Cannot get rid of what ever it is that has infected my Toshiba Laptop

:confused

Hi There, I must first thank you for all the useful information you provide on your website it has been of great help to me. I have been battling with quite a number of strange Trojans/malware /viruses a couple of weeks ago on my desktop and laptop. It was only after reading up on your reviews on various antimalware programs available that I was able to load on ones I felt confident to use. IOBit Malware Fighter, Super AntiSpyware, Spyware Blaster and Spybot Seach and Destroy. I had already had Malawarebytes Anti-Malware loaded on both computers. My antivirus system is Avast and it is the paid for version. Two days ago while I was reading a newspaper report on my Toshiba laptop the machine went completely berserk. Avast rang the warning bells about there being something seriously wrong and the next thing I knew Firefox multiplied like a pack of cards and would not stop multiplying and I found I could not start anything to see want was going. When the chaos finally stopped (you have to excuse my simplistic description as although I have learnt a lot over the past several weeks through your site, I am not familiar with technical terminology) I found that all my data had dissapeared and the icons on the desk top, other than Google Chrome and recycle bin. I ran Avast several times and the program seemed to catch the virus or Trojan, each time but would not assign it to the virus chest. It kept giving the message “there are no more end points available from the end point mapper” (1753)
I ran several boot time scans and error messages appeared saying "the request is not supported” (50)
When the scan ends and the laptop starts I keep getting repeat announcements from Avast that a threat has been blocked
It keeps pointing to the words "Rootkit found" and asks me to remove it immediately but does not provide me with the means to do this. The first information provided on the Rootkit was File name MBR:\...\Partition 4 and the rootkit name MBR:\SST(RTK)
Infection Process:C:\windows\explorer.exe
Url:MAL
This keeps happening frequently no matter what I do.
Another message said
C\Programfiles\acfilter_app_1200.3exe
Signed by then it show the words "no signature" in red lettering
Every time I did a boot time scan similar threats would be picked up. Some would get assigned to the virus chest and some would not. And once again the warning signal would come up.
Another warning said
C:\Programdata\AvastSoftware\Avast\tooluvap230493779.tm.mdmp is infected by :SST(RTK)and showed that it was moved to the chest.
After running the boot time scan for the last time the warning message Avast gives is
xTP://c.Mclarenz.net/click/?s
Process CWindows\explorer.exe
and
Infection:URL:Mal
xtp://clicks.coolsearchnow.com/fly?q

I have also run IOBit and the program picked up a couple of malwares but Avast still persisted in it's warning and I also forgot to mention that I would intermittently get the sound of live advertisements in the background but nothing visual. I was not getting anything from any of the other Malware Programs when I ran them. Finally except for IObit and Avast I could not seem them anymore.

I have never experienced anything like this and am very upset and worried. I have months of important research and family photos that would be devastating for me to loose. What am I to do? :cry

I looked at Program files in C drive and that is completely empty! There is Program (X86) and there are files on that but a lot seem to be empty. I would really appreciate some help from you.


Thanks
Yazzie

 

Hello yazzie0,

http://img827.imageshack.us/img827/1263/frst.gif Please download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
• Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please attach this log to your next reply. (How to attach)

 

Hello
I just thought you may like to know when I restarted the laptop like you advised but it did not perform as you described in the first para on - how to enter into systems recovery systems. It did though, give me 3 options of safe mode and also of course the option of giving me the choice to start up in normal mode. So I selected the safe mode option offering command prompt and followed up with the rest of your instructions. After that I pressed enter on "scan" and when it finished it let me know that a log had been created and saved on my flash drive.

I did not go any further with the "select files" and "fix" option. I hope that was all right. I am attaching the log as instructed by you.

Thanks
Yazzie0

 

FRST has to be run from the recovery environment.

Please read ALL of this message including the notes before doing anything.

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and then attach the requested logs to your next reply when you finish these instructions.

• **** If something does not run, write down the info to explain to us later but keep on going. ****
• Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

• After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!

Helpful Notes:

1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
   
   • Starting your computer in Safe mode
2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes, you could use a flash drive too, but flash drives are writeable and infections can spread to them.
3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
   • Don't Bump! It Only Hurts You!!!

* Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated - our system works the oldest threads FIRST.
​

 

Hello Again
I tried to follow the instructions you sent me and the followed the various links in your instructions. But did not seem to have much luck. I had no problems with understanding the instructions but was unable to progress. Perhaps I was plain exhausted and my brain was not functioning properly, as I had been up till 5am for the past 4 days first trying to fix things and then working on your instructions :tired. I gave up in the end and emailed a reliable computer man I have known for many years. It is going to cost me heaps I know, heaps I really cannot afford - but I am also working on a project during the day and I had to do something quickly as I was held up by the time I was taking to work this problem out. It was a real shame as I know I could have resolved this with your help and plus I have developed a keen interest in working out computer issues thanks to all the helpful information on your site. My data has been recovered thank goodness! But the bug is still popping up and he is working on it.

My desk top is still not a hundred percent but I am hanging in there till I get the laptop back. I will come back to you with a report on the desktop and would be grateful if you help me with the issues on it. Once again thanks a lot for your efforts in trying to help me

Yazzie

 

No problem, Yazzie
If you need additional help, let me know.