Malware - Ran the Read Me Procedure

I ran your most excellent Read Me tutorial on malware/virus removal and want to attach the logs below as instructed. Still to come: SAS txt file and Malwarebytes log in next text, providing I can find them!

Thanks,
Cal

 

Attached are the other two files required; Symptoms initially were very slow processing of commands, eventual (10 -15 minutes) freeze up of screen.

At startup I get a black box entitled "C:\WINDOWS\System32\cmd.exe" that gives a list of system errors 67, 85, 53, sometimes multiple times, and says local device already in use. Goes away in 30 seconds or so and allows me to continue.

The at some point during the session, usually less than 20 minutes into it, I get a message saying Generic Host32 has encountered a problem and must close, after which nothing responds.

I also get pop up advertisements out of nowhere for various unwanted stuff. Seems to happen when I access an unrelated website.

Thanks for help. I need it!

 

I was able to delete the sys32\12543.js file, but only by booting in safe mode.

Java update removed.

TESSKiller log attached. A file was removed.

MBRCheck link didn't work, but went to geekstogo website and searched on MBRCheck, and found a link that then seemed to run it for me. Log attached.

I'll reboot and load Java and then run MG tools again right after I send this.

Thank you!
Cal

 

Java loaded. Went to their website. The MajorGeeks link didn't have it for some reason.

MG tools run. Log attached.

I have completed everything you suggested. Mbam and SAS files were attached to earlier reply.

Hopefully this does it! Thank you very much for your help. I'll let you know if I still have any recurring issues.

 

Here is the virustot.com scan of the MBR Backup files. Also attached the ComboFix log just run.

Most problems seem to be gone, but do still get a delay in typing once in a while, like the system is tied up doing something else.

Thanks for your help.
Cal

VT Community Sign in ▼ My account ▼ Sign out Signing out... Languages ▼

VirusTotal's website has changed, we need new translations, do you feel like helping the community?
info@virustotal.com
Sign in to VT CommunitySafety ratings and user comments (disinfection, in-the-wild locations, reverse engineering reports, etc.) on malware and URLs, free and easy.
email
password
Keep me logged in
Sign in Signing in, please wait...
Login failed, please try again
Forgot your password? Create an account

Edit my profile
View my profile
Inbox

Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this URL is benign. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this URL is malicious.
Submission date: 2010-12-20 17:13:43 (UTC)
Current status: queued error, please try again queued (#1) analysing finished

Download progress: 0 bytes

Antivirus report: View downloaded file analysis Not available

Webscan result: VT Community

not reviewed
Safety score: -
Compact Print results
URL analysis tool Result
Firefox Clean site
Google Safebrowsing Clean site
Opera Clean site
ParetoLogic Clean site
Phishtank Clean site
Additional informationShow all
Normalized URL: http://mbr_2010-12-20.bin/
URL MD5: 034911d65a63b76e534cd442840c9de9
Content-Type: text/plain


VT Community

0
This URL has never been reviewed by any VT Community member. Be the first one to comment on it!
VirusTotal Team