Malware causing constant reboots

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by ea2386, Apr 19, 2012.

  1. ea2386

    ea2386 Private E-2

    Thank you in advance for your help.

    My antivirus program (Vipre) popped up with a message yesterday indicating that it had discovered a trojan file on my computer. Before I could even read the name, the computer rebooted and everytime the desktop would begin to load the computer would reboot again. Prior to the reboot, a rectangular blue screen appears and then the computer immediately reboots. I am able to work in safe mode still. After running all of the scans, I still have the same issue.

    Thanks,
    -Eric
     

    Attached Files:

    ea2386, Apr 19, 2012
    #1
  2. ea2386

    ea2386 Private E-2

    I also ran TDSSKiller and MBRCheck and here are the associated logs from each.
     

    Attached Files:

    ea2386, Apr 19, 2012
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please re-run TDSSKiller and fix these:
    Attach the new log.

    You will need an install disc to fix your MBR. If you don't have one, you can purchase a Recovery Environment disc here:
    http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/ Costs $9.

    Download OTL to your desktop.

    Double-click OTL.exe to start the program.

    • Copy and Paste the following code into the Custom Scans/Fixes textbox. Do not include the word Code

    Code:
    :processes
:killallprocesses
:files
C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Templates\021622a3e508q848j266x4dua4t5
C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Templates\070lav12o253g  
C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Templates\16dqa20hyf3602qmoxn84kyxbj2qy82eaf5f52b8q13ncr
C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Templates\603732e5q466t887e628b2oot0o6
C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Templates\fprntx1e8lgn2smy4pia6x068l4r
C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Templates\q2pj10o4uw2fhf
C:\Windows\assembly\temp\U
C:\Windows\svchost.exe
:commands
[PURITY]
[EMPTYTEMP]
[RESETHOSTS]
[REBOOT]
    • Then click the Run Fix button at the top.
    • Click the OK button.
    • OTL may ask to reboot the machine. Please do so if asked.
    • The report should appear in Notepad after the reboot. Just close notepad and attach this log form OTL to your next message.


    For fixing the boot issues:
    To run the Bootrec.exe tool, you must start Windows RE. To do this, follow these steps:

    1. Put the Windows Vista or Windows 7 installation disc in the disc drive, and then start the computer.
    2. Press a key when you are prompted.
    3. Select a language, a time, a currency, a keyboard or an input method, and then click Next.
    4. Click Repair your computer.
    5. Click the operating system that you want to repair, and then click Next.
    6. In the System Recovery Options dialog box, click Command Prompt.
    7. Type Bootrec.exe /fixmbr , and then press ENTER.

    Now boot to normal mode and re-run MBRCheck. Attach that log as well.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).Make sure that you watch for the license agreement for TrendMicro HijackThis and click on the Accept button TWICE to accept ( yes twice ).

    Then attach the below logs:

    * C:\MGlogs.zip

    Make sure you tell me how things are working now!
     
    Last edited: Apr 19, 2012
    TimW, Apr 19, 2012
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds