Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Notebook infected with System Tool and other malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Notebook infected with System Tool and other malware

Unread postby trestinc » April 11th, 2011, 3:05 pm

Over here it is 3:02 PM.
According to google, we actually have a 12 hour gap. Either way, there's a small time frame when we're both awake at the same time. :(
trestinc
Regular Member
 
Posts: 67
Joined: March 31st, 2011, 7:04 pm
Advertisement
Register to Remove

Re: Notebook infected with System Tool and other malware

Unread postby xixo_12 » April 11th, 2011, 6:31 pm

Hi,
Let's proceed.
I hope it could work.

First,
Recovery Console.
Please let the computer start.
  • Press any key to make sure you still remain at the same screen and choose recovery consoles.
    Image
  • When prompted, type the required information and press enter. Leave the line until C:\WINDOWS> appear.
    Image
  • Please type fixmbr and press enter.
  • Please type chkdsk /R and press enter.
  • Please type fixboot and press enter.
  • Then at the next prompt type in Exit and hit enter.
  • Windows should continue to load as normal.

What you need to post
Checklist.
  • Please let me know the outcome
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Notebook infected with System Tool and other malware

Unread postby trestinc » April 11th, 2011, 6:39 pm

Ok I entered ino Recovery Console.

1. Typed 1. for C:\windows

2. then typed fixmbr

Should I see this and should I proceed?

**CAUTION **
This computer appears to have a non-standard or invalid master boot record.

FIXMBR may damage your partition tables if you proceed.

This could cause all the partitions on the current hard disk to become inacccessible.

IF you are not having problems accessing your drive do not continue.

Are you sure you want to write a new MBR?
trestinc
Regular Member
 
Posts: 67
Joined: March 31st, 2011, 7:04 pm

Re: Notebook infected with System Tool and other malware

Unread postby xixo_12 » April 11th, 2011, 6:43 pm

proceed..

we take a risk now. Nothing we can do in this stage.
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Notebook infected with System Tool and other malware

Unread postby trestinc » April 11th, 2011, 6:47 pm

Ok, what do I type to say yes to this?
trestinc
Regular Member
 
Posts: 67
Joined: March 31st, 2011, 7:04 pm

Re: Notebook infected with System Tool and other malware

Unread postby xixo_12 » April 11th, 2011, 6:52 pm

Type Y and press enter
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Notebook infected with System Tool and other malware

Unread postby trestinc » April 11th, 2011, 6:59 pm

I tried both "y" and "Y" and it still asks me "Are you sure you want to write anew MBR?"

I have also tried "" ENTER, and every other key on the keyboard...

Ctrl + Alt + del does nothing, it no longer brings me back to the choose OS screen.

ESC does nothing



Personal rant: (can ignore)
It is extremely frustrating when nothing works. "Y" / "N" not working at this prompt is ridiculous. If it does not allow me to write a new MBR at least give me the option of saying no to this. Or better yet, don't even allow the prompt to come up. Just prompt me that my notebook can't write a new MBR for a reason.

If some malware or virus is the culprit, preventing me from writing a new MBR, that's understandable and scary. If its Windows XP with a lack of proper promting then this is ridiculous.

I really don't want to end up reformating this. I have vacation pictures and lecture notes sitting in this computer. If that is the last option, then I may have to.

You're doing a great job at sticking on this task and in no way am I frustrated at you. Its the problems this notebook is having...
trestinc
Regular Member
 
Posts: 67
Joined: March 31st, 2011, 7:04 pm

Re: Notebook infected with System Tool and other malware

Unread postby trestinc » April 11th, 2011, 8:49 pm

Ok just now i was holding the down key and I saw a bunch of text (you're limited to enter 1 character at the prompt)

I hit entered

Entered some blue screen that says something like windows has to shut down to prevent some error or something.

Anyways I eventually hit the power button after waiting some time. Start it again into recovery console.

1. Typed 1 and press enter
2. tpyed fixmbr and press enter
3. type y and press enter
4. NOW IT DOES SOMETHING !!!!! :D :D :D

it says: "The new master boot record has been successfully writte."

Now proceeding to the next step.. (chkdsk / R)

Ok scan just completed it says:

Volume creatd 08/09/08 02:28p
The volume Serial Number is ec3c-9b0e
CHKDSK is checking thte volume...
CHKDSK is performing additional checking or recovery...
CHKDSK is performing additional checking or recovery...
CHKDSK is performing additional checking or recovery...
CHKDSK found and fixed one or more errors on the volume.
83875332 killobytes total disk space.
23620736 kilobytes are available.

4096 byes in each allocation unit
20968833 total allocation units on disk.
5905184 allocation units available on disk.
Last edited by trestinc on April 11th, 2011, 9:50 pm, edited 1 time in total.
trestinc
Regular Member
 
Posts: 67
Joined: March 31st, 2011, 7:04 pm

Re: Notebook infected with System Tool and other malware

Unread postby xixo_12 » April 11th, 2011, 8:54 pm

patient is the key ;)
I know your situation right now. Precious data can't be replace with another. Let's do what ever we can to save it.

I'm day working right now. Just let me know the result. I will reply to you after my working hours.
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Notebook infected with System Tool and other malware

Unread postby trestinc » April 11th, 2011, 9:52 pm

so I typed fixboot, and it says "The target partition is C:, Are you sure you want to write a new bootsector to the partition C:?"

Yes to this rigth?
trestinc
Regular Member
 
Posts: 67
Joined: March 31st, 2011, 7:04 pm

Re: Notebook infected with System Tool and other malware

Unread postby xixo_12 » April 11th, 2011, 9:54 pm

Yes ;)
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Notebook infected with System Tool and other malware

Unread postby trestinc » April 11th, 2011, 9:59 pm

Ok so I just fixboot'ed and am back at the OS screen, gonna try logging into windows xp normal mode.
trestinc
Regular Member
 
Posts: 67
Joined: March 31st, 2011, 7:04 pm

Re: Notebook infected with System Tool and other malware

Unread postby trestinc » April 11th, 2011, 10:10 pm

Ok so I was greeted by Antimalware doctor at the desktop.

just not I got another pop up. "Firewall file transfer detected" , "Antimalware Docotr has detected that somebody is trying to transfer your private data via internet. We strongly recommend you to block attack immediately."
trestinc
Regular Member
 
Posts: 67
Joined: March 31st, 2011, 7:04 pm

Re: Notebook infected with System Tool and other malware

Unread postby trestinc » April 11th, 2011, 10:50 pm

So I guess I should run the DSS scan?
trestinc
Regular Member
 
Posts: 67
Joined: March 31st, 2011, 7:04 pm

Re: Notebook infected with System Tool and other malware

Unread postby trestinc » April 11th, 2011, 11:28 pm

DDS Scan

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Work at 23:25:11.21 on 11/04/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.1015.582 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Prey\platform\windows\cronsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\igfxext.exe
C:\Documents and Settings\Work\Application Data\E50896F890922196E4A03534DE119750\k70ccreloc.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Documents and Settings\Work\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://eeepc.asus.com/global
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Kpabocifalut] rundll32.exe "c:\windows\Wsprvp.dll",Startup
uRun: [k70ccreloc.exe] c:\documents and settings\work\application data\e50896f890922196e4a03534de119750\k70ccreloc.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Smipil] rundll32.exe "c:\windows\ororiyijikere.dll",Startup
mRunOnce: [*upd_debug.exe] "c:\documents and settings\work\application data\e50896f890922196e4a03534de119750\upd_debug.exe"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\work\startm~1\programs\startup\antima~1.lnk - c:\documents and settings\work\application data\e50896f890922196e4a03534de119750\k70ccreloc.exe
StartupFolder: c:\docume~1\work\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://fpdownload.macromedia.com/get/sh ... wswaxd.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {531BF312-1783-41CA-9C4F-B7F769AD89B3} = 202.96.128.86,202.96.134.133
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\work\applic~1\mozilla\firefox\profiles\7y7nndfk.default\
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.51204.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npWebLaunch.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2010-9-29 18432]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-24 54752]
S0 3078356788;3078356788;c:\windows\system32\drivers\3078356788.sys --> c:\windows\system32\drivers\3078356788.sys [?]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-3-30 247760]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\manycam.sys --> c:\windows\system32\drivers\ManyCam.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2009-10-16 17408]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys --> c:\windows\system32\drivers\RT2860.sys [?]
.
=============== Created Last 30 ================
.
2011-04-11 20:53:02 -------- d-sh--w- C:\found.001
2011-04-05 16:35:20 -------- d-----w- c:\docume~1\work\locals~1\applic~1\{A446C86B-722B-4179-93C0-9D304DA5BC8C}
2011-04-05 16:33:47 -------- d-----w- c:\docume~1\work\applic~1\E50896F890922196E4A03534DE119750
2011-04-03 22:52:26 -------- d-sha-r- C:\cmdcons
2011-04-03 22:47:56 98816 ----a-w- c:\windows\sed.exe
2011-04-03 22:47:56 89088 ----a-w- c:\windows\MBR.exe
2011-04-03 22:47:56 256512 ----a-w- c:\windows\PEV.exe
2011-04-03 22:47:56 161792 ----a-w- c:\windows\SWREG.exe
2011-04-01 00:15:51 -------- d-----w- c:\docume~1\work\applic~1\Axkoyz
2011-03-31 20:20:23 -------- d-----w- c:\docume~1\work\applic~1\Malwarebytes
2011-03-31 20:20:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-31 20:20:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-03-31 20:20:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-31 20:20:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-31 03:56:43 767952 ----a-w- c:\windows\BDTSupport.dll
2011-03-31 03:56:43 2000848 ----a-w- c:\windows\PCTBDCore.dll
2011-03-31 03:56:43 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-03-31 03:56:42 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-03-31 03:52:59 -------- d-----w- c:\program files\PC Tools Security
2011-03-31 03:51:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
.
==================== Find3M ====================
.
2011-04-12 02:00:08 0 ----a-w- c:\windows\Cyikah.bin
2008-05-07 23:34:00 15523560 ----a-w- c:\program files\Install AiGuruU1 Skype Phone.exe
.
============= FINISH: 23:26:10.54 ===============
trestinc
Regular Member
 
Posts: 67
Joined: March 31st, 2011, 7:04 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 287 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware