TDSSkiller and combofix do not work on my computer, what next?

[Nigel]

Hi Fiery

Ok, option two on the recycle bin seems to have worked!

I am not sure if I have given what you want with Virus total, but please come back to me. The important thing is that it does not seem to have detected anything.

I also attach the two OTL logs, which mean nothing to me, as usual. However, all of this has been done on the "infected" computer without any obvious interference from any malware.

Back to you.

Nigel

 

[Fiery]

Hi Nigel,

The virustotal result is exactly what I wanted Good to hear that the recycle bin problem has been fixed. Let's remove any leftovers.

Open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMPFC5A2B2

:Files
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[RESETHOSTS]

Then click Run Fix. Post the log afterwards.

------------------
Please download Farbar Service Scanner and run it on the "infected" computer

• Check all the boxes.
• Press Scan.
• It will create a log FSS.txt in the same directory the tool is run.
• Please copy and paste the log to your reply.

------------------
Lastly, download a new copy of RogueKiller and do a scan. Delete anything that it finds. Post that log as well.

 

[Nigel]

The reports are attached. as requested, from what I now have great hopes is a disinfected computer!

Nigel

 

[Fiery]

Everything looks good. How is your computer?

There is a partition that we modified during this process. You can delete it by following the instructions here

The partition/volume you want to delete is: G: which should only be 1016 KB. You will find this volume under Disk 0

lastly, let's make one last scan to double check. Don't be alarmed if the scanner finds infection because they are mostly already quarantined. (You can connect your computer to the internet now)

Run Eset NOD32 Online AntiVirus

Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
  • Scan unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click Scan
• Wait for the scan to finish
• Re-enable your antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

 

[Nigel]

I am not seeing a drive G, but given this system's sometimes random way of changing drive names, I am not that surprised. It is showing an F, which may be the same thing, but I am a little nervous about deleting. Let me think about what I am doing!

The ESET free scan takes me as far as "Yes, I accept the Terms of Use", which I do, and then click start. But it does not offer an option to allow the activex control to install. And the pop up window remains resolutely blank.

What next, please?

 

[Fiery]

Do you know what internet explorer version you are using?

And the F drive is for your USB, according to your logs. If you unplug the USB, is the F drive still there? You can right-click the volume > Properties and it will say how much space the volume has. Is it 1016 KB?

 

[Nigel]

It says I am using IE 9.

"Storage......disc management" shows 4 drives. The first does not have a name. Right clicking it only produces a 'help' prompt, nothing else. Then there is F. Right clicking and selecting properties says there is nothing used. Finally there is OS C, and Recovery D.

 

[Fiery]

If your USB is not plugged in then the F drive should be it. Is your F drive listed in the area of red rectangle in the image below? It should say how much space the F drive should have.

If ESET is not working, have a go with Kaspersky here

You will only have to input your email and download Version 11

Once it opens, click the settings tab on the top right corner, and check all the boxes to scan all the areas of your computer.

After the scan finishes, click the paper-like icon besides the setting button. Then select Automatic Scan Report. Select the scan result, then click save. A log will appear, post it please.

 

[Fiery]

If you haven't tried the Kaspersky Scan again, try the ESET scan again but this time start internet explorer by right-clicking its icon, and select Run as administrator. Follow the same instructions as before and see if it works.

 

[Nigel]

Good morning Fiery

Okay, Kaspersky has worked, although it took an hour to download and 3 hours 35 to run. The report is 89.2 mb in notepad, so I guess that it wont even upload. My limit on here seems to be 50 mb.

However, it found only two viruses, and they already appear to have been quarantined. I attach that report.

I also attach a screenshot of what I am seeing in disc management. Right clicking the unnamed drive only produces a help option, nothing else. Having come so far, I really do not want to do anything which messes things up again.

The computer is working great.

I guess I need to fire Mcafee which failed to stop any of this happening. What do you suggest I replace it with?

Cheers

Nigel

 

[Fiery]

Hi Nigel,

Ok, that is completely your choice so we will skip the deleting partition part Other than that, we are done!

Double click on OTL to run it

• Click on the Cleanup button at the top.
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes
• This will remove itself and other tools we may have used.

This will cleanup most of the tools we used. I suggest keeping MBAM for regular scans.

As for what I recommend, I do not recommend McAfee or AVG as they don't necessarily offer the best protection. I suggest using

• Avira AntiVir Personal
• avast! 7 Home Edition
• Microsoft Security Essentials

along with a good firewall such as Online Armor Free Edition.

You may also consider purchasing Malwarebytes PRO as it can run alongside with any antivirus (Please remember that having 2 or more antivirus is not ideal and will decrease security. However, MBAM PRO is an exception since MBAM is not an "antivirus" per se and it gives you an additional realtime scanner and website blocking features.

Also keep your programs up-to-date to avoid exploits and system vulnerability. Download Update Checker to help keep track which programs need updating. The most important ones to have updated are Adobe products and Java.

Should you require more assistance or opinion in determining which security programs to use, i suggest you start a thread here and our community will guide you to better protect your system from future attacks.

 

[Nigel]

Okay, Fiery. I'll deal with all of that when I get back home. I am away now for a few weeks from the UK winter weather and sending this from my I pad, tethered to a Thai SIM card in an old I phone, in Bangkok.

Thank you very much indeed for all your help with this. You are an absolute STAR.

Happy New Year!

Take care.

Nigel

 

[Fiery]

Your welcome Take care and have a wonderful time in Bangkok!

Happy New Year!