system
March 23, 2016, 8:45pm
1
I am trying to clean my wife’s computer and I cannot seem to remove this one. Avast will not let me delete or quarantine it and Malwarebytes does not find anything when I use it.
I ran aswMBR and Farbar, logs attached.
Any suggestions on how to remove it?
Eddy
March 23, 2016, 9:22pm
2
Eh no.
The logs are not attached.
Please do so
OK we will do this in two stages, first we will remove TDL4
Download the latest version of TDSSKiller from here and save it to your Desktop.
[*]Doubleclick on TDSSKiller.exe to run the application
https://dl.dropbox.com/u/73555776/tdss%20start.JPG
[*]Then click on Change parameters .
https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG
[*]Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.
[*]Click the Start Scan button.
[*]If a suspicious object is detected, the default action will be Skip , click on Continue .
https://dl.dropbox.com/u/73555776/tdss%20threat.JPG
[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
[*]Get the report by selecting Reports
https://dl.dropbox.com/u/73555776/tdss%20report.JPG
[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please attach the log with your next reply.
system
March 23, 2016, 10:33pm
5
The tdsskiller did not give me an option to restart, instead this dialog box popped up.
I also attached the log.
Yes allow TDSSKiller to rewrite the MBR also select delete for the following elements :
18:19:59.0386 0x0924 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:19:59.0386 0x0924 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
Please re-run TDSSKiler
How is the computer behaving at the moment ?
system
March 24, 2016, 6:21pm
9
It does seem to be running a little better. Finally letting me install updates.
Grand, could you now run a fresh FRST scan for me please and attach the log
All should be good after this
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
2011-02-27 18:29 - 2011-02-27 18:29 - 0000000 _____ () C:\Users\Louisa\AppData\Local\Bhilogewusuyanam.bin
2011-02-20 20:48 - 2011-02-21 03:28 - 0011202 _____ () C:\Users\Louisa\AppData\Local\mt1g23v02b57q6ihcw1k2qu8485u81yu7lpn7536y43s
2011-02-27 18:29 - 2011-02-27 18:29 - 0000120 _____ () C:\Users\Louisa\AppData\Local\Vgaletiyogovitog.dat
2011-02-20 20:48 - 2011-02-21 03:28 - 0011202 ___SH () C:\ProgramData\mt1g23v02b57q6ihcw1k2qu8485u81yu7lpn7536y43s
2011-02-05 18:09 - 2011-02-06 15:36 - 0000544 _____ () C:\ProgramData\vtJXIZgXe4VNKVW
2011-02-05 18:04 - 2011-02-06 15:30 - 0000040 _____ () C:\ProgramData\~vtJXIZgXe4VNKVW
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt , in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that