kaspersky rescue not finding threats

C

clydewine

New Member
Thread author
Dec 10, 2013
13
TwinHeadedEagle said:
On your clean PC, download the following file by right-clicking it and select save as

fixlist.txt

and save it onto your flash drive.

Then, boot to REATOGO, plug in your flash drive, open FRST and click fix. Post the generated log.

Attempt to boot normally.
Click to expand...

I have a successful bootup into windows. Here is the fixlog
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-12-2013
Ran by SYSTEM at 2013-12-11 10:54:49 Run:1
Running from G:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
HKLM\...\Run: [ATT-SST_UninstallTracking] - C:\Users\Clyde\AppData\Local\Temp\InstallHelper.exe /uninstalltrackingvendor=ATT-SST <===== ATTENTION
C:\Users\Clyde\AppData\Local\Temp\InstallHelper.exe
HKLM\...\Run: [ErrorWiz] - C:\ErrorWiz\ErrorWiz.exe /scan
C:\ErrorWiz
Startup: C:\Users\Clyde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7tllf4bj.lnk
ShortcutTarget: 7tllf4bj.lnk -> C:\ProgramData\jb4fllt7.dss (Microsoft Corporation)
Startup: C:\Users\Clyde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bodfdwfr.lnk
ShortcutTarget: bodfdwfr.lnk -> C:\ProgramData\rfwdfdob.dss (Microsoft Corporation)
S2 Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [387072 2011-01-28] (Spigot, Inc.)
C:\Program Files\Application Updater
2013-12-05 12:53 - 2013-12-05 12:53 - 00000285 _____ C:\ProgramData\bodfdwfr.reg
2013-12-05 12:52 - 2013-12-11 04:18 - 95025368 ____T C:\ProgramData\bodfdwfr.bxx
2013-12-05 12:52 - 2013-12-11 04:18 - 95025368 ____T C:\ProgramData\7tllf4bj.bxx
2013-12-05 12:52 - 2013-12-11 04:17 - 00000000 _____ C:\ProgramData\bodfdwfr.fvv
2013-12-05 12:52 - 2013-12-11 04:17 - 00000000 _____ C:\ProgramData\7tllf4bj.fvv
2013-12-05 12:52 - 2013-12-05 12:52 - 00206336 _____ (Microsoft Corporation) C:\ProgramData\rfwdfdob.dss
2013-12-05 12:52 - 2013-12-05 12:52 - 00205312 _____ (Microsoft Corporation) C:\ProgramData\jb4fllt7.dss
C:\Users\Clyde\AppData\Local\Temp
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ATT-SST_UninstallTracking => Value deleted successfully.
"C:\Users\Clyde\AppData\Local\Temp\InstallHelper.exe" => File/Directory not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ErrorWiz => Value deleted successfully.
"C:\ErrorWiz" => File/Directory not found.
C:\Users\Clyde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7tllf4bj.lnk => Moved successfully.
C:\ProgramData\jb4fllt7.dss => Moved successfully.
C:\Users\Clyde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bodfdwfr.lnk => Moved successfully.
C:\ProgramData\rfwdfdob.dss => Moved successfully.
Application Updater => Service deleted successfully.
C:\Program Files\Application Updater => Moved successfully.
C:\ProgramData\bodfdwfr.reg => Moved successfully.
C:\ProgramData\bodfdwfr.bxx => Moved successfully.
C:\ProgramData\7tllf4bj.bxx => Moved successfully.
C:\ProgramData\bodfdwfr.fvv => Moved successfully.
C:\ProgramData\7tllf4bj.fvv => Moved successfully.
"C:\ProgramData\rfwdfdob.dss" => File/Directory not found.
"C:\ProgramData\jb4fllt7.dss" => File/Directory not found.
C:\Users\Clyde\AppData\Local\Temp => Moved successfully.
==== End of Fixlog ====
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
I have a successful bootup into windows
Click to expand...

You see that we made it :)

Let's make another check for remnants:

1. Please download ComboFix by sUBs from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guidehttp://www.bleepingcomputer.com/combofix/how-to-use-combofix carefully.
Note: ComboFix must be downloaded to your Desktop.

--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program.
If you are unsure how to do this please read http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.htmlthis or this Instruction.


Note: Do not forget to turn on this option after the cleaning.

--------------------------------------------------------------------
3. Run ComboFix. Click on I Agree!

ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix's window while it is running.
If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart computer once more.

--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.
 
  • Like
Reactions: Jack
C

clydewine

New Member
Thread author
Dec 10, 2013
13
TwinHeadedEagle said:
You see that we made it :)

Let's make another check for remnants:

1. Please download ComboFix by sUBs from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
Note: ComboFix must be downloaded to your Desktop.

--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this or this Instruction.


Note: Do not forget to turn on this option after the cleaning.

--------------------------------------------------------------------
3. Run ComboFix. Click on I Agree!

ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix's window while it is running.
If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart computer once more.

--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.
Click to expand...

I am so happy to get my computer back. You are awesome. My virus software let this thing in. Can you recommend a good program?
Thank you very much ! Can I pay you guys for your service?
 

Attachments

  • ComboFix.txt
    13 KB · Views: 59
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Your PC is now clean :)


My virus software let this thing in. Can you recommend a good program?
Click to expand...

No one antivirus is able to block all threats, simply huge number of threats is on the internet every day, and simply there is no time for antivirus companies to put them all in their database. As I saw you don't have antivirus on your system, so please install it immidiately.

We need to remove used software:


Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore

Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt

> I don't need DelFix log report.



Can I pay you guys for your service?
Click to expand...

My help is always free, but if you wish to make a donation to show your appreciation, then click the button below. Thank you :)

 
  • Like
Reactions: Jack
C

clydewine

New Member
Thread author
Dec 10, 2013
13
TwinHeadedEagle said:
Your PC is now clean :)




No one antivirus is able to block all threats, simply huge number of threats is on the internet every day, and simply there is no time for antivirus companies to put them all in their database. As I saw you don't have antivirus on your system, so please install it immidiately.

We need to remove used software:


Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore

Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt

> I don't need DelFix log report.





My help is always free, but if you wish to make a donation to show your appreciation, then click the button below. Thank you :)

Click to expand...

I'm trying to Donate but paypal says Serbia accounts can not recieve funds. What's up with that?
 

Similar threads

tracker
  • Locked
I am infected with a hijack loader that has never been detected by any antivirus software, and I cannot remove it.
Replies
7
Views
832
Windows Malware Removal Help & Support
nasdaq
nasdaq
R
  • Locked
Unable to remove 'search-great' browser hijacker; I feel like I tried everything - please help
Replies
3
Views
284
Windows Malware Removal Help & Support
Rman
R
gfgtkitkat34
    • Like
    • Wow
    • Sad
Kaspersky detected trojan win 32 generic. Should I full format my pc?
Replies
21
Views
1,171
Kaspersky
gfgtkitkat34
gfgtkitkat34

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top