Is this all Virus Related?

Discussion in 'Malware Help (A Specialist Will Reply)' started by mikwya, Apr 27, 2011.

  1. mikwya

    mikwya Private E-2

    Problems:

    Wireless Network keeps changing back to unsecured despite my attempts to re-secure it. Have not tried again since doing the read/run me first steps.

    Norton warning me every three minutes about blocked attacks from tidservactivity 2, attack from \device\harddiskvolume1\windows\system32\svchost.exe

    Severe hang/freeze ups when starting IE explorer and when windows shuts down. Also this computer will absolutely not let me go to microsoft updates. I have another one identical to it that updates regularly without any problems.

    Windows will also not let me view available wireless networks as it says something else is controlling it.

    I have followed all steps in the read/run me first and attached my logs. I was unable to download the combo fix due to explorer will only bring up a blank page regardless of which link i use to get there.

    My computer is an ASUS Eee PC 1001, Router is wrt54gs, running windows xp 32 bit. I attempted to do a full system restore but the f9 at startup does not seem to work and this netbook does not come with a cd rom drive or a windows system disk. I have done absolutely nothing else since running the scans in the order prescribed in the readme first thread. The other problems I was having seem to have been solved since following the directions on the read me first page.

    Thank you for being here, you have already been of much help to me in the past.

    Mike
     

    Attached Files:

    mikwya, Apr 27, 2011
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You did not let MGTools.exe run to completion. The logs are incomplete.

    Go to TDSSKiller and Download TDSSKiller.zip to your Desktop

    • Extract its contents to your Desktop so that you have TDSSKiller.exe directly on your Desktop and not in any subfolder of the Desktop.
    • Now double click the TDSSkiller.exe file to run it ( if using Vista or Windows 7 do not double click on it but rather, right click and select Run As Administrartor.
    • Allow the application to run and a window will open showing that it is TDSSkiller from Kaspersky
    • Click Start scan
    • It will run rather quickly and will notify you of whether anything is found or not.
    • Follow the instructions to delete/quarantine if asks you what to do when if finds something.
    Whether an infection is found or not, a log file should be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post )

    Please also download MBRCheck to your desktop

    • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
    • It will show a Black screen with some data on it
    • Right click on the screen and select > Select All
    • Press Control+C
    • Open a notepad and press Control+V
    • now please ATTACH that report to this thread

    Please do this, click Start, Run and enter cmd and click OK. This will open a command prompt window. In the command prompt window, enter the below commands each followed by the enter key. Note there is a space after the cd

    cd \MGtools
    GetLogs.bat
     
    Kestrel13!, Apr 27, 2011
    #2
  3. mikwya

    mikwya Private E-2

    ok I was able to download and run combo fix and have included the logs along with the mgtools logs. I was not able to run the tds killer though. I downloaded it twice and attempted to run however it shuts down after 80% initialization
     

    Attached Files:

    mikwya, Apr 28, 2011
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Are you experiencing browser redirects as well?

    (You missed this step previously)

    Please do this, click Start, Run and enter cmd and click OK. This will open a command prompt window. In the command prompt window, enter the below commands each followed by the enter key. Note there is a space after the cd

    cd \MGtools
    GetLogs.bat

    Let it run all the way to completion.

    Do you have you XP boot CD?     I suspect you have an MBR infection and we will need the disk.
     
    Kestrel13!, Apr 28, 2011
    #4
  5. mikwya

    mikwya Private E-2

    I have ran the mgtools twice now and let it run until completion both times. The first time ran it from the desktop and the second through the run command as you specefied. It ran until I got a dos window that said it had completed and to hit any key to close. I let it sit after completion for well over 30 minutes the second time to see if it was going to run anything else.

    These netbooks that I purchased did not come with windows cd's. All the software was preloaded and they do not have cd rom drives. I have been told that there is a hidden drive in these machines that contain all of the setupfiles. Computer is ASUS Eee PC, 1001PXB. There is a Windows Product Key that came with each computer.
     
    mikwya, Apr 29, 2011
    #5
  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You should have a C:\MGlogs.zip. Please check and attach. :)
     
    Kestrel13!, Apr 29, 2011
    #6
  7. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    This is a download of an .iso file of just the Recovery Console for XP.
    Burn to CD with Nero or other 'disc image' capable tool and boot.

    XP Recovery Console.

    Now move TDSSKiller directly to your C:\ drive. So you should have C:\TDSSKiller.exe

    Once you have created the disc, boot to the bios and change the boot order to CD/DVD as first boot device.

    Now boot to the disc and go into the Recovery console. At the prompt, change the directory to the C: prompt and then type:
    C:\TDSSKiller.exe and hit enter.

    Reboot and Please also download MBRCheck to your desktop

    • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
    • It will show a Black screen with some information that will contain either the below line if no problem is found:
      • Done! Press ENTER to exit...

    • Or you will see more information like below if a problem is found:
      • Found non-standard or infected MBR.
      • Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
    • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
    • Attach this log to your next message.
     
    Kestrel13!, Apr 29, 2011
    #7

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds