Can't run TDSS Fixers

Okay the MaxSS MBR infection is still showing. Since you do not have a Windows 7 boot DVD, and you cannot get FRST to run, our options are limited. We will try some other tools to see if they can fix the MBR but frequently the only method that will work is a boot CD.

Let's first run a scan with the below and see what it shows.


Please download aswMBR ( 511KB ) to your desktop.

• Double click the aswMBR.exe icon to run it
• Click the Scan button to start the scan
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

 

You should never have reenabled UAC. It should remain disabled until we are finished. So disable it and reboot for it to take effect. If you cannot get aswMBR to run in normal boot mode, try safe boot mode.

 

A Windows Boot CD because nothing runs on your PC. Other possible choice is to use a factory reovery partition to reimage back to factory ship state but remember this will wipe all of you data and setting so you must backup everything you need before doing this.

POSSIBLE ALTERNATIVE: Or another possible option may be to try what was posted in message # 12 of the below thread and see if you can get this CD to run.

whistler/black internet@mbr again!

​

 

All of message #12 applies to you which is why I sent you there. You need to get your MBR fixed. All of what Malwarebytes is finding is just due to the same infection we have been trying to fix. But since you have not been able to any tools and you don't have your Windows Boot Disk. You need to try this Hiren's Disk and procedure. Remember that it is highly recommended that all important personally data be backed up first.

 

Yes I was worried about this due to the severity of your infection. Try the Startup Repair and just let it do its thing. Hopefully this will work but I'm not too certain it will. You may need that Windows 7 Boot CD to get anywhere at all, but it may be looking more like you need to reinstall.

 

You have not lost everything. It is still there. Getting at it is the problem because you cannot boot up now. You can wait for the DVD ( hopefully it is really a bootable DVD ) and we can try a couple things. But these infections can sometimes cause irrepairable damage which does require a reinstall.

 

Sounds like it is just a repair disk, not a full Windows Boot CD, but perhaps we can get it to help us. Let's see if we can get FRST to run now after booting your PC from this disk. We tried this earlier ( back in msg # 9 ) but you could not boot from the hard disk into the Recovery Environment. So try the below booting from the Windows 7 DVD.

Please do the below so that we can boot to System Recovery Options to run a scan.

For 64-bit (x64) systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.



Enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please attach this file to your next reply. (See: How to attach)

If the above works, you don't need to stop to attach the log right now. Will will get it later. Just continue on with the below to see if we can get your PC booting.


Download this >> View attachment fixlist.txt


Save fixlist.txt to your flash drive.

• You should now have both fixlist.txt and FRST64.exe on your flash drive.

Now reboot back into the System Recovery Options as you did previously.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (See how to attach)

Now boot into normal Windows ( if possible ) and continue with the below.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• the original FRST.txt log
• Fixlog.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

You're welcome. Now you are aware of how important it is to have a Windows Boot Disk and how negligent it is of PC manufacturers for not shipping them with PCs.

Looks like you should have Internet access now ?

We have more to fix from your ZeroAccess infection. We will use another FRST fix.

Download this >> View attachment fixlist.txt



Save fixlist.txt to your flash drive.

• You should now have both fixlist.txt and FRST64.exe on your flash drive.

Now reboot back into the System Recovery Options as you did previously.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (See how to attach)

Now boot into normal Windows can continue with the below.



Be patient while doing the below. The fixes can sometimes take quite awhile to run. Especially the permissions repairs. It may be best to kick it off and goto bed or do something else. It is better not to run anything while the repairs are going on.

Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.

• Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
• Now select the Start Repairs tab.
• The click the Start button.
• Create a System Restore point if prompted.
• On the next screen, click the Unselect All button to first deselect all repairs.
• Now select the following repair options:
  • Reset Registry Permissions
  • Reset File Permissions
  • Register System Files
  • Repair WMI
  • Repair Windows Firewall
  • Remove Policies Set By Infections
  • Repair Winsock & DNS Cache
  • Repair Proxy Settings
  • Repair Windows Updates
  • Set Windows Services To Default Startup
• Now on the lower right side check the box to Restart/Shutdown System When Finished
• Then make sure the Restart System radio button is enabled.
• Shutdown any other programs that you are running now before continuing.
• Now click the Start button.
• Be patient while the tool repairs the selected items.
• It should reboot automatically when finished.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).


Then attach the below logs:

• Fixlog.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Uninstall Chrome and then reboot.

After reboot, delete the below folder.
C:\Users\Tiger\AppData\Local\Google

Then use IE to download and install the below if you still want Chrome:
Google Chrome 21.0.1180.89 Final

 

Personally I prefer Internet Explorer over Google and Firefox. We have more infection/issues with Chrome and Firefox here where they constantly have to be uninstalled to fix problems.

If you feel that you are not a safe/educated surfer, then perhaps a tool like Google Safe Browsing or McAfee's SiteAdvisor would be useful for you.

 

Happy Holidays to you too.


If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Press and hold the Windows key http://forums.majorgeeks.com/chaslang/images/Windows_Logo_key.gif and then press the letter R on your keyboard. This opens the Run dialog box.
   • Copy and paste the below into the Run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 6 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

You're welcome.

Just use the below tool.

Autorun Eater

 

You're welcome. Surf safely!