Backdoor virus?

View previous topic View next topic Go down

Re: Backdoor virus?

Post by Belahzur on Sun May 15, 2011 3:17 pm

Please download aswMBR from [You must be registered and logged in to see this link.]

  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below



Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are [You must be registered and logged in to see this link.]

  • Once the scan finishes click Save log to save the log to your Desktop


  • Copy and paste the contents of aswMBR.txt back here for review


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Marc0c on Sun May 15, 2011 8:44 pm

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-15 16:42:18
-----------------------------
16:42:18.406 OS Version: Windows 5.1.2600 Service Pack 3
16:42:18.406 Number of processors: 2 586 0x407
16:42:18.406 ComputerName: OWNER-1DGH5EX7D UserName: Owner
16:42:20.734 Initialize success
16:42:40.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\rr172x1Port1Path0Target0Lun0
16:42:40.968 Disk 0 Vendor: HPT_____ 4.00 Size: 609398MB BusType: 1
16:42:40.968 Device \Driver\rr172x -> DriverStartIo 8a6b233b
16:42:42.968 Disk 0 MBR read successfully
16:42:42.968 Disk 0 MBR scan
16:42:42.968 Disk 0 TDL4@MBR code has been found
16:42:42.968 Disk 0 Windows XP default MBR code found via API
16:42:42.968 Disk 0 MBR hidden
16:42:42.968 Disk 0 MBR [TDL4] **ROOTKIT**
16:42:42.968 Disk 0 trace - called modules:
16:42:42.968 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a6b24f0]<<
16:42:42.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aff3ab8]
16:42:42.968 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> [0x8a66d218]
16:42:42.968 \Driver\rr172x[0x8b040250] -> IRP_MJ_CREATE -> 0x8a6b24f0
16:42:42.968 Scan finished successfully
16:43:12.781 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
16:43:12.796 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"



Marc0c
Novice
Novice

Posts Posts : 25
Joined Joined : 2011-05-06
Gender Gender : Male
OS OS : XP Home
Points Points : 20761
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Belahzur on Sun May 15, 2011 9:19 pm

Hello.
Stick with me on this, I put a call out to the other forum experts as this is a new variant.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Marc0c on Sun May 15, 2011 10:59 pm

Do you think it's going to take much longer to fix? It's already been 10 days and I'm starting to think I should just reinstall my OS and start over...

Marc0c
Novice
Novice

Posts Posts : 25
Joined Joined : 2011-05-06
Gender Gender : Male
OS OS : XP Home
Points Points : 20761
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Belahzur on Mon May 16, 2011 11:10 am

Well formatting is upto you, but I'd rather go at this till we find something to kill it, as I said this is a new variant of a rootkit so the developers don't know of this yet.

Re-run [You must be registered and logged in to see this link.]
  • Click [Scan]
  • On completion of the scan
  • Click the [Fix] for TDL4 (MBRoot):



Once you are done with that, please do the following:

Please download TDSSKiller from [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Marc0c on Mon May 16, 2011 2:34 pm

2011/05/16 10:32:00.0890 3544 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/16 10:32:00.0906 3544 ================================================================================
2011/05/16 10:32:00.0906 3544 SystemInfo:
2011/05/16 10:32:00.0906 3544
2011/05/16 10:32:00.0906 3544 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/16 10:32:00.0906 3544 Product type: Workstation
2011/05/16 10:32:00.0906 3544 ComputerName: OWNER-1DGH5EX7D
2011/05/16 10:32:00.0906 3544 UserName: Owner
2011/05/16 10:32:00.0906 3544 Windows directory: C:\WINDOWS
2011/05/16 10:32:00.0906 3544 System windows directory: C:\WINDOWS
2011/05/16 10:32:00.0906 3544 Processor architecture: Intel x86
2011/05/16 10:32:00.0906 3544 Number of processors: 2
2011/05/16 10:32:00.0906 3544 Page size: 0x1000
2011/05/16 10:32:00.0906 3544 Boot type: Normal boot
2011/05/16 10:32:00.0906 3544 ================================================================================
2011/05/16 10:32:01.0484 3544 !crdlk
2011/05/16 10:32:01.0593 3544 Initialize success
2011/05/16 10:32:05.0859 3672 ================================================================================
2011/05/16 10:32:05.0859 3672 Scan started
2011/05/16 10:32:05.0859 3672 Mode: Manual;
2011/05/16 10:32:05.0859 3672 ================================================================================
2011/05/16 10:32:06.0281 3672 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/16 10:32:06.0406 3672 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/16 10:32:06.0562 3672 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/16 10:32:06.0625 3672 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/05/16 10:32:06.0656 3672 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/16 10:32:06.0812 3672 AnyDVD (40c279a23bd43553bfba6e88a9b38ae2) C:\WINDOWS\system32\Drivers\AnyDVD.sys
2011/05/16 10:32:06.0875 3672 AR5211 (08e03e8ab837dc9dd2737930ecd19fbc) C:\WINDOWS\system32\DRIVERS\WG311T13.sys
2011/05/16 10:32:06.0984 3672 AR5416 (00e031fe2d849be503fc4a47271f1ea5) C:\WINDOWS\system32\DRIVERS\athw.sys
2011/05/16 10:32:07.0062 3672 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/16 10:32:07.0187 3672 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/16 10:32:07.0250 3672 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/16 10:32:07.0328 3672 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/16 10:32:07.0359 3672 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/16 10:32:07.0421 3672 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/16 10:32:07.0531 3672 BHDrvx86 (76154fa6a742c613b44bb636b1a7c057) C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys
2011/05/16 10:32:07.0703 3672 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/16 10:32:07.0765 3672 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/16 10:32:07.0828 3672 ccHP (8973ff34b83572d867b5b928905ad5ac) C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys
2011/05/16 10:32:07.0859 3672 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/16 10:32:07.0921 3672 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/16 10:32:07.0968 3672 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/16 10:32:08.0093 3672 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
2011/05/16 10:32:08.0171 3672 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/16 10:32:08.0234 3672 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
2011/05/16 10:32:08.0281 3672 DLABOIOM (d4587063acea776699251e177d719586) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/05/16 10:32:08.0296 3672 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/05/16 10:32:08.0359 3672 DLADResM (c950c2e7b9ed1a4fc4a2ac7ec044f1d6) C:\WINDOWS\system32\DLA\DLADResM.SYS
2011/05/16 10:32:08.0390 3672 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/05/16 10:32:08.0406 3672 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/05/16 10:32:08.0421 3672 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/05/16 10:32:08.0437 3672 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2011/05/16 10:32:08.0453 3672 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/05/16 10:32:08.0468 3672 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/05/16 10:32:08.0546 3672 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/16 10:32:08.0593 3672 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/16 10:32:08.0640 3672 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/16 10:32:08.0703 3672 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/16 10:32:08.0750 3672 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/16 10:32:08.0781 3672 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/05/16 10:32:08.0843 3672 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/05/16 10:32:08.0890 3672 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/05/16 10:32:09.0046 3672 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/05/16 10:32:09.0093 3672 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/05/16 10:32:09.0125 3672 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/05/16 10:32:09.0156 3672 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/16 10:32:09.0203 3672 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/16 10:32:09.0265 3672 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/16 10:32:09.0281 3672 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/16 10:32:09.0328 3672 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/16 10:32:09.0390 3672 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/16 10:32:09.0406 3672 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/16 10:32:09.0468 3672 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/05/16 10:32:09.0531 3672 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/16 10:32:09.0593 3672 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/16 10:32:09.0656 3672 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/16 10:32:09.0734 3672 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/16 10:32:09.0812 3672 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2011/05/16 10:32:09.0953 3672 IDSxpx86 (50fa4c70534cf3b5c17ec83debe07afd) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110513.001\IDSxpx86.sys
2011/05/16 10:32:10.0000 3672 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/16 10:32:10.0109 3672 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/16 10:32:10.0218 3672 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/16 10:32:10.0250 3672 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/16 10:32:10.0296 3672 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/16 10:32:10.0343 3672 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/16 10:32:10.0359 3672 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/16 10:32:10.0390 3672 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/16 10:32:10.0437 3672 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/16 10:32:10.0500 3672 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/16 10:32:10.0546 3672 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/16 10:32:10.0593 3672 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/16 10:32:10.0625 3672 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/16 10:32:10.0734 3672 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/16 10:32:10.0750 3672 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/16 10:32:10.0781 3672 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/16 10:32:10.0859 3672 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/16 10:32:10.0890 3672 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/16 10:32:10.0968 3672 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/16 10:32:11.0015 3672 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/16 10:32:11.0046 3672 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/16 10:32:11.0078 3672 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/16 10:32:11.0140 3672 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/16 10:32:11.0187 3672 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/16 10:32:11.0265 3672 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/16 10:32:11.0312 3672 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/16 10:32:11.0390 3672 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/16 10:32:11.0453 3672 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/16 10:32:11.0656 3672 NAVENG (c34e2a884ccca8b5567d0c2752527073) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110515.002\NAVENG.SYS
2011/05/16 10:32:11.0718 3672 NAVEX15 (b3916eeec738dd4178f4fd6a44a32e36) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110515.002\NAVEX15.SYS
2011/05/16 10:32:11.0812 3672 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/16 10:32:11.0875 3672 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/16 10:32:11.0937 3672 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/16 10:32:11.0984 3672 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/16 10:32:12.0015 3672 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/16 10:32:12.0062 3672 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/16 10:32:12.0125 3672 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/16 10:32:12.0156 3672 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/16 10:32:12.0265 3672 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/16 10:32:12.0312 3672 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/16 10:32:12.0437 3672 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys
2011/05/16 10:32:12.0609 3672 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/16 10:32:12.0687 3672 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/05/16 10:32:12.0703 3672 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/16 10:32:12.0843 3672 nv (5950e6cc9fb3fabb61604d395dbc8550) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/16 10:32:13.0031 3672 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/16 10:32:13.0109 3672 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/16 10:32:13.0156 3672 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/16 10:32:13.0234 3672 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2011/05/16 10:32:13.0281 3672 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/05/16 10:32:13.0312 3672 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/16 10:32:13.0375 3672 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/16 10:32:13.0437 3672 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/16 10:32:13.0515 3672 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/16 10:32:13.0562 3672 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/16 10:32:13.0625 3672 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/05/16 10:32:13.0828 3672 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/16 10:32:13.0875 3672 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/16 10:32:13.0906 3672 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/16 10:32:13.0968 3672 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
2011/05/16 10:32:14.0031 3672 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/16 10:32:14.0093 3672 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/16 10:32:14.0218 3672 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/16 10:32:14.0265 3672 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/16 10:32:14.0296 3672 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/16 10:32:14.0312 3672 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/16 10:32:14.0343 3672 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/16 10:32:14.0375 3672 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/16 10:32:14.0421 3672 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/16 10:32:14.0468 3672 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/16 10:32:14.0546 3672 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/05/16 10:32:14.0609 3672 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/05/16 10:32:14.0671 3672 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/05/16 10:32:14.0734 3672 rr172x (a203f18d51cebdf181f6259c6bed5842) C:\WINDOWS\system32\drivers\rr172x.sys
2011/05/16 10:32:14.0843 3672 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/16 10:32:14.0890 3672 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/16 10:32:14.0937 3672 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/16 10:32:15.0015 3672 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/05/16 10:32:15.0078 3672 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/05/16 10:32:15.0156 3672 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/16 10:32:15.0250 3672 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/16 10:32:15.0281 3672 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/16 10:32:15.0375 3672 SRTSP (e81f6caeab9ad5732e94c07c97866aa2) C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS
2011/05/16 10:32:15.0406 3672 SRTSPX (e28de499d942b08058bffac69d4122b6) C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS
2011/05/16 10:32:15.0468 3672 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/16 10:32:15.0531 3672 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
2011/05/16 10:32:15.0609 3672 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/16 10:32:15.0656 3672 SWDUMon (1fd8760cfcb68178f147ea97f0a8ac45) C:\WINDOWS\system32\DRIVERS\SWDUMon.sys
2011/05/16 10:32:15.0687 3672 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/16 10:32:15.0734 3672 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/16 10:32:15.0828 3672 SymEFA (d0885f6e24259a6c65e68d6ad749910a) C:\WINDOWS\system32\drivers\N360\0308000.029\SYMEFA.SYS
2011/05/16 10:32:15.0890 3672 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/05/16 10:32:15.0953 3672 SYMFW (1e825026436c4eac3e1a11d1e9c33f2c) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS
2011/05/16 10:32:15.0968 3672 SYMIDS (7a20b7d774ef0f16cf81b898bfeca772) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS
2011/05/16 10:32:16.0015 3672 SymIM (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2011/05/16 10:32:16.0031 3672 SymIMMP (c6db9f873b09c63f5cb1de10c08bf6f9) C:\WINDOWS\system32\DRIVERS\SymIM.sys
2011/05/16 10:32:16.0046 3672 SYMNDIS (5ab7d00ea6b7a6fcd5067c632ec6f039) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS
2011/05/16 10:32:16.0093 3672 SYMTDI (e4fa8bbb96e314e9508865de1a767538) C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS
2011/05/16 10:32:16.0156 3672 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/16 10:32:16.0218 3672 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/16 10:32:16.0265 3672 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/16 10:32:16.0296 3672 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/16 10:32:16.0343 3672 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/16 10:32:16.0437 3672 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/16 10:32:16.0531 3672 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/16 10:32:16.0609 3672 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/16 10:32:16.0671 3672 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/16 10:32:16.0703 3672 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/16 10:32:16.0734 3672 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/16 10:32:16.0796 3672 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/16 10:32:16.0859 3672 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/16 10:32:16.0875 3672 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/16 10:32:16.0921 3672 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\WINDOWS\system32\DRIVERS\VClone.sys
2011/05/16 10:32:16.0984 3672 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/16 10:32:17.0062 3672 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/16 10:32:17.0140 3672 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/16 10:32:17.0218 3672 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/05/16 10:32:17.0250 3672 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/16 10:32:17.0375 3672 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/05/16 10:32:17.0468 3672 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/16 10:32:17.0515 3672 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/16 10:32:17.0593 3672 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
2011/05/16 10:32:18.0296 3672 ================================================================================
2011/05/16 10:32:18.0296 3672 Scan finished
2011/05/16 10:32:18.0296 3672 ================================================================================
2011/05/16 10:33:29.0765 3300 Deinitialize success

Marc0c
Novice
Novice

Posts Posts : 25
Joined Joined : 2011-05-06
Gender Gender : Male
OS OS : XP Home
Points Points : 20761
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Marc0c on Mon May 16, 2011 2:40 pm

Here's my desktop:
[You must be registered and logged in to see this link.]

Should I delete xxx.exe?

Marc0c
Novice
Novice

Posts Posts : 25
Joined Joined : 2011-05-06
Gender Gender : Male
OS OS : XP Home
Points Points : 20761
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Belahzur on Mon May 16, 2011 2:43 pm

Did you get any fix log from aswmbr?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Marc0c on Mon May 16, 2011 3:27 pm

No fix log, but it had me restart my computer. I ran aswMBR again right now and it gave me the following log:

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-15 16:42:18
-----------------------------
16:42:18.406 OS Version: Windows 5.1.2600 Service Pack 3
16:42:18.406 Number of processors: 2 586 0x407
16:42:18.406 ComputerName: OWNER-1DGH5EX7D UserName: Owner
16:42:20.734 Initialize success
16:42:40.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\rr172x1Port1Path0Target0Lun0
16:42:40.968 Disk 0 Vendor: HPT_____ 4.00 Size: 609398MB BusType: 1
16:42:40.968 Device \Driver\rr172x -> DriverStartIo 8a6b233b
16:42:42.968 Disk 0 MBR read successfully
16:42:42.968 Disk 0 MBR scan
16:42:42.968 Disk 0 TDL4@MBR code has been found
16:42:42.968 Disk 0 Windows XP default MBR code found via API
16:42:42.968 Disk 0 MBR hidden
16:42:42.968 Disk 0 MBR [TDL4] **ROOTKIT**
16:42:42.968 Disk 0 trace - called modules:
16:42:42.968 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a6b24f0]<<
16:42:42.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aff3ab8]
16:42:42.968 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> [0x8a66d218]
16:42:42.968 \Driver\rr172x[0x8b040250] -> IRP_MJ_CREATE -> 0x8a6b24f0
16:42:42.968 Scan finished successfully
16:43:12.781 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
16:43:12.796 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-16 11:24:34
-----------------------------
11:24:34.125 OS Version: Windows 5.1.2600 Service Pack 3
11:24:34.125 Number of processors: 2 586 0x407
11:24:34.125 ComputerName: OWNER-1DGH5EX7D UserName: Owner
11:24:36.234 Initialize success
11:25:16.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\rr172x1Port1Path0Target0Lun0
11:25:16.234 Disk 0 Vendor: HPT_____ 4.00 Size: 609398MB BusType: 1
11:25:16.234 Device \Driver\rr172x -> DriverStartIo 8a6a933b
11:25:18.234 Disk 0 MBR read successfully
11:25:18.234 Disk 0 MBR scan
11:25:18.234 Disk 0 TDL4@MBR code has been found
11:25:18.234 Disk 0 Windows XP default MBR code found via API
11:25:18.234 Disk 0 MBR hidden
11:25:18.234 Disk 0 MBR [TDL4] **ROOTKIT**
11:25:18.234 Disk 0 trace - called modules:
11:25:18.234 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a6a94f0]<<
11:25:18.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af9bab8]
11:25:18.234 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> [0x8a664d38]
11:25:18.234 \Driver\rr172x[0x8b04a5b0] -> IRP_MJ_CREATE -> 0x8a6a94f0
11:25:18.234 Scan finished successfully
11:25:41.703 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
11:25:41.703 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


Looks to me like the fix didn't remove the rootkit.

Marc0c
Novice
Novice

Posts Posts : 25
Joined Joined : 2011-05-06
Gender Gender : Male
OS OS : XP Home
Points Points : 20761
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Marc0c on Wed May 18, 2011 4:15 pm

Any other suggestions?? Or should I reformat?

Marc0c
Novice
Novice

Posts Posts : 25
Joined Joined : 2011-05-06
Gender Gender : Male
OS OS : XP Home
Points Points : 20761
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Belahzur on Wed May 18, 2011 7:14 pm

Hello.
Before you do that, can you zip MBR.dat file and attach the zip? I'd like a sample of it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Marc0c on Wed May 18, 2011 7:45 pm

Here's the zip.
Thanks for your time.

Marc0c
Novice
Novice

Posts Posts : 25
Joined Joined : 2011-05-06
Gender Gender : Male
OS OS : XP Home
Points Points : 20761
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Belahzur on Wed May 18, 2011 8:03 pm

Hello.
I want to have 1 more go with Combofix.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::
    MBR::
    Reboot::
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Marc0c on Thu May 19, 2011 12:50 am

Says current date is 2011-05-18. ComboFix has expired.
Then the program disappeared.

Marc0c
Novice
Novice

Posts Posts : 25
Joined Joined : 2011-05-06
Gender Gender : Male
OS OS : XP Home
Points Points : 20761
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Marc0c on Thu May 19, 2011 2:04 am

Remember when you told me to reboot my pc and:

As it is rebooting, you will notice an extra menu, and an extra option for the Microsoft Windows Recovery Console.

Please select that option to boot the RC, Windows will boot to a text based screen and ask you to select the installation to log into, please choose the correct one, usually option 1 and press enter.

In there, type in the following commands, 1 line at a time.


fixmbr
exit



After the copy command, you may be prompted with a yes/no to confirm the copy, type in "y" to confirm it.

After that, boot back to normal mode and re-run GMER, then post the new log.


I think I've found an alternate way of doing the above. I was trying to reformat my computer and I clicked R on this screen:
[You must be registered and logged in to see this link.]

and it brought me to a Microsoft Windows Recovery Console:
[You must be registered and logged in to see this link.]

Should I enter the commands you gave me here?


Marc0c
Novice
Novice

Posts Posts : 25
Joined Joined : 2011-05-06
Gender Gender : Male
OS OS : XP Home
Points Points : 20761
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Belahzur on Thu May 19, 2011 8:42 am

Yes please.

Type in fixmbr, it will warn and prompt you, select yes (or Y), then reboot it once it's done.

After that, re-run GMER and post the new log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Marc0c on Thu May 19, 2011 7:05 pm

Didn't respond to me typing in fixmbr:

[You must be registered and logged in to see this link.]


Marc0c
Novice
Novice

Posts Posts : 25
Joined Joined : 2011-05-06
Gender Gender : Male
OS OS : XP Home
Points Points : 20761
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Backdoor virus?

Post by Belahzur on Thu May 19, 2011 7:08 pm

Okay try this, lets make it go into the Windows folder.

Where it says C:\>, type in "cd windows", it should now say C:\Windows>

Then type in fixmbr again, let me know what happens.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum