Malware Removal Attempted: Kaspersky Database Update Failure - "Databases Corrupted"

[rdgizmo]

I am not sure what the current issue is, but I am thinking there is still some remnants of the FBI ransomware. I would like to use your expertise to help solve/resolve this problem.

There are no logs attached as I canot even boot up.

 

[TwinHeadedEagle]

Hi, what is the version of your system?

 

[rdgizmo]

Hi,

Thanks for getting back to me.

Since I cannot boot the machine at the moment... I cannot give the precise answer. Simple answer is Windows 7 Ultimate, with all updates up to 10/24/13.

Hope that is enough info.

 

[rdgizmo]

RE: Removal Attempted: Kaspersky Database Update Failure - "Databases Corrupted"

Hi,

Thanks for getting back to me.

Since I cannot boot the machine at the moment... I cannot give the precise answer. Simple answer is Windows 7 Ultimate, with all updates up to 10/24/13.

Hope that is enough info.

 

[TwinHeadedEagle]

RE: Malware Removal Attempted: Kaspersky Database Update Failure

Download Farbar Recovery Scan Tool from the below link:
<ul><li>For 32 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST.exe" rel="nofollow external"><>Farbar Recovery Scan Tool</></a> and save it to a USB/flash drive.</li>

<li>Plug the flashdrive into the infected PC.</li>

<li>Enter <>System Recovery Options</>.</li>

<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>

<li>On the System Recovery Options menu you will get the following options:</span>
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <><span style="color: #ff0000;">e</span>:\frst64</> and press <>Enter</>
<>Note:</><span style="color: #ff0000;"> Replace letter <>e</> with the drive letter of your flash drive.</span></li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Type exit</li>
<li>Please copy and paste FRST.txt in your next reply</li></li>
</ol>
</ul>

 

[rdgizmo]

RE: Malware Removal Attempted: Kaspersky Database Update Failure

Upon Restart, Computer will not respond to the F8 command. I tried using the KRD10, as well as HitMan Pro Kickstart to try booting to get F8 to respond, but neither approach gets me to the Recovery Options, and then to a Command Prompt.

I tried the Terminal Mode on the KRD10 to see if it functions as a command prompt, but that didn't seem to work either.

If I try booting from the Hard Drive itself, it shows that my RAID drives are "Offline Members" and that there is no RAID volume. It does give me the option to create one though, but that is way beyond me...

Until I can get to the Recovery Options and the Command prompt, I am dead in the water, and cannot run the Farbar tool.

Ideas for the next steps?

 

[TwinHeadedEagle]

Please print these instruction out so that you know what you are doing

• Download OTLPENet.exe to your desktop
• Download Farbar Recovery Scan Tool and save it to a flash drive.
  
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
• Reboot your system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
• Wait for the CD to detect your hardware and load the operating system
• Your system should now display a Reatogo desktop
  Note : as you are running from CD it is not exactly speedy
• Insert the USB with FRST
• Locate the flash drive with FRST and double click
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

[rdgizmo]

Attached is the FRST.txt file ... It does not look good. Basically, it could not scan because it "could not load hive", "hive is missing".

Once again, back to you for ideas and next steps.

Thank you so much for working with me.

 

[TwinHeadedEagle]

Yes, it doesn't look god, your system is literally destroyed, the most important system files are missing...

Reinstall is only option...

 

[rdgizmo]

RE: Malware Removal Attempted: Kaspersky Database Update Failure

Will I need to fully reformat the drives, or just re-install Windows 7?

 

[TwinHeadedEagle]

Full reformat is better, it will wipe any malware if present...

 

[rdgizmo]

RE: Malware Removal Attempted: Kaspersky Database Update Failure

Final Update for Closure. Spoke to my local IT guy.... Somehow, RAID system "lost its mind". RAID Volume dissappeared, and can oly be administered from within Windows.

He removed drives, and placed them into another Windows machine, reset the RAID Volume , and now all is well. Took about an hour and a half. No need to reformat drives or re-instal all my software, etc.

Thanks for your knowledgeable assistance and troubleshooting.