duncan Posted October 20, 2011 Report Share Posted October 20, 2011 \\.\PhysicalDrive0 - Rootkits can't be removed automatically. Please consult the experts in the Emsisoft online forum for help with manual removal of this Malware: http://support.emsisoft.com Link to comment Share on other sites More sharing options...
stapp Posted October 20, 2011 Report Share Posted October 20, 2011 Please follow the instructions here and post the requested logs so that someone can help you http://support.emsisoft.com/forum-6/announcement-2-start-here-if-you-dont-we-are-just-going-to-send-you-back-to-this-thread/ Link to comment Share on other sites More sharing options...
duncan Posted October 21, 2011 Author Report Share Posted October 21, 2011 how do i attach the logs to this page? Link to comment Share on other sites More sharing options...
stapp Posted October 21, 2011 Report Share Posted October 21, 2011 Press the 'more reply options' button when replying. Link to comment Share on other sites More sharing options...
duncan Posted October 21, 2011 Author Report Share Posted October 21, 2011 here are the logs Link to comment Share on other sites More sharing options...
ShadowPuterDude Posted October 21, 2011 Report Share Posted October 21, 2011 Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME Upgrading Java: Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 29. Click the "Download JRE" button to the right. Accept the license agreement. Click on the download link for your system and save it to your desktop.Windows x86 Offline (jre-6u29-windows-i586.exe) Close any programs you may have running - especially your web browser. Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java version. Reboot your computer once all Java components are removed. Then from your desktop double-click on the download to install the newest version.(Vista/7 users, right click on the JRE download and select "Run as an Administrator.") Read carefully and follow these steps. Download TDSSKiller and save it to your Desktop. Double-click on TDSSKiller.exe to run the application, then on Start Scan. If an infected file is detected, the default action will be Cure, click on Continue. If a suspicious file is detected, the default action will be Skip, click on Continue. It may ask you to reboot the computer to complete the process. Click on Reboot Now. If no reboot is require, click on Report. A log file should appear. Save the log somewhere where you can find it. If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.(Version)_(Date)_(Time)_log.txt". Attach the TDSSKiller log. Run OTL.exe Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL:OTL [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2011/03/09 12:57:17 | 000,012,454 | -HS- | C] () -- C:\Documents and Settings\duncan\Local Settings\Application Data\3250051886 [2011/03/09 12:56:54 | 000,012,454 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3250051886 [2011/03/09 12:56:54 | 000,012,400 | -HS- | C] () -- C:\Documents and Settings\duncan\Local Settings\Application Data\1380560618 [2011/03/09 12:56:54 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\xgk.exe [2011/03/09 12:56:54 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\duncan\Local Settings\Application Data\vcg.exe [2011/03/09 12:56:54 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\duncan\Local Settings\Application Data\ltv.exe [2011/03/09 12:56:54 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\jyt.exe [2011/03/09 12:56:54 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ftf.exe [2011/03/09 12:56:54 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\duncan\Local Settings\Application Data\fbh.exe [2011/03/09 12:56:54 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ejs.exe [2011/03/09 12:56:54 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\bub.exe [2011/03/09 12:56:51 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\duncan\Local Settings\Application Data\xyk.exe [2011/03/09 12:56:51 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\duncan\Local Settings\Application Data\ubj.exe [2011/03/09 12:56:51 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\tja.exe [2011/03/09 12:56:51 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\duncan\Local Settings\Application Data\thx.exe [2011/03/09 12:56:51 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\duncan\Local Settings\Application Data\qkq.exe [2011/03/09 12:56:51 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\mlr.exe [2011/03/09 12:56:51 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\fyf.exe [2011/03/09 12:56:51 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\fbk.exe [2011/03/09 12:56:51 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\dfj.exe [2011/03/09 12:56:37 | 000,012,400 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\1380560618 [2011/03/05 12:12:01 | 000,012,462 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\1380560618 [2011/03/05 12:12:01 | 000,012,400 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1380560618 [2010/12/25 10:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} :Commands [Purity] [EmptyTemp] [EmptyFlash] [ResetHosts] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, reboot when it is done Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now! Link to comment Share on other sites More sharing options...
ShadowPuterDude Posted October 25, 2011 Report Share Posted October 25, 2011 Thread Closed Reason: Lack of Response PM either ShadowPuterDude, SpySentinel, or JeanInMontana to have this thread reopened. The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread. Link to comment Share on other sites More sharing options...
Recommended Posts