Trojan remains after 3 formats?

Phydron · Oct 3, 2012

I have a desk top Gigabyte DQ6, core 2 Duo, 3.6GHz, 4GB, that has a major
trojan problem. This bug was originally identified as HEUR.BackDoor.Win64.
Generic, then TDSSKiller said it wasTROJ_SPNR.OBD112. I have reformatted
twice on another computer, using /u suffix, removed the BIOS battery, tried
a new HDD and I can't understand how this thing can survive all that.
When I first get the OS installed, it begins to screw up, it reboots half way through installing any other software, flashes 'Windows Installer' on the
screen at random times, takes 45 sec. to two minutes for each keystroke
or mouse click, in the processes box it creates two of each program.
All this is before connecting to the net, then it really screws up, including
redirecting explorer to a Facebook address.

Here are the logs that were requested, it won't let me copy the MG logs.

Thanks for any help you can give.

Phydron · Oct 3, 2012

I guess the files didn't make it. I'll try again, sorry.

TimW · Oct 4, 2012

I am not finding any malware in your logs. Please attach the log from running MGTools.exe --- C:\MGLogs.zip

Phydron · Oct 4, 2012

I'll try again, this bug stopped me from saving MGToools yesterday.

Phydron · Oct 4, 2012

Thanks for the quick reply.
I finally wrestled the MGTools log out of this thing.
It's just as bad as ever and when the internet connects, it really gets bad.

Thanks again, Norm

TimW · Oct 4, 2012

I do not find any malware in any of your logs. I suggest that you post in the software forum for additional assistance. Your logs are clean.

Since you are not having any malware problems, it is time to do our final steps:

We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. You can uninstall RogueKiller and HitManPro.

Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.

Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.

If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.

Go to add/remove programs and uninstall HijackThis.

Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
related to MGtools and some other items from our cleaning procedures.

After doing the above, you should work thru the below link:

How to Protect yourself from malware!

Malware removal from a National Chain = $149
Malware removal from MajorGeeks = $0

Phydron · Oct 4, 2012

Thanks anyway, I guarantee there is still malware of some type on this machine.
I'll keep working on it.

TimW · Oct 5, 2012

When you do a format, are you creating new partitions as well?

Phydron · Oct 5, 2012

I formatted in control panel using the /u suffix, removed the BIOS battery and installed a
fresh copy of Vista from a legal disk. One time, I used a disk that had never been on this
PC. It begins screwing up as soon as I start adding other programs, then when it connects
to the internet it really gets bad. I have a whole litany of problems it causes if you need
them.

Thanks again for your time and efforts.

TimW · Oct 6, 2012

Since I couldn't find any evidence of malware in your logs, you should probably post in the software forum for additional assistance.

We can do one other thing:

Please download ComboFix to your desktop. Turn off any AV software you have before you run it. Attach the log when finished. Do not do anything while it is running or it may stall the program.

Phydron · Oct 6, 2012

On my last format I used a new HDD that had never been on this computer.
I removed the BIOS battery for 5 mins., replaced the video card on the off
chance that this bug was hiding there. It was suggested that my modem might
be at fault so I replaced that, although no other computers on the modem
have problems. I reinstalled Vista from a retail disk and have a full page of
problems it still has.

I wonder if it's possible for this virus to have taken up residence in the chip
set or CPU or other flash memory. I haven't used SD cards or any other
I/O device that could have transferred it. I think I've proven it's not on
the HDD. Is it possibe that it could still be in the BIOS. Obviously I'm
stumped.

Thanks again,

Norm

TimW · Oct 6, 2012

You didn't run Combo from your desktop as instructed.

Phydron · Oct 6, 2012

I'll have to reformat to be able to load it.

Phydron · Oct 6, 2012

I managed to save the file before it was deleted.

TimW · Oct 7, 2012

That didn't find anything. I can only suggest that you post in the software forum for additional assistance. This does not appear to be a malware issue.

TimW · Oct 7, 2012

Here is a suggestion. You would also get more when you post in the software forum.

http://forums.majorgeeks.com/showthread.php?t=267578

Log in or Sign up

Trojan remains after 3 formats?

Phydron Private E-2

Phydron Private E-2

Attached Files:

RKreport[1].txt

mbam-log-2012-10-01 (21-18-12).txt

TDSSKiller.2.8.10.0_01.10.2012_21.24.47_log.txt

HitmanPro_20121001_2146.log

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Phydron Private E-2

Phydron Private E-2

Attached Files:

MGlogs.zip

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Phydron Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Phydron Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Phydron Private E-2

Attached Files:

Combo.txt

ComboFix-quarantined-files.txt

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Phydron Private E-2

Phydron Private E-2

Attached Files:

Combofix.txt

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member