- Oct 22, 2013
- 29
TwinHeadedEagle said:Hello, my name is THE, and I'll be working with you
Before we start:
- Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
- Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
- Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
- Like everyone, I have a private life, so be patient with me. Sometimes I will respond immediately, sometimes it will take a coupe hours.
- Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
- The absence of symptoms does not mean your PC is fully disinfected.
- If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
- Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.
Because of this, I advise you to backup any personal files and folders before you start.
Please download Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
- Double-click to run it. When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
- The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Download TDSSkiller from here
- Double-Click on TDSSKiller.exe to run the application
- When TDSSkiller opens, click change parameters , check the box next to Loaded modules . A reboot will be required.
- After reboot, TDSSKiller will run again. Click Change parameters again and make sure everything is checked.
- click Start scan .
- If a suspicious object is detected, the default action will be Skip, click on Continue. (If it saids TDL4/TDSS file system, select delete)
- If malicious objects are found, ensure Cure (default) is selected, then click Continue and Reboot now to finish the cleaning process.
Post the log after (usually C:\ folder in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt
TwinHeadedEagle said:FRST didn't full produced the report. Rescan again and attach FRST.txt
Please download GMER, AntiRootkit tool from the link below and save it to your Desktop:
Gmer download link
Note: file will be random named
Double-clicking to run GMER.
- Wait for initial scan to finish - if there is any query, click No;
- Click Scan button and wait until the full scan is complete;
- Click Save ... - save the report to the Desktop (named Gmer );
> Attach here Gmer logreports.
TwinHeadedEagle said:Attach me report from TDSS Killer, no matter than only suspicious files was found...
Download ComboFix from one of the following locations:
COMBOFIX DOWNLOAD LINK #1 (This link will automatically download Combofix on your computer)
COMBOFIX DOWNLOAD LINK #2 (This link will automatically download Combofix on your computer)
----------------------------------------------------------------
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
<ul>
<li>Close any open browsers.</li>
<li>Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
<>Very Important!</> Temporarily <>disable</> your <>anti-virus</>, <>script blocking</> and any <>anti-malware</> real-time protection <em><>before</></em> performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause <em>"unpredictable results"</em>.</li>
<li><>WARNING: Combofix will disconnect your machine from the Internet as soon as it starts</>.Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.</li>
</ul>
-----------------------------------------------------------------
How to run the Combofix scan :
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
- When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Additional notes:
<ol><li> Do not mouse-click Combofix's window while it is running. That may cause it to stall.</li>
<li> Do not "re-run" Combofix. If you have a problem, reply back for further instructions.</li>
<li> If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.</li></ol>
TwinHeadedEagle said:We will have to go around the Windows to make needed scans? Tell me, which version of Windows is this?
TwinHeadedEagle said:Please print these instruction out so that you know what you are doing
- Download OTLPENet.exe to your desktop
- Download Farbar Recovery Scan Tool and save it to a flash drive.
- Ensure that you have a blank CD in the drive
- Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
- Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here- Wait for the CD to detect your hardware and load the operating system
- Your system should now display a Reatogo desktop
Note : as you are running from CD it is not exactly speedy- Insert the USB with FRST
- Locate the flash drive with FRST and double click
- The tool will start to run.
- When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
TwinHeadedEagle said:Hello,
Your PC is infected with Sality file infector. Since deinfection is impossible from running Windows, you have three options:
1. To reinstall your system, and format system partition, making sure not to open other partitons after reinstall, until they are scanned
2. To try to desinfect your PC using Rescue Disk (it is possible, but damage is already done by virus)
3. To detach your HDD and to scan it on the other PC, without opening it...
Tell me which option is the best for you, so we can discuss throughly...