Solve : Virus help please?

1.	Solve : Virus help please?
Answer» QUOTE from: gracette17 on August 28, 2012, 07:37:54 PM I just tried it again and it turned back on. I chose to open in safe mode... should I run aswMBR? Boot in Normal mode if you can and run that scan.aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-08-29 08:27:28 ----------------------------- 08:27:28.158 OS Version: Windows x64 6.1.7601 Service Pack 1 08:27:28.158 Number of processors: 2 586 0x602 08:27:28.158 ComputerName: JESSICA-PC UserName: Jessica 08:27:29.952 Initialize success 08:27:39.140 AVAST engine defs: 12082800 08:28:58.373 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 08:28:58.373 Disk 0 Vendor: WDC_WD3200BEKT-60V5T1 12.01A12 Size: 305245MB BusType: 11 08:28:58.388 Device \Driver\atapi -> MajorFunction fffffa80047855e8 08:28:58.404 Disk 0 MBR read successfully 08:28:58.404 Disk 0 MBR scan 08:28:58.404 Disk 0 Windows 7 default MBR code 08:28:58.419 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048 08:28:58.435 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 289291 MB offset 409600 08:28:58.451 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15650 MB offset 592877568 08:28:58.529 Disk 0 scanning C:\Windows\system32\drivers 08:29:15.579 Service scanning 08:29:24.409 Service MpKsla7657f45 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A3E08EE5-A537-4FD2-B389-B7BC6D041EC5}\MpKsla7657f45.sys LOCKED 32 08:29:42.177 Modules scanning 08:29:42.692 Disk 0 trace - called modules: 08:29:42.692 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 08:29:42.692 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004332790] 08:29:42.708 3 CLASSPNP.SYS[fffff8800195643f] -> nt!IofCallDriver -> [0xfffffa8004331520] 08:29:42.708 5 hpdskflt.sys[fffff880018fd289] -> nt!IofCallDriver -> [0xfffffa8003dbc790] 08:29:42.723 7 ACPI.sys[fffff88000e0d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80042af060] 08:29:42.723 \Driver\atapi[0xfffffa800476cdf0] -> IRP_MJ_CREATE -> 0xfffffa80047855e8 08:29:44.096 AVAST engine scan C:\Windows 08:29:55.531 AVAST engine scan C:\Windows\system32 08:34:13.560 AVAST engine scan C:\Windows\system32\drivers 08:34:26.801 AVAST engine scan C:\Users\Jessica 08:38:30.757 AVAST engine scan C:\ProgramData 08:39:58.146 Scan finished successfully 08:40:16.180 Disk 0 MBR has been saved successfully to "C:\Users\Jessica\Desktop\MBR.dat" 08:40:16.195 The log file has been saved successfully to "C:\Users\Jessica\Desktop\aswMBR.after scan.txt" 08:40:25.030 Verifying 08:40:35.061 Disk 0 Windows 601 MBR fixed successfully 08:40:50.271 Disk 0 MBR has been saved successfully to "C:\Users\Jessica\Desktop\MBR.dat" 08:40:50.287 The log file has been saved successfully to "C:\Users\Jessica\Desktop\aswMBR. after fix.txt" I'd like to scan your machine with ESET OnlineScan •Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan •Click the button. •For alternate BROWSERS only: (Microsoft Internet Explorer users can skip these steps) Click on to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. •Check •Click the button. •Accept any security warnings from your browser. •Check •Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt I did this and it said it found "no threats" I can't find the log anywhere, even where you SPECIFIED. Quote from: gracette17 on August 30, 2012, 03:01:50 PM I did this and it said it found "no threats" I can't find the log anywhere, even where you specified. That's ok. How's your computer running now? Any other issues?It still says Microsoft essentials cannot protect my computer because of a threat. It says it called "Tojan:DOS/Alureon.a" Re-run MBAM: Code: Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.. ****************************************** Download TDSSKiller and save it to your Desktop. Extract its contents to your desktop. Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan. If an infected file is detected, the default action will be Cure, click on Continue. If a suspicious file is detected, the default action will be Skip, click on Continue. It MAY ask you to reboot the computer to complete the process. Click on Reboot Now. Click the Report** button and copy/paste the contents of it into your next reply Note:It will also create a log in the C:\* directory.. ******************************************************* Download RogueKiller on the desktop Close all the running programs Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator Otherwise just double-click on RogueKiller.exe Pre-scan will start. Let it finish. Click on SCAN button. A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop) If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com)** and try again

Answer» QUOTE from: gracette17 on August 28, 2012, 07:37:54 PM

I just tried it again and it turned back on. I chose to open in safe mode... should I run aswMBR?

Boot in Normal mode if you can and run that scan.aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-29 08:27:28
-----------------------------
08:27:28.158 OS Version: Windows x64 6.1.7601 Service Pack 1
08:27:28.158 Number of processors: 2 586 0x602
08:27:28.158 ComputerName: JESSICA-PC UserName: Jessica
08:27:29.952 Initialize success
08:27:39.140 AVAST engine defs: 12082800
08:28:58.373 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
08:28:58.373 Disk 0 Vendor: WDC_WD3200BEKT-60V5T1 12.01A12 Size: 305245MB BusType: 11
08:28:58.388 Device \Driver\atapi -> MajorFunction fffffa80047855e8
08:28:58.404 Disk 0 MBR read successfully
08:28:58.404 Disk 0 MBR scan
08:28:58.404 Disk 0 Windows 7 default MBR code
08:28:58.419 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
08:28:58.435 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 289291 MB offset 409600
08:28:58.451 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15650 MB offset 592877568
08:28:58.529 Disk 0 scanning C:\Windows\system32\drivers
08:29:15.579 Service scanning
08:29:24.409 Service MpKsla7657f45 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A3E08EE5-A537-4FD2-B389-B7BC6D041EC5}\MpKsla7657f45.sys **LOCKED** 32
08:29:42.177 Modules scanning
08:29:42.692 Disk 0 trace - called modules:
08:29:42.692 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
08:29:42.692 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004332790]
08:29:42.708 3 CLASSPNP.SYS[fffff8800195643f] -> nt!IofCallDriver -> [0xfffffa8004331520]
08:29:42.708 5 hpdskflt.sys[fffff880018fd289] -> nt!IofCallDriver -> [0xfffffa8003dbc790]
08:29:42.723 7 ACPI.sys[fffff88000e0d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80042af060]
08:29:42.723 \Driver\atapi[0xfffffa800476cdf0] -> IRP_MJ_CREATE -> 0xfffffa80047855e8
08:29:44.096 AVAST engine scan C:\Windows
08:29:55.531 AVAST engine scan C:\Windows\system32
08:34:13.560 AVAST engine scan C:\Windows\system32\drivers
08:34:26.801 AVAST engine scan C:\Users\Jessica
08:38:30.757 AVAST engine scan C:\ProgramData
08:39:58.146 Scan finished successfully
08:40:16.180 Disk 0 MBR has been saved successfully to "C:\Users\Jessica\Desktop\MBR.dat"
08:40:16.195 The log file has been saved successfully to "C:\Users\Jessica\Desktop\aswMBR.after scan.txt"
08:40:25.030 Verifying
08:40:35.061 Disk 0 Windows 601 MBR fixed successfully
08:40:50.271 Disk 0 MBR has been saved successfully to "C:\Users\Jessica\Desktop\MBR.dat"
08:40:50.287 The log file has been saved successfully to "C:\Users\Jessica\Desktop\aswMBR. after fix.txt"

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate BROWSERS only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
I did this and it said it found "no threats" I can't find the log anywhere, even where you SPECIFIED. Quote from: gracette17 on August 30, 2012, 03:01:50 PM

I did this and it said it found "no threats" I can't find the log anywhere, even where you specified.

That's ok. How's your computer running now? Any other issues?It still says Microsoft essentials cannot protect my computer because of a threat. It says it called "Tojan:DOS/Alureon.a" Re-run MBAM:

Code:
Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply..

********************************************

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It MAY ask you to reboot the computer to complete the process. Click on Reboot Now.
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory..
**********************************************************

Download RogueKiller on the desktop
Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Solve : Virus help please?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment