Stubborn Malware, mysterious

Welcome to Major Geeks!

Note, the more you post, the longer it takes to get an answer. See this sticky thread: Don't Bump! It Only Hurts You!!!


Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.

• If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First. If TDSSserv is not found, just continue on with the READ & RUN ME.
  • TDSSserv Non-Plug & Play Driver Disable

READ & RUN ME FIRST. Malware Removal Guide

• If something does not run, write down the info to explain to us later but keep on going.
• Do not assume that because one step does not work that they all will not.

• After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!

Helpful Notes:

1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
   
   • Starting your computer in Safe mode
2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
   • Don't Bump! It Only Hurts You!!!

Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.
​

 

Re: fixed!

Glad to hear you resolved your problems.

Just for furture reference, every post you make is a bump to the previous post since it changes your position in the work queue. It does not matter whether you are intentionally bumping or adding new info. Basically you at least increase you waiting time by the difference in time between the posts. So for example, below are your first 4 post times with comments indicating the effect

08-14-09 20:47 << initial post into queue
08-14-09 20:50 << bump queue position backwards by 3 minutes (no big deal)
08-14-09 21:06 << bump initial queue position backwards 29 minutes (also not to big a deal for you unless very impatient)
08-15-09 07:34 << bump initial queue position backwards 10 hrs and 47 minutes ( potentially a big deal to you )

I think this illustrates what happens. Potentially if someone keeps bumping, they may never get an answer.

 

Posts can only be edited for 5 minutes and then they are locked to maintain original info.

There is no technical analysis. It is just how queues work just like on phone lines when you call in for tech support when you get the next available operator. If you hang up, you have start your waiting time again from the end of the queue. This is exactly what a bump (any additional message) does.

Yes which is why it is the first step in the below:

How to Protect yourself from malware!