IEXPLORE Virus

When i go to recovery console it says: “A disk read error occured. Press ctrl+alt+del to restart” Pressing ctrl+alt+del does nothing. Gotta shut down computer manually by holding power button down.

OK this is the new variant - I will need to do a bit of reading on this, we may need to fix the MBR outside of windows, Are you able to burn a CD ?

i can burn a cd/dvd on my other computer.

Please print these instruction out so that you know what you are doing

Latest version: v3.1.46.0

OTLPENet.exe
MD5=79209302A1AFB2490808DB890A815CED
Size: 127,222,215b / 121.3MB

[*]Download OTLPENet.exe to your desktop
[*]Ensure that you have a blank CD in the drive
[*]Double click OTLPENet.exe and this will then open imgburn to burn the file to CD

[*]Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
[*]As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :slight_smile:

[]Your system should now display a Reatogo desktop.
[
]On the Reatogo desktop. Double click MBRFix. A command prompt will be presented. Type the following commands and press Enter after each line:

C:
cd C:
MbrFix /drive 0 fixmbr
Exit

When i typed the following in the command prompt: MbrFix /drive 0 fixmbr
I get the following error:
“MBRFIX is not recognized as internal or external command”

Just a small bit of info. There have been viral adverts that Mediafire occasionally use. Most likely by accident(I hope). But I thought Essexboy would want to know, as to avoid giving out this link to them. Not everyone has ad blockers.

Stay safe. Hope this issue of this thread is resolved =D

OK I have some further information on this now

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the “Scan” button to start scan

http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

http://public.avast.com/~gmerek/aswMBR2.png

Attached new log.

As for MBRFix i think i might need to set an environment variable as changing the path to C:\ it won’t recognize the command as its not found but it does exist. I’m not really sure how to do it though.

Lets try this first and keep our fingers crossed as I have had two successes with this so far

Re-Run aswMBR

Click Scan

On completion of the scan

Click the FIXMBR Button

http://public.avast.com/~gmerek/aswMBR4.png

Reboot and run a fresh aswMBR scan
Save the log as before and post in your next reply

new log attached

OK could you let me know what problems you have at the moment

Interesting question heh. I will need to use it for a bit to make sure everything is good but it seems to be fine now. Even the TDSSKiller program starts up now. Can you tell me what was wrong before? and what fix actually made everything work?

The only other problem i see at the moment is avast antivirus usually loaded in my system tray (bottom right corner) everytime windows boots and now it doesn’t. When i double click on it on the desktop it will appear in my system tray. Once in system tray i right click start bar and select properties and click customize and change behaviour to always show. Then i restart computer and it does not show in system tray. so 2 questions: 1. how do i make it show in my system tray everytime computer starts without manually opening it everytime 2. since its not in system tray is it still running all the proper shields?

I would recommend a repair of Avast. This appears to be a new variant of the TDL family and the FixMBR got rid of it. At the moment we are having patchy results with the various tools at our disposal, mayhap they have not yet finalised the malware

by repair avast do you mean uninstall and reinstall?

Edit: NVM seems like there is repair option in add/remove

Thanks a lot for all your help!!!

Once you are happy let me know and I will remove my bits and bobs

Everything seems to be working good. Thanks

Subject to no further problems :slight_smile:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Uninstall ComboFix

Remove Combofix now that we’re done with it.

[*]Please press the Windows Key and R on your keyboard. This will bring up the Run… command.[*]Now copy/paste this: ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /Uninstall, it needs to be there.
[indent]
http://i275.photobucket.com/albums/jj285/Bleeping/Combofix/CFuninstall.gif
[/indent][]Please follow the prompts to uninstall Combofix.[]This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.[*]You will then recieve a message saying Combofix was uninstalled successfully once it’s done uninstalling itself.

Run OTS and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

[*]Click Start.
[*]Open My Computer.
[*]Select the Tools menu and click Folder Options.
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[
]Click OK.

http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

[] Go to this site and click Do I have Java
[
] It will check your current version and then offer to update to the latest version

SPRING CLEAN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check

http://i1224.photobucket.com/albums/ee362/Essexboy3/Puran-1.gif

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit
[*]Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :wave: