reply.
Also,
- Download aswmbr.exe from the below link:
aswMBR DOWNLOAD LINK <em>(This link will automatically download aswMBR on your computer)</em> - Double click the aswMBR.exe to run it.
- Click the [Scan] button to start scan
- On completion of the scan click [Save log], save it to your desktop and post in your next reply.
Fiery
Level 1
- Jan 11, 2011
- 2,007
Download Farbar Recovery Scan Tool from the below link:
<ul><li>For 64 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><>Farbar Recovery Scan Tool x64</></a> and save it to a USB/flash drive.</li>
Also download Listparts 64 bit and save it to the USB/flash drive also.
<li>Plug the flashdrive into the infected PC.</li>
<li>Enter <>System Recovery Options</>.</li>
<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>
<li>On the System Recovery Options menu you will get the following options:</span>
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <><span style="color: #ff0000;">e</span>:\frst64</> and press <>Enter</>
<>Note:</><span style="color: #ff0000;"> Replace letter <>e</> with the drive letter of your flash drive.</span></li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Back in the command prompt, type <><span style="color: #ff0000;">e</span>:\listparts64.exe</> and press <>Enter</>
<li>ListParts will start to run. Check the box beside List BCD and click Scan
<li>When finished scanning it will make a log Result.txt on the flash drive
<li>Type exit</li>
<li>Please copy and paste both FRST.txt and Result.txt logs in your next reply</li></li>
</ol>
</ul>
<ul><li>For 64 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><>Farbar Recovery Scan Tool x64</></a> and save it to a USB/flash drive.</li>
Also download Listparts 64 bit and save it to the USB/flash drive also.
<li>Plug the flashdrive into the infected PC.</li>
<li>Enter <>System Recovery Options</>.</li>
<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>
<li>On the System Recovery Options menu you will get the following options:</span>
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <><span style="color: #ff0000;">e</span>:\frst64</> and press <>Enter</>
<>Note:</><span style="color: #ff0000;"> Replace letter <>e</> with the drive letter of your flash drive.</span></li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Back in the command prompt, type <><span style="color: #ff0000;">e</span>:\listparts64.exe</> and press <>Enter</>
<li>ListParts will start to run. Check the box beside List BCD and click Scan
<li>When finished scanning it will make a log Result.txt on the flash drive
<li>Type exit</li>
<li>Please copy and paste both FRST.txt and Result.txt logs in your next reply</li></li>
</ol>
</ul>
Last edited by a moderator:
- Mar 12, 2013
- 16
Heres the thing...originially my laptop running Win 8 pro was infected and I'm not really sure if the infection is saved in the skydrive. Because from a fresh install Online armor informed me of a keylogger. Should I just log in locally instead of my Microsoft account? Thats where I think this is coming from and has been driving me crazy. Thank you for helping me!
Fiery
Level 1
- Jan 11, 2011
- 2,007
You may have to enable hidden files and folders. Go to Start > Computer > organize > Folder and search options > View > select show hidden files and folders > Click Ok.
Upload a File to Virustotal
Please visit Virustotal.com
Do the same for the following as well:
C:\Users\Jared\Downloads\D.exe
Upload a File to Virustotal
Please visit Virustotal.com
- Click the Choose file... button
- Navigate to the file C:\Users\Jared\Downloads\7fu551kf.exe
- Click the Open button
- Click the Scan It button
- Copy and paste the results back here.
Do the same for the following as well:
C:\Users\Jared\Downloads\D.exe
Fiery
Level 1
- Jan 11, 2011
- 2,007
Nothing is really jumping out..
Download Malwarebytes Anti-Rootkit from here to your Desktop
Download Malwarebytes Anti-Rootkit from here to your Desktop
- Unzip the contents to a folder on your Desktop.
- Open the folder where the contents were unzipped and run mbar.exe
- Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
- Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
- After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
- When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)
- Mar 12, 2013
- 16
Hey I really appreciate you taking time to help me out with this but I found a much easier solution. Since ZeroAccess or Blackhole returned after a format and reinstall, I just downloaded Hiren's 15.1 and booted into Linux and formatted my HD there. Even got rid of the locked X:/ where it was hiding. Hopefully this post can help other people desperate for a solution. Thanks again!
Similar threads
-
- Locked
