Rogue Killer reporting virus in MBR, TDSS Killer won't run

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by JAGUAR59, Sep 13, 2012.

  1. JAGUAR59

    JAGUAR59 Private E-2

    I went through the prerequisites and started the malware removal for Windows 7 I have attached the Malwarebytes log and attached logs for Rogue Killer. I ran it twice so I have 2 logs attached for it. I tried to run TDSS Killer but it starts but never really opens. I tried renaming it but that did not work either. I did run CCleaner as part of the prerequisites. I stopped with the removal after finding the MBR. I also attached a MBR Check log. I thought the MBR has to be resolved before proceeding, if this is wrong I apologize in advance. Thank you for your support. You all are the best.
     

    Attached Files:

  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Your MBR is fine. What malware issues are you having? If you are having issues, we need the rest of the requested logs.
     
  3. JAGUAR59

    JAGUAR59 Private E-2

    I will run the rest of the scans. Malwarebytes found issues. I am curious why I can not run TDSS Killer and my Norton was disabled. Also Why is Rogue Killer finding an MBR issue.
     
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    RogueKiller is not finding an MBR issue. Scroll down the log and see your MBR version.
     
  5. JAGUAR59

    JAGUAR59 Private E-2

    I am not trying to be a pain but I am trying to understand what I am looking at. When I run Gparted it shows my boot device as being hidden and 880kb (dev/sda4). It has a yellow flag on this device. Shouldn't my boot device be the main drive? When I look at the RogueKiller file it shows ¤¤¤ Infection : Root.MBR ¤¤¤ and 3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 1465147392 | Size: 0 Mo. I am not the expert so as I said I am just trying to understand what I am looking at. You also did not tell me why certain programs will not run.
     
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Code:
    +++++ PhysicalDrive0: TOSHIBA MK7575GSX +++++
    --- User ---
    [MBR] 1c2b2d0c2b316a32c694e1db3c4f43db
    [BSP] b6c42b31da762093b9383edb4f45f094 : [B]Windows Vista MBR Code[/B]
    I can't answer your other questions with out seeing the requested logs.
     
  7. JAGUAR59

    JAGUAR59 Private E-2

    I will run the other logs shortly. Shouldn't this be a Windows 7 MBR?
     
  8. JAGUAR59

    JAGUAR59 Private E-2

    Attached are the logs from MGLOGS and Hitman.
     

    Attached Files:

  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Use windows explorer to find and delete:
    C:\ProgramData\-S0DtCcH1Jku6lY
    C:\ProgramData\-S0DtCcH1Jku6lYr
    C:\ProgramData\S0DtCcH1Jku6lY

    Do you have your Win7 install disc?
     
  10. JAGUAR59

    JAGUAR59 Private E-2

    I do not have a Win 7 disk for this pc. I have a Win 7 pro disk but this is home edition. What do I need from it...

    I have deleted the 3 files you requested be removed.
     
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    To run the Bootrec.exe tool, you must start Windows RE. To do this, follow these steps:

    1. Put the Windows Vista or Windows 7 installation disc in the disc drive, and then start the computer.
    2. Press a key when you are prompted.
    3. Select a language, a time, a currency, a keyboard or an input method, and then click Next.
    4. Click Repair your computer.
    5. Click the operating system that you want to repair, and then click Next.
    6. In the System Recovery Options dialog box, click Command Prompt.
    7. Type Bootrec.exe /fixmbr, and then press ENTER.

    Reboot to normal mode Rerun MBRCheck.
     
  12. JAGUAR59

    JAGUAR59 Private E-2

    My operating system is not listed. Should I just load drivers?
     
  13. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    What malware issues are you having?
     
  14. JAGUAR59

    JAGUAR59 Private E-2

    I am confused by your question. I have sent you logs showing viruses. I have sent you logs indicating MBR issues. You just asked me to fix my MBR. When I did the last steps you instructed me to do I got to step 5 but no operating system is listed. I have two choices. 1 is to choose my operating system and 2 is to load drivers if no operating system is showing. There is no operating system showing. So I need to know what I do from here. Do I choose load drivers and continue or is there something else I need to do.
     
  15. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

  16. JAGUAR59

    JAGUAR59 Private E-2

    I ran the program as instructed but did not change anything. I ran Hitman again and it listed the same error so I used the free trial and let it fix what it though was wrong. All scans now showing no MBR error. This includes RogueKiller which was also complaining. Whatever the problem was it is resolved for the scanners I am using. I will rerun my scans to see if they are finding anything else now.
     
  17. JAGUAR59

    JAGUAR59 Private E-2

    I don't know if it truly was an MBR issue either but whatever the problem was it is not showing any longer.
     
  18. JAGUAR59

    JAGUAR59 Private E-2

    You may close this incident. The scans run clean now. I reloaded Norton and it is working fine. Thanks for your support.
     
  19. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good to hear.

    If you are not having any other malware problems, it is time to do our final steps:

    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. You can uninstall RogueKiller and HitManPro.
    2. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
      related to MGtools and some other items from our cleaning procedures.
    7. After doing the above, you should work thru the below link:


    Malware removal from a National Chain = $149
    Malware removal from MajorGeeks = $0
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds