Infected post installation of Spanish KB4012598 and Avast Update

As of May 15 I performed the following:

Installed Spanish KB4012598 as protection for Wannacrypto.
Installed No-Script add-on for Firefox and at some point while browsing, No-Script registered and asked me to forward information on a hijack attempt it had blocked.
Updated AVAST

My computer has become very slow; Firefox became near to impossible to open; AVAST GUI wasn’t loading properly and it constanttly shut off 1 of “x” number of protections.

Ran MiniToolBox; TDSSKiller; AdwCleaner; Junkware Removal Tool; and attempted to run ESET Online Scanner which I couldn’t because I had Avast installed, but Avast wasn’t working properly, so I “repaired” Avast, but it showed a conflict with Microsoft Security Essentials, which I can’t seem to find, not even using REVO Uninstaller. AVAST GUI continued to fail so I finally removed AVAST and scanned with ESET and Malwarebytes.

Malwarebytes didn’t find anything wrong but, ESET did:
“CDburner XPsetup_4.5.7.6623.exe a variant of Win32/FusionCore.L potentially unwanted application cleaned by deleting”.

However, now I can’t install anything else nor create a restore point, because my Hard Drive shows as being full, which is impossible having recently backedup and removed files from HD.

Malwarebytes, which I still have installed, doesn’t allow me to select realtime protection.

Please help.

WINXP HOME EDITION SP3 user.

Hi msl_mia,

You might not have an active malware infection. That could be good news.

Check for this issue: http://techlogon.com/2011/03/28/how-to-fix-hard-drive-stuck-in-pio-mode/

Symptoms you are describing seem to fit. Reboot after resetting your hard drive. If PIO fix does not apply then you may have a failing hard drive. Hope not but if you do, back up all personal files now.

Hi Spartan Warrior!

Attached pease find initial files requested for review after running Malwarebytes and Farber.

Meanwhile will follow up on your suggestion. I too hope that it is not the HD.

Thanks.

As the weekend is ending where you are but is still in force elsewhere, it will be a bit before a trained malware expert can assist you.

Please be patient, an expert has been notified.

Back up your personal files.

mchain,

I followed up on your suggestion on checking PIO mode and none were set as such. Results were the following:

My Primary IDE Channel

Device 0
Device Type= Autodetection
Transfer Mode= DMA if available
Current Transfer Mode=Ultra DMA Mode 5

Device 1
Device Type= NONE
Transfer Mode= DMA if available
Current Transfer Mode= not available.

My Secondary IDE Channel
Device 0
Device Type= Autodetection
Transfer Mode= DMA if available
Current Transfer Mode=Ultra DMA Mode 2

Device 1
Device Type= Autodetection
Transfer Mode= DMA if available
Current Transfer Mode=Ultra DMA Mode 2

Now you’ve to wait a bit.

https://sites.google.com/site/cannedfixes/farbar-recovery-scan-tool/FRST.gif
Fix with Farbar Recovery Scan Tool

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[b] This fix was created for this user for use on that particular machine.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif

https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
Running it on another one may cause damage and render the system unstable.
https://sites.google.com/site/cannedfixes/home/hosted-images-formatting/icon_exclaim.gif
[/b]
Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

How is your system now?

MSE need to be removed completely.
http://www.ache.nl/#m

Are you referring to my original FRST file I posted?

What is it you don’t understand?

Attached please find file.

I checked my hard drive and it still shows as almost full.
As I waited for a response I had gone ahead and stopped a process related to IDriveT.exe, which I’m not sure is responsible for opening up a 5.9G on my hardrive but, there it was. I was then able to defragment my HD. I don’t however, have any restore points even after running FIX on FRST.

I’m so grateful you are looking into my case.

Please disregard. Thankfully FRST pulls everything on its own as long as I “place in the same location”.
All done and posted.

I followed instructions on link provided and I downloaded MicrosoftFixit50692 which is file to use to remove MSE but, I get a system message stating that can not access Windows Installer. This can occur if executing in Safemode or if Windows Installer is not correctyly installed…".

My Volume control keeps on disappearing from my taskbar everytime I start up and my icons get shifted around back to original setting, and when I play a video I am unable to modify volume.
Also, when I bring up system restore, all I see is a blank screen.
My computer does seem to be running smoother, as far as speed is concerned but, it does seem that everytime I take a look there is something not quite right.

Thanks.

Backup your data and perform a clean installation of the OS (and updates).

That bad, huh?

Just one last comment, in case it serves a purpose.

I did find my restore points in my Glary Utilities under the option to undo changes. See attached image file. Though, I’m not sure they work.

Should I still follow through with clean installation of the OS?
Once that’s done will I be in the clear?

Thanks.

Looking at the problems you are having, I would say go for the clean install.
It won’t hurt to have a nice and clean system again without crap etc that runs in the best (fastest) way possible :wink:

Plus, you’ll have also backed up all personal files you want to save, right?

Your OS (WinXP SP3) is damaged. The best and most reliable way to repair the system is to make a clean install of the OS. You can also try a Windows Repair All In One (http://www.tweaking.com/content/page/windows_repair_all_in_one.html). I have instructions on using this utility if you want to but a reinstall would be the fastest way to a reliable system.

I’d appreciate the instructions for the Windows Repair all in one, since I’ve never performed a Clean Install and I’m not quite sure which of the following 2 options available is the correct one:
1.- HP destroy Restore, which entails formatting the HD. (Where would I get all the updates for all the software for XP versions?)
2.- HP Applications Restore.

Thanks.