my logs

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by ofthedead, Jul 28, 2011.

  1. ofthedead

    ofthedead Private E-2

    this is a friends computer that i am fixing. they had all of the signs of having all sorts of malware( any time the computer went on line it would slow down if not stop all together) They had macafee installed (free), but i uninstalled it before i started the scans (it was making the computer run even worse) When the computer is considered safe i will install anti vir and comodo.

    most of the scans went fine but super anti software froze the first time ( followed all of the steps and it worked just fine the second time)

    from the looks of it this computer had alot of stuff on it but i am not a master at this stuff so here are the logs. if there are more steps you would like me to follow just let me know
    thanks in advance for all of your help
     

    Attached Files:

    ofthedead, Jul 28, 2011
    #1
  2. ofthedead

    ofthedead Private E-2

    the last log
     

    Attached Files:

    ofthedead, Jul 28, 2011
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please goto the below link and follow the instructions for running TDSSKiller from Kaspersky
    Be sure to attach your log from TDSSKiller


    Also download MBRCheck to your desktop.

    See the download links under this icon http://forums.majorgeeks.com/chaslang/images/MGDownloadLoc.gif
    • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
    • It will show a Black screen with some information that will contain either the below line if no problem is found:
      • Done! Press ENTER to exit...
    • Or you will see more information like below if a problem is found:
      • Found non-standard or infected MBR.
      • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
    • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
    • Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )
     
    chaslang, Jul 29, 2011
    #3
  4. ofthedead

    ofthedead Private E-2

    these are the two logs

    tdsskiller ran fine but i could not reboot the computer (i had to unplug it to reboot)
     

    Attached Files:

    ofthedead, Jul 30, 2011
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    MBRcheck is showing that you have an MBR infection. Do you have your Windows XP Home Edition boot CD so that we can use it to boot to the Recovery Console to repair your MBR?
     
    chaslang, Jul 30, 2011
    #5
  6. ofthedead

    ofthedead Private E-2

    This is my friends computer and she does not have a disk. its a dell and I know sometimes they have a back up of windows on a partitioned section of the hard drive but I do not see a partition.

    I don't know if this will help but I do have an upgrade disc for windows xp home edition (this is mine from when I upgraded my computer from 98 to xp)
     
    ofthedead, Jul 30, 2011
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    There appears to be a factory recovery partition which you could restore to but this puts the PC back to the state it was in when it came out of the box. If you do this, you lose everything on it. Thus if you were going to do this, you will have to make backups of all important data first. In fact it is a good idea to do the backups anyway before repairing the MBR just to be safe.

    Not likley. Upgrade discs are typically not bootable disks.


    You could try booting to the Recovery Console that you installed while installing ComboFix. Once you get to the command prompt of the Recovery Console, you will have to run the below command:

    fixmbr

    Then you type exit to reboot. This may or may not fix the MBR. Typically the infections block this from working because you are actually still boot the hard disk to get to the Recovery Console. This is why we ask about the CD. Booting from the CD, does not allow the infected MBR to load.

    If running fixmbr fromr the installed Recovery Console does not work, then you will have either get a bootable CD, or you will have to make a Windows Recovery Console Boot CD which can be downloaded from some sites online. We will do this if you cannot get the installed one to work properly.
     
    chaslang, Jul 30, 2011
    #7
  8. ofthedead

    ofthedead Private E-2

    Thank you for all of your help...
    I used the factory recovery partition to set the computer back to the state it was in when it came out of the box.
     
    ofthedead, Aug 6, 2011
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    chaslang, Aug 6, 2011
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds