I have follow the steps to desinfect the driver that you explain in “assist in cleaning…” without success.
Avast continues to say that I have a virus: MBRoot-J in MBR physicaldrive0
I’ll send the log both from OTL and aswMBR with hope that you help me.
Regards,
Sg
do you also have the Malwarebytes quick scan log ?
this is the last one.
Hi,
Could you run another scan with aswMBR and post that log please?
only the scan?
Yes…just run the scan with aswMBR again and then post the new log that is created.
just a note…your Malwarebytes was not updated when you did the scan…there have been 5 updates released today
wow! it was a lot! :-[ here comes a new one
Hi,
Please download TDSSKiller.zip
[*]Extract it to your desktop
[*]Double click TDSSKiller.exe
[*]when the window opens, click on Change Parameters
[*]under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
[*]click OK
[*]Press Start Scan
[*]Only if Malicious objects are found then ensure Cure is selected
[*]Then click Continue > Reboot now
[*]Copy and paste the log in your next reply
[*]A copy of the log will be saved automatically to the root of the drive (typically C:)
tdsskiller
Nice…seems like the nasty ones have probably been taken care of.
Now run new scans with both aswMBR and TDSSKiller with the instructions you were provided earlier and post the new logs into your next reply.
thank you! it’s clean now
I am confirming something with a colleague before we continue. I will return as quickly as I can.
Hi,
Please download ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
Run OTL.exe
[*]Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Services
:OTL
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1528921430-770527483-349420329-1006\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1528921430-770527483-349420329-1006\..\SearchScopes,DefaultScope = {D9BDA853-4177-48FF-80A4-B2C844FA730B}
IE - HKU\S-1-5-21-1528921430-770527483-349420329-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1528921430-770527483-349420329-1006\..\SearchScopes\{D4AD862D-711F-4056-9297-C1124CA77173}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=U3&apn_dtid=OSJ000YYSE&apn_uid=955672D6-54D2-48B6-8C78-94BCEE9198B3&apn_sauid=5C907B10-AC5C-41D0-B6DF-D0CBD40E05B4
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program\Ask.com\GenericAskToolbar.dll (Ask)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
[2012-03-27 15:31:40 | 000,000,000 | ---D | C] -- C:\Program\Ask.com
[2012-03-27 15:31:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Norma\Lokala inställningar\Application Data\AskToolbar
[2012-03-27 15:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ask
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2012-03-27 16:46:02 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered. There will be a log created when it completes that I will need in your next reply. Reboot when it is done.
[*]Then run a new scan and post a new OTL log ( don’t check the boxes beside LOP Check or Purity this time )
fixed log
Great!! When you get the new OTL scan run per my instructions post that too.
otl log. hope it will bli the last one!