12 replies to this topic

[tckqbq]

Here are the reports.

Also, received error report that C:\$mft is corrupt

Attached Files

•  a2scan_120212-201013.txt   46.32K   106 downloads
•  a2scan_120212-113509.txt   1.08K   123 downloads
•  Extras.Txt   63.67K   125 downloads
•  OTL.Txt   139.48K   107 downloads

[GT500]

Please download ComboFix from one of the following links, and follow the instructions below to run it. Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop

Link 1
Link 2

* IMPORTANT !!! Save Combo-Fix to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  See HERE for help
• Double click on ComboFix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, ComboFix will produce a log.

Note:
1. Do not mouseclick combofix's window while it's running. That may cause it to stall!
2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

• ComboFix (C:\combofix.txt)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

[tckqbq]

ComboFixtook hours to run, and there were numerous error messages, including that the system could not find the file NIRKMD,and numerous files were corrupt and unreadable.

It finally came to the window stating that a report was being prepared,but then it froze and no report was created.

[GT500]

Did you turn off your anti-virus software before running ComboFix? Most anti-virus software will prevent ComboFix from running properly.

Since ComboFix had issues, go ahead and follow the instructions at this link for running TDSSKiller, and remove anything it finds. Let me know if it detected anything.

[tckqbq]

Anti-virus was turned off, however I believe McAfee may have come back on after ComboFix rebooted the system. Should I run it again?

I did get a message that rootkit.ZeroAccess had inserted itself into the tcp/ip stack, and also that rootkit was detected.

I will run TDSSKiller.

[GT500]

Run TDSSKiller first. We can run ComboFix after it is done. ZeroAccess could be the reason why ComboFix couldn't finish.

[tckqbq]

TDSSKiller found IPSec: virus.Winn32.ZAccess.c

[GT500]

OK, go ahead and disable McAfee, and then try running ComboFix again.

[tckqbq]

As I received numerous messages that I needed to run chkdsk, I ran chkdsk. The disk was cleaned up, and now it won't boot past the message that says the disk is clean.

[GT500]

Was it able to boot before running a chkdsk?

Do you have a Windows XP CD (or at least an ISO image of a Windows XP CD)? You should be able to recover your computer with a UBCD4Win disk, but you need a Windows XP disk (or possibly a Windows 2003 disk) in order to build a UBCD4Win disk.

[tckqbq]

It was able to boot before running chkdsk.

I do have a XP CD

[GT500]

OK, here is a link to instructions on how to build a UBCD4Win disk. Note that you will need a blank CD and a CD burner so that you can burn the ISO image to a disk. Let me know if you need any help with that part.

Once you have created a UBCD4Win disk, you will need to start your computer up off of it. When you first turn your computer on, there should be a button on your keyboard that you can press to open what is usually called the "Boot Menu". Your computer will tell you what button to press. Most will say it in one of the corners of the screen, and Toshibas will have it below the Tohiba logo in the middle. Once you get the Boot Menu open, select your CD or DVD drive, make sure the UBCD4Win disk is in the drive, and press Enter on your keyboard.

Before starting up, you will be presented with a menu of options. Make sure that Launch "The Ultimate Boot CD For Windows" is selected (it should be highlighted in black) and then press Enter. If you don't do anything, then it should start automatically after 20 or 30 seconds.

It make take several minutes to start up, since it is essentially loading a Windows environment off of a CD. Once it is done, you will see a Windows XP desktop (if you see any options as it is starting up, then you can ignore them, and it will continue loading after a few seconds).

Once the desktop starts to load, it will ask you if you want to start network support. You can tell it No unless you want to pull up the instructions on the Internet, or unless you feel you will need Internet access at any point during the process.

There is an icon on the desktop for EZPCFix, however when I click on it I get an error message, so I assume that it won't work for you either (it probably needed a plugin to be enabled in order to work properly).

Go ahead and click on the Start button, go to Programs, go to Disk Tools, go to Diagnostic, and go to Check Disk. In the window that pops up, type in the letter of the drive you want to scan, such as C: and then press Enter on your keyboard. You can answer n for 'no' to the question about scanning for bad sectors. Make sure you answer y for 'yes' to the question about fixing errors. And then confirm y for 'yes' if you entered everything correctly. It will begin a check of your hard drive, and fix anything that is wrong with the filesystem.

If that does not work, then please let me know, and we can go from there.

[ShadowPuterDude]

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude, or GT500 to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.