duncan

\\.\PhysicalDrive0 - Rootkits can't be removed automatically. Please help

Recommended Posts

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java:

  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 29.
  • Click the "Download JRE" button to the right.
  • Accept the license agreement.
  • Click on the download link for your system and save it to your desktop.
    Windows x86 Offline (jre-6u29-windows-i586.exe)
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista/7 users, right click on the JRE download and select "Run as an Administrator.")


Read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Save the log somewhere where you can find it.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.(Version)_(Date)_(Time)_log.txt".
  • Attach the TDSSKiller log.


Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2011/03/09 12:57:17 | 000,012,454 | -HS- | C] () -- C:\Documents and Settings\duncan\Local Settings\Application Data\3250051886
    [2011/03/09 12:56:54 | 000,012,454 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3250051886
    [2011/03/09 12:56:54 | 000,012,400 | -HS- | C] () -- C:\Documents and Settings\duncan\Local Settings\Application Data\1380560618
    [2011/03/09 12:56:54 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\xgk.exe
    [2011/03/09 12:56:54 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\duncan\Local Settings\Application Data\vcg.exe
    [2011/03/09 12:56:54 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\duncan\Local Settings\Application Data\ltv.exe
    [2011/03/09 12:56:54 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\jyt.exe
    [2011/03/09 12:56:54 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ftf.exe
    [2011/03/09 12:56:54 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\duncan\Local Settings\Application Data\fbh.exe
    [2011/03/09 12:56:54 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ejs.exe
    [2011/03/09 12:56:54 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\bub.exe
    [2011/03/09 12:56:51 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\duncan\Local Settings\Application Data\xyk.exe
    [2011/03/09 12:56:51 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\duncan\Local Settings\Application Data\ubj.exe
    [2011/03/09 12:56:51 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\tja.exe
    [2011/03/09 12:56:51 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\duncan\Local Settings\Application Data\thx.exe
    [2011/03/09 12:56:51 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\duncan\Local Settings\Application Data\qkq.exe
    [2011/03/09 12:56:51 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\mlr.exe
    [2011/03/09 12:56:51 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\fyf.exe
    [2011/03/09 12:56:51 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\fbk.exe
    [2011/03/09 12:56:51 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\dfj.exe
    [2011/03/09 12:56:37 | 000,012,400 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\1380560618
    [2011/03/05 12:12:01 | 000,012,462 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\1380560618
    [2011/03/05 12:12:01 | 000,012,400 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1380560618
    [2010/12/25 10:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    
    :Commands
    [Purity]
    [EmptyTemp]
    [EmptyFlash]
    [ResetHosts]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Attach the new log produced by OTL (C:\_OTL). (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS)

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Lack of Response

PM either ShadowPuterDude, SpySentinel, or JeanInMontana to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.