Still cannot remove S.M.A.R.T data rogue trojan!

M

Mertisem

New Member
Thread author
Jul 8, 2012
2
Thank you for allowing me to post in this community and im grateful for those who have the knowledge and know-how of removing awful malware, and for sharing it with the people who dont.

My issue is that after following the SMART DATA HDD ROGUE REMOVAL GUIDE I still cannot remove this extremely annoying virus. As stated in my actions performed to remove, i have exhausted all the programs suggested. According to the guide, it should have been removed, but upon reboot it is still there even after many scans that found no malicious files. I miss my pc and want it back! Any help is most appreciated and assuming i can get this taken care of, I would have no qualms about donating to this awesome site.

As of now im posting from my droid phone, so im not sure of how i can readily attach logs as I have witnessed from many of the other posts on this site.

Please help!

Thanks in advance,
Shawn
 
Jack

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Hi and welcome to the MALWARE TIPS forums!

I'm Jack and I am going to try to assist you with your problem. Please take note of the below:
  • I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Step 1 : Download and run Combofix
 
Download ComboFix from one of the following locations: 
Link 1  
Link 2  
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop  
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here  
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    NSIS_disclaimer_ENG.png


    NSIS_extraction.png

  • When finished, it shall produce a log for you. 
    [*]Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.

<hr />
Step 2 : Download and run OTL
  1. Please download the OTL utility from here : http://oldtimer.geekstogo.com/OTL.exe
  2. Right-click on OTL.exe and select Run as Administrator to start OTL.
  3. Double click on OTL.exe to run it.
  4. Under the Custom Scan box paste this in:

    Code: 
    %SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT
  5. Click the Quick Scan button.The scan wont take long.
  6. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    Please post this 2 logs in your first reply.

<hr />



What's next?
Attach the following logs to your post (You can find here details on how to use the Attachment System):

1.Combofix log
2.OTL logs
3.QUESTION: How is your computer running/behaving?
 
M

Mertisem

New Member
Thread author
Jul 8, 2012
2
Hello jack thank you for initiating the first step of malware removing with me. However, i cannot get combo fix to complete its scan....it opted for me to download and install the windows recovery software, which i did, then it prepared to scan, followed by scanning. It stated it would be less than 10 minutes but could double the time for heavily infected machines. Giving the program the benefit of the doubt...i let it run for 2 hrs and it did nothing (as per your advice i didnt click the mouse button the entire time). I rebooted and attempted to run the program again, which immediately started scanning and hung there for another 40 minutes until i turned it off. I was hoping to get the logs to you tonight but its just not working for me! Thoughts and advice?

Thank you!
 
Jack

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Lets change the tools a little..
1. Run a scan with RogueKiller
<ol>
<li>Please <>download the latest official version of </><>RogueKiller</>.
<a href="http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe" rel="nofollow" target="_blank">RogueKiller Download Link</a> (This link will automatically download RogueKiller on your computer)</li>
<li><>Double click on RogueKiller.exe</> to start this utility and then <>wait for the Prescan to complete</>.This should take only a few seconds and then you can <>click the Start button</> to perform a system scan.
<img title="Click on the Start button to perform a system scan" src="http://malwaretips.com/blogs/wp-content/uploads/2012/04/roguek-1.png" alt="[Image: roguekiller-1.png]" width="600" height="450" border="0" /></li>
<li>After the scan has completed, <>press the Delete button</> to remove any malicious registry keys.
<img title="Press Delete to remove the malicious registry keys" src="http://malwaretips.com/blogs/wp-content/uploads/2012/04/roguek-2.png" alt="[Image: roguekiller-2.png]" width="600" height="450" border="0" /></li>
<li>Next we will need to restore your shortcuts, <>so click on the ShortcutsFix button </>and allow the program to run.
<img title="Click on the Start button to perform a system scan" src="http://malwaretips.com/blogs/wp-content/uploads/2012/04/roguek-3.png" alt="[Image: roguekiller-1.png]" width="600" height="450" border="0" /></li>
</ol>

The report has been created on the desktop.In your next reply please post:

All RKreport.txt text files located on your desktop.


2.Run a scan with Kaspersky TDSSKiller
<>Read carefully and follow these steps.</>
<ol>
<li>Download <><a title="External link" href="http://support.kaspersky.com/downloads/utils/tdsskiller.exe" rel="external">TDSSKiller</a></> and save it to your Desktop.
</li>
<li>Double-click on <>TDSSKiller.exe</> to run the application.
<img src="http://img4.imageshack.us/img4/1907/tdss1.png" alt="Posted Image" /></li>
<li>Click <>Change parameters</>
<img src="http://img593.imageshack.us/img593/288/tdss2.png" alt="Posted Image" /></li>
<li>Check the boxes next to <>Verify Driver Digital Signature</> and <>Detect TDLFS file system</>, then click <>OK</>
<img src="http://img521.imageshack.us/img521/1456/tdss3.png" alt="Posted Image" /></li>
<li>Click on the <>Start Scan</> button to begin the scan and wait for it to finish.
<>NOTE:</> Do not use the computer during the scan!</li>
<li>During the scan it will look similar to the image below:
<img src="http://img6.imageshack.us/img6/9136/tdss4.jpg" alt="Posted Image" /></li>
<li>When it finishes, you will either see a report that no threats were found like below:
<img src="http://img696.imageshack.us/img696/9898/tdss5.jpg" alt="Posted Image" />
If no threats are found at this point, just click the <>Report</> selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.</li>
<li>If any infection or suspected items are found, you will see a window similar to below:
<img src="http://img854.imageshack.us/img854/905/tdss7.jpg" alt="Posted Image" />
<ul>
<li>If you have files that are shown to fail <em>signature check</em> do not take any action on these. Make sure you select <>Skip</>. I will tell you what to do with these later. They may not be issues at all.</li>
<li>If <em>Suspicious objects</em> are detected, the default action will be Skip. Leave the default set to Skip.</li>
<li>If <em>Malicious objects</em> are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
Make sure that <>Cure</> is selected. <>Important!</> - If <em>Cure</em> is not available, please choose <>Skip</> instead. Do not choose Delete unless instructed to do so.</li>
</ul>
</li>
<li>Click <>Continue</> to apply selected actions.</li>
<li>A reboot may be required to complete disinfection. A window like the below will appear:
<img src="http://img828.imageshack.us/img828/4812/tdss6.jpg" alt="Posted Image" />
Reboot immediately if TDSSKiller states that one is needed.</li>
<li>Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like <>TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt</> which is based on the program version # and date and time run.</li>
<li>Attach this log to your next reply.</li>
</ol>


3.NEXT, run a OTL scan (as seen above) and post the logs.

What's next?
Please post in your next reply:

1.RogueKiller logs
2.Kaspersky TDSSKiller log
3. OTL Logs
4. QUESTION: How is your computer running?
 
Last edited:

Similar threads

D
  • Locked
Unable to remove NanoPicoen extension malware
Replies
1
Views
484
Windows Malware Removal Help & Support
nasdaq
nasdaq
R
  • Locked
Unable to remove 'search-great' browser hijacker; I feel like I tried everything - please help
Replies
3
Views
275
Windows Malware Removal Help & Support
Rman
R
D
  • Locked
Need Help Removing Malware Chrome Extension "QuantumNeonious" which is unremovable
Replies
1
Views
384
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top