USB ports not working after infection...

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Marlboro, Mar 27, 2012.

  1. Marlboro

    Marlboro Private E-2

    Hi,

    Usb ports stopped working after infection.
    If usb device plugged in it appears in device manager with yellow icon.
    Have reinstalling chipset after cleanup but still same problem.

    Have attacted cleanup logs.

    Many thanks for any assistance.
    Brian
     

    Attached Files:

  2. Marlboro

    Marlboro Private E-2

    remaining log,
    zipped, too large as .txt

    Regards
    Brian
     

    Attached Files:

  3. thisisu

    thisisu Malware Consultant

    Hello Marlboro :)

    [​IMG] From Add/Remove Programs (via Control Panel), please uninstall the below:
    • CleanUp!
    • HijackThis 2.0.2

    Code:
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com
    
    Generated 03/25/2012 at 00:09 AM
    
    Application Version : [B][COLOR="Red"]4.35.1000[/COLOR][/B] 
    The version of SAS you scanned with is outdated.
    Please install verion 5.0.1146 and run a Quick Scan using the latest definitions.
    Attach the latest log when finished.

    __
    Code:
    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org
    
    Database version: v2012.03.[COLOR="Red"][B]20[/B][/COLOR].02
    Please update MBAM and run another Quick Scan.
    Attach the latest log when finished.

    __

    [​IMG] I want you to read and follow these instructions: TDSSKiller - How to run


    [​IMG] Please download aswMBR to your desktop.
    • Double-click aswMBR.exe to run (Vista/7 right-click and select Run as Administrator)
    • Select No when asked "Would you like to download latest Avast! virus definitions?"
    • Click the [Scan] button.
    • On completion of the scan click [Save log], save it to your desktop and attach this log to your next message. (How to attach)
     
  4. Marlboro

    Marlboro Private E-2

    Hi,

    Removed cleanup and hijack this and rebooted.

    Installed SAS 5.0.1146 dbase 8389 and added TDSSKiller and aswMBR to desktop.

    Ran quick SAS scan and removed threats (spyware).
    SAS requested reboot so did so.

    Updated MBAM to v2012.03.27.08 and run quick scan.

    New logs attached.

    Regards
    Brian
     

    Attached Files:

  5. thisisu

    thisisu Malware Consultant

    Hi Brian,

    I am not finding any malware in your logs. What type of infection did you have?
    Did you recently perform a Windows Repair installation?
    Answer this and proceed with these steps.

    [​IMG] Please download Disable/Remove Windows Messenger to your desktop.
    • Double-click MessengerDisable.exe to run it.
    • Place checkmarks in "Uninstall Windows Messenger" and "Hide Messenger from Outlook Express"
    • Click Apply
    • Click Exit

    [​IMG] Fixing items using ComboFix
    Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop -- but do not run it.
    If it is not on your desktop, the below will not work.
    Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
    Open Notepad and copy/paste the text in the below code box into Notepad:
    Code:
    [COLOR="DarkRed"]KillAll::[/COLOR]
    [COLOR="DarkRed"]ClearJavaCache::[/COLOR]
    [COLOR="DarkRed"]DirLook::[/COLOR]
    C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [COLOR="DarkRed"]Folder::[/COLOR]
    C:\Program Files\AVG
    C:\Documents and Settings\Administrator.YOUR-E0EDE2184D\Local Settings\Application Data\AskToolbar
    C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\0GOYE310
    C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\L300N5VI
    C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\O7ZUSQUY
    C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\QF45UJZR
    [COLOR="DarkRed"]Suspect::[137][/COLOR]
    C:\Program Files\DownloadXCtrl.com
    C:\WINDOWS\Downloaded Program Files\swdir.inf
    
    Save this file as CFScript.txt to your desktop. So now you should have both CFScript.txt and ComboFix.exe on your desktop.
    Now use your mouse to drag CFScript.txt on top of ComboFix.exe and then release.
    [​IMG]
    This will launch ComboFix.
    Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
    Allow ComboFix to update itself if prompted.
    When ComboFix finishes, a log will be produced at C:\ComboFix.txt
    Attach this log to your next message. (How to attach)

    If you answered yes to the above question (about Windows repair install), you may skip this step. Otherwise, please complete the below too:

    Click the [​IMG] button. > Run - copy and paste this command in the box cmd then click OK.
    In the command box, type in this command and press ENTER: sfc /scannow
    Do you have your Windows XP CD? This process may require the CD in order to fix potential integrity issues.

    [​IMG] Now run C:\MGtools\GetLogs.bat by double-clicking it.
    This updates all of the logs inside MGlogs.zip.
    When it is finished, attach C:\MGlogs.zip to your next message. (How to attach)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds