File Emsisoft cannot remove

[vzdevman 0]

I downloaded Emsisoft and ran a scan .. it found Heuristic.Possible.MBR.Rootkit (A) when scanning rootkits located in \DosDevices\PhysicalDrive0.

It was told it could not be deleted and to post here to find out how to remove it manually. I have attached log files.

Thanks

[jeffce 1]

Hi and welcome!!

Please download TDSSKiller

• Double click TDSSKiller.exe
  
• Press Start Scan but do nothing else as we are just looking for what is there.
  
• If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  
• Attach the log in your next reply
  
  • A copy of the log will be saved automatically to the root of the drive (typically C:\)
    

----------

[vzdevman 0]

The log from TDSSKiller.exe is attached as requested. Thanks for your help.

[jeffce 1]

Hi,

Please run TDSSKiller again and this time please select Cure to remove the entries found. Attach the new TDSSKiller log to your next reply.

----------

Download Combofix from the link below, and save it to your desktop.

Link

**Note: It is important that it is saved directly to your desktop**

If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

• 
  When finished, it will produce a report for you.
• Please attach the C:\ComboFix.txt for further review.
  

----------

[vzdevman 0]

Attached are the 2 log files.

[jeffce 1]

I apologize for any delay.

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the box below:

  
  ClearJavaCache::
  File::
  c:\program files\Coupons.com CouponBar\tbcore3.dll
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{8660E5B3-6C41-44DE-8503-98D99BBECD41}"=-
  [-HKEY_CLASSES_ROOT\clsid\{8660e5b3-6c41-44de-8503-98d99bbecd41}]
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
  "{8660E5B3-6C41-44DE-8503-98D99BBECD41}"=-
  [-HKEY_CLASSES_ROOT\clsid\{8660e5b3-6c41-44de-8503-98d99bbecd41}]
  

• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  
• ComboFix may request an update; please allow it.
  
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  
• When finished, it shall produce a log for you. Post the contents of the log in your next reply.
  

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

Please attach the new ComboFix log and let me know how your system is running.

[jeffce 1]

Are you still with me?

[jeffce 1]

Due to lack of feedback, this topic will now be closed.

If you are the original poster and you still require help, please start a new thread.

-------------------