Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

malware help 2

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: malware help 2

Unread postby Gary R » March 10th, 2013, 3:04 am

Rename MBR.dat to MBR.txt and then try attaching it. Don't worry if you get a warning saying that the change of file type may make the file unreadable, I'll be able to read it OK.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Re: malware help 2

Unread postby geniusless » March 10th, 2013, 3:07 am

MBR.dat
You do not have the required permissions to view the files attached to this post.
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm

Re: malware help 2

Unread postby Gary R » March 10th, 2013, 5:16 am

Nothing of any concern in either of those logs, have you run the GMER scan yet, if you have please post me the log. If not, please run the scan as instructed in my last post, then please post me the log.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: malware help 2

Unread postby geniusless » March 10th, 2013, 9:08 am

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-09 22:45:12
-----------------------------
22:45:12.625 OS Version: Windows 5.1.2600 Service Pack 3
22:45:12.625 Number of processors: 2 586 0x2302
22:45:12.625 ComputerName: JASON UserName:
22:45:13.171 Initialize success
22:45:34.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000007f
22:45:34.390 Disk 0 Vendor: NVIDIA__ Size: 152638MB BusType: 1
22:45:34.406 Disk 0 MBR read successfully
22:45:34.406 Disk 0 MBR scan
22:45:34.406 Disk 0 Windows XP default MBR code
22:45:34.406 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
22:45:34.406 Disk 0 scanning sectors +312576705
22:45:34.453 Disk 0 scanning C:\WINDOWS\system32\drivers
22:45:42.453 Service scanning
22:45:55.578 Modules scanning
22:46:01.781 Disk 0 trace - called modules:
22:46:01.796 ntkrnlpa.exe CLASSPNP.SYS disk.sys nvraid.sys hal.dll ACPI.sys nvatabus.sys
22:46:01.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aaeeab8]
22:46:01.796 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000007f[0x8ab3b690]
22:46:02.296 5 nvraid.sys[b7f1097c] -> nt!IofCallDriver -> \Device\0000007d[0x8ab6da38]
22:46:02.296 7 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\0000007b[0x8aaf8030]
22:46:02.296 Scan finished successfully
22:48:35.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\jason seymer\Desktop\here we go\MBR.dat"
22:48:35.375 The log file has been saved successfully to "C:\Documents and Settings\jason seymer\Desktop\here we go\aswMBR.txt"
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm

Re: malware help 2

Unread postby Gary R » March 10th, 2013, 9:25 am

That's the aswMBR log again, I need the GMER log ....

Download GMER to your Desktop. (It will have a randomly generated name, for example .... wjkl3ecz.exe)

  • Disconnect from the Internet, and close all running programmes.
  • There is a small chance this programme may crash your computer, so save any work you have open.
  • Double click on the randomly named GMER file (eg .... wjkl3ecz.exe) to launch GMER.
  • Let the gmer.sys driver load if asked.
  • If it gives you a warning at programme start about rootkit activity and asks if you want to run a scan ..... click OK.
  • If no warning:
    • Click Rootkit tab.
    • Ensure that All the boxes to the right of the program are checked except Show All.
    • Click Scan.
  • Do not use your computer while the scan is running.
  • Once scan is finished click Copy.
    • Click Start > Run then type Notepad.exe then click OK.
    • This will open a Notepad file.
    • Hit Ctrl+V to paste log into it.
    • Save the log to your Desktop.
  • Reconnect to internet and post the log please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: malware help 2

Unread postby geniusless » March 10th, 2013, 3:32 pm

Silly me...

GMER 2.1.19155 - http://www.gmer.net
Rootkit scan 2013-03-10 12:30:08
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\0000007f NVIDIA__ rev. 149.06GB
Running: isic2gz0.exe; Driver: C:\DOCUME~1\JASONS~1\LOCALS~1\Temp\axtdypog.sys


---- Kernel code sections - GMER 2.1 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6BE43C0, 0x7076DA, 0xE8000020]

---- Devices - GMER 2.1 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys

---- EOF - GMER 2.1 ----
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm

Re: malware help 2

Unread postby Gary R » March 11th, 2013, 2:37 am

Nothing of concern in your GMER log, however, after your PM to me, I'd like you to do the following please ....

Please download SystemLook from the link below and save it to your Desktop.

For 32 bit Systems

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
Code: Select all
:Reg
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services /s

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. It will be a large logfile, so please attach this log to your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: malware help 2

Unread postby geniusless » March 11th, 2013, 2:47 am

too big to attach.
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm

Re: malware help 2

Unread postby geniusless » March 11th, 2013, 3:03 am

k.
You do not have the required permissions to view the files attached to this post.
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm

Re: malware help 2

Unread postby Gary R » March 11th, 2013, 5:58 am

OK, I can see what your problem is, but I can't see what is causing it.

Example ....

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btnetfilter]
"Type"= 0x0000000020 (32)
"Start"= 0x0000000004 (4)
"ErrorControl"= 0x0000000000 (0)
"ImagePath"="%SystemRoot%\system32\svchost.exe -k netsvcs"
"DisplayName"="A88xEnc"
"ObjectName"="LocalSystem"
"Description"="New service would allow parents to control their children's online activity."



We could write a script to remove the various services, but to be honest there's so many of them, and it's just not possible to know exactly how else they all may be tied into your system. There's a good chance that we'd cause system instability if we just "yank them out".

My advice would be to back up your personal files and folders, then reformat your computer and re-install Windows.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: malware help 2

Unread postby geniusless » March 11th, 2013, 12:06 pm

I was afraid of that, I've managed to yank several infections from that old desktop. This one is to be to indepth... What would you suggest for backups, safest way, don't want to start fresh with this monkey on my back.
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm

Re: malware help 2

Unread postby Gary R » March 11th, 2013, 12:40 pm

Anything that is not an executable file is generally safe to back up, so pictures, videos, music, and text files are usually pretty safe, as are bookmark/favorites lists, address books and stuff like that.

What make of computer do you have ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: malware help 2

Unread postby geniusless » March 11th, 2013, 12:50 pm

I built this thing back in 2004 originally, MSI/AMD,it's an old 939 socket lol. But when clean she's still clocked pretty good. I noticed in a lot folders (including photos/music) there are "desktop.ini's" since the onset of this problem. Do I need to insure these stay out?
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm

Re: malware help 2

Unread postby Gary R » March 11th, 2013, 1:54 pm

The desktop ini's are not likely to be targets for infection whether you need to back them up or not is up to you.

Since your machine is "home brewed", you'll have installed XP from a Windows installation disk, in which case the information on this page ... viewtopic.php?p=613842#p613842 ... may be of some help.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: malware help 2

Unread postby geniusless » March 11th, 2013, 3:20 pm

I have to say thanks for all your help, even if we didn't concur it. I think my next plan of action is to add two more sticks of RAM and get windows 7 64-bit (lol yes i game on 32-bit, sadly)... We can close her down :/
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 43 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware