Windows probably installed whith malware

A

aktiffisus

New Member
Thread author
Apr 6, 2014
14
Guys sorry for the long post many things too long to explain and maybe not are important to solve the cuestion please forgot my another questions and requests and help me whith that

1.- I format my disk accdidentally whith disk part comand
2.- I try to recover os but i can not and search software to recover partitions. I found active boot cd but when i try to create a bootable media to recover my partitions on my uncle computer whith bullguard internet security installed i recive a virus popup
3.- Because i still very bussy and have to recover my os i create recovery media in that probably infected computer (uncles computer)
4.- I install windows and all work normally i install webroot again i perform a deep scan and dont find threats but i am worried about if windows install whith virus and that installation was infected (windows and virus installed at same time)
5.- I do a research in bullguard i can find the file suspected infected file on my uncles computer its inside in active boot iso and send to virus total and upload to send space.
6.- I scan in this computer (Restored whith probably infected windows bootable media) the windows iso and the windows bootable media and dont find viruses.
7.-Its posible windows was installed whith virus? Webroot can remove it? What about the hidden partition who windows create how can i scan it? How can i be sure i dont have virus preinstaled whith windows and have peace on mind?

here are the virus total report and the infected file who i upload to send space i know i can submit foranalisis from my computer but i dont want that virus or file on my computer and can no upload by here because that i upload to this site

The file are called infected and password are : infected


I will perform a full scan today and another full scan in safe mode in two days whith webroot but please tell me what to do to be surre that windows installation not are infected

Virus total link
https://www.virustotal.com/es/file/...23ed2b6f8db36fde3c8d538b/analysis/1399180864/



Because i use that active boot cd to recover my partitions i add list bcd n frst 64 report
PS The sendspace file was on my uncle computer and i dont want it on my machine because that i upload here and put that password if i do something bad tell me
 

Attachments

  • FRST.txt
    140 KB · Views: 133
  • Addition.txt
    32.4 KB · Views: 226
  • aswMBR.txt
    1.6 KB · Views: 88
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hi,

PC appears clean, but let's make another scan.


Please download Malwarebytes AntiRootkit (MBAR) and save it to your desktop.
For full instructions how MBAR works, read this article

> Doubleclick on the MBAR file
mbar.png
and allow it to run.
• Click OK on the next screen, to allow the package to extract the contents of the file to its own folder named mbar.
mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
• After reading the Introduction, click Next if you agree.

• On the Update Database screen, click on the Update button. Once you see 'Success: Database was successfully updated' click on Next
• Under Scan Targets ensure all boxes are ticked. Then click the Scan button.

Notice: with some infections, you may see two messages boxes:
- 'Could not load protection driver'. Click 'OK'.
- 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

>> If malware is not detected, click the Exit button to close the program and post the mbar-log-year-month-day.txt and system-log.txt reports.

>> If an infection/s are found ensure Create Restore Point are ticked. Then select the "Cleanup! button to remove threats.
• The clean up procedure will be scheduled for process, pop-up will be shown.
Select the Yes button and the system should re-boot to complete the cleaning process.

>> Notice: only if an RootKit are detected, ensure to run fixdamage.exe tool located in mbar folder, \Plugins\fixdamage.exe
- Run fixdamage.exe, at the black window to continue type Y (alias for Yes). Wait few seconds for execution ...
- When you see "press any key to exit" fix is completed, press any key to close the window. Reboot the system.

> The following reports will be created in mbar folder:
1. mbar-log-year-month-day (hour-minute-second).txt
2. system-log.txt

Please post both logs in your next reply.
 
Last edited:

Similar threads

I
  • Locked
Removing Zeus by resetting Windows
Replies
6
Views
485
Windows Malware Removal Help & Support
nasdaq
nasdaq
A
  • Question
Question What happen when windows 10 support end
Replies
2
Views
564
Windows 10
Azazel
A
xonaxa
  • Locked
Help
Replies
8
Views
507
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top