Need your help in the fight against this infection!

Hi guys! This infection does not see any one antivirus!
I was advised to use the utilities from your site http://www.gmer.net/#files it comes to utilities GMER and aswMBR.exe I could not find this forum dedicated to these tools because written here =)

Although, in principle, I must tell you that utilities GMER and aswMBR first also did not show, but when I gave them into the hands of “microscope” of your utilities GMER and aswMBR saw many strange things on this board need your antivirus experts =)
Oh yeah I almost forgot as a “microscope” acted latest driver SPTD for Windows. Here the link to the website of the manufacturer’s drivers http://www.duplexsecure.com/en/downloads
I decided to throw these drivers on virustotal to check after check is nothing strange in them has not been found, so we can assume these drivers friendly and helpful here is the link to the report: https://www.virustotal.com/en/file/25c38106a47aa07e7cf0db0770ba450316833531bd069c31c65a5237532f673c/analysis/1428576912/
After installing this driver, your utilities are no longer blind received sight, and as the saying goes, and many countries have issued information!

Yellow in the screenshot displays the files Antivirus ESET (probably have to say goodbye to him and go to your Avast!) but displayed in red, this is the plague that without SPTD driver can not see your utility and produce white!
Help to remove this stuff!

Let’s see if we can find something:
https://forum.avast.com/index.php?topic=53253.0

GMER is not from avast.

What makes you believe those drivers are malicious ?

GMER is not from avast.
Przemysław Gmerek works for avast https://blog.avast.com/2009/07/17/avast%E2%80%99s-top-5-hidden-gems/ and i think he made aswMBR also ... that contain GMER scanner and so does avast avast perform a rootkit scan 8min after boot
4. Strong antirootkit shield. Starting with version 4.8, avast has a built-in antirootkit scanner. It is based on GMER, one of the most respected specialized antirootkit applications available[b] (in fact, the guy who created the original GMER now works for us)[/b]. We’re constantly improving the internals of this component so that it’s able to detect and remove even the latest threats, including e.g. the infamous MBR rootkit.

GMER http://www.gmer.net/

https://www.virustotal.com/en/file/25c38106a47aa07e7cf0db0770ba450316833531bd069c31c65a5237532f673c/analysis/

First submission 2015-02-03 19:52:53 UTC ( 2 months ago )

CopyrightCopyright (C) 2004-2014 Publisher Disc Soft Ltd Product SCSI Pass Through Direct Original name sptdinst.exe Internal name sptdinst.exe File version 1.87.0.0 built by: WinDDK Description SCSI Pass Through Direct setup [b]Signature verification [/b] Signed file, verified signature Signing date 3:52 PM 12/11/2014 Signers [+] Disc Soft Ltd [+] GlobalSign CodeSigning CA - G2 [+] GlobalSign Counter signers [+] GlobalSign TSA for MS Authenticode - G1 [+] GlobalSign Timestamping CA - G2 [+] GlobalSign

Hi Eddy!
When I wrote my request for help in the wrong section please move it where you need it, I just did not find the section dedicated to the buyout utilities I have used!
You probably missed something, and do not know what GMER is now a division of Avast =)

I think so, and my English is very bad and you do not understand me or you just do not want to understand me =) Look at the log files, the driver is your utilities have seen a lot!
I think this infection is based on Windows PE, it is what that miner or something what it eats my computer resource and constantly transmits it somewhere in the Internet!

Hi Pondus!
Thank you that you have confirmed my words, and proved once again that Przemysław Gmerek works for avast!
Przemysław Gmerek certainly tough guy and well-known personality in the antivirus world, but not what I wanted to talk here! :wink:

I NEED YOUR ASSISTANCE AND INSTRUCTIONS HOW TO REMOVE THIS INFECTIONS!
This is clearly something new, any anti-viruses sees nothing ONLY YOUR UTILITIES saw this infection, again thanks to this driver they sight!

I NEED YOUR ASSISTANCE AND INSTRUCTIONS HOW TO REMOVE THIS INFECTIONS!
for help follow instructions https://forum.avast.com/index.php?topic=53253.0 attach [b]Malwarebytes[/b] and [b]Farbar Recovery Scan Tool[/b] logs

SPTD drivers are highlighted because of their behaviour in running interrupts during boot

Download, install, removed a tick “Enable free trial of Malwarebytes Anti-Malware Premium”, launched, update the database, and the result NOTHING FOUND, see screenshot!
P.S. utility Malwarebytes Anti-Rootkit (MBAR) just did not find anything…

Now more’ll try your Farbar Recovery Scan Tool and then lay logs

HERE LOGS Farbar Recovery Scan Tool

If it is just SPTD being reported then it is not an infection. Are you having any problems

Hi essexboy!
I’m not saying that SPTD is an infection, especially virustotal says that nothing in it is not a bad

https://www.virustotal.com/en/file/25c38106a47aa07e7cf0db0770ba450316833531bd069c31c65a5237532f673c/analysis/1428576912/ ! With this driver SPTD your utilities GMER and aswMBR see then what have not seen before! I am grateful to the contrary that driver SPTD, because with it you can see what you could not see before!

Essexboy you know there is such a program for hard drives as Victoria ?! So she told me long ago showed an unknown device on the loop ide, I thought this is what is a bug and that it is displayed as DVD, and it turns out to be some sort of infection attached to the DVD, you GMER logs and aswMBR log read at all ?! Nothing strange not see ?!

And yet noticed the following, the program Parkdale.v2.95 gives a strange information look the screen if DVD disc is inserted into the drive (see screen 1), if you get it from the drive to see what can be seen (see screen 2) out that this infection has a weight of 650 MB o_O ?!
In short guys I do not know what it is, what that might miner or something else, but this infection eats my computer resource and constantly somewhere that it sends! I just want to get rid of this, tell me how to get it and give it to you for review!

Is this the programme http://hddguru.com/software/2005.10.03-Victoria/

Yes it is! I used it to remove all the information to do a complete wipe out the hard drive! I thought it will delete everything completely. together with the virus, but it was not there, as is now evident from the logs of this infection is sitting somewhere in RAM! Or video RAM! Or whether it is stored in a part of the buyout hard drive is not visible to the user a simple, my hands there has not got =)

I’ve tried a lot of things, there is still such a program HDD LLF Low Level Format Tool but even she does not remove this infection! And then there was progress installed the driver SPTD for Windows and your utilities began to see that something did not notice!

Download and run defogger from here http://www.bleepingcomputer.com/download/defogger/

On completion try AswMBR again

OK! But I see that Defogger does not support Windows 8, or it is not scary ?!

OK! But I look at this Defogger no support for Windows 8, but I think it is not critical =) It is a pity that ComboFix not support Windows 8…
It seems like now, after Defogger scanned system! In short AswMBR now does not display these red lines =)

But in the log Defogger writes this:

Checking for services/drivers…
SPTD → Already disabled

that just goes Defogger disabled driver SPTD for Windows that is, it turns out that the same thing I did not install this driver at all, and if it now again set then perhaps everything will be on the new show ?!

As I said, your Defogger just superfluous disables the driver SPTD for Windows, and if you install it on a new red line is still there = (

Download the latest version of TDSSKiller from here and save it to your Desktop.

[*]Doubleclick on TDSSKiller.exe to run the application

https://dl.dropbox.com/u/73555776/tdss%20start.JPG

[*]Then click on Change parameters.

https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG

[*]Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.

[*]Click the Start Scan button.

[*]If a suspicious object is detected, the default action will be Skip, click on Continue.

https://dl.dropbox.com/u/73555776/tdss%20threat.JPG

[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

[*]Get the report by selecting Reports

https://dl.dropbox.com/u/73555776/tdss%20report.JPG

[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

essexboy, This Russian utility just did not find anything, I ran it again today and avail of any … With this software I have long been acquainted, some people call this software and viruses Russian origin =)
It turns out that the driver SPTD for Windows was able to open eyes only for your utilities GMER and aswMBR , and all other utilities are blind as before :slight_smile:

That is why I wrote to you here, because GMER and aswMBR this utility to your production, and therefore in the laboratory Avast is different from all the other produces the best software =)
In general contagion saw logs have left to figure out how to bring it, and give you the expertise and then completely kill)))