[Essexboy]

OK lets now see what else we can find - I am thinking MBR now having cleared all that - The attached file is ASWmbr zipped and a fresh GMER zipped in case you can not get to the sites to download them




Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it


Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply

THEN

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

[Advertisements]

Please find the attached aswMBR log. I never actioned any of the red highlighted items, please let me know if I should.

Sorry I can't post a GMER log, unfortunately for some reason every time I run the scan and leave it be, the amount of memory it uses shoots right up over the duration of the scan. So I'm unable to even hit "Copy" and open up notepad. So strange.

Attached Files

•  aswMBR.txt   1.21KB   167 downloads

[Horaldo]

Please find the attached aswMBR log. I never actioned any of the red highlighted items, please let me know if I should.

Sorry I can't post a GMER log, unfortunately for some reason every time I run the scan and leave it be, the amount of memory it uses shoots right up over the duration of the scan. So I'm unable to even hit "Copy" and open up notepad. So strange.

Attached Files

•  aswMBR.txt   1.21KB   167 downloads

[Essexboy]

Do you have the windows Vista recovery console installed ?

When you press F8 as if going to start safe mode do you get the option to "Repair My Computer" in the list of safe mode options ?

As we may have to use that to repair the MBR

[Horaldo]

Yes I do.

[Essexboy]

OK here we go ...................

• Click Repair your computer.
• Click the operating system that you want to repair, and then click Next.
• In the System Recovery Options dialog box, click Command Prompt.
• Type in the following bolded text and press enter
  
  Bootrec.exe /FixMbr
  
• Type exit

Once done reboot and then run TDSSKiller

[Horaldo]

I hit F8 fine, selected Repair Your Computer and hit entered.

However it just went to the screen which I normally get upon start-up (since I can't shut down without a blue screen).

That is the screen with options set out like

Safe Mode
Safe Mode with Networking
Safe Mode with Networking & Command Prompt? (memory forgets on the last one!)

Start Your Computer Normally

[Essexboy]

Select the command prompt option please

And then run the bootrec command

[Horaldo]

Using command prompt in safe mode? It says bootrec.exe is not recognised. Obviously I can't get to command prompt in the "Repair Computer" option as I said previously.

[Essexboy]

OK we can download and burn to disc the recovery console - or do you have the vista CD

[Horaldo]

I have an Advent System Recovery disc which contains Vista, that do?

[Essexboy]

'Fraid not

OK I will just sort out the link to download an ISO copy that you can burn to CD

[Essexboy]

Back again .. The link I was going to use is down for the moment

But as you have uTorrent you can download the ISO from here
Also download Imgburn from here and install

Once Imgburn is installed double click the ISO to burn to disc

• Insert the disc and select start from the cd
• Select Repair your computer.
• Select the operating system you want to repair, and then click Next.
• Select command prompt
• Type in the following command
  
  Bootrec.exe /FixMbr
  
• Once finished type Exit
• Reboot and then run TDSSKiller

[Horaldo]

Sorry I'm a bit of a noob when it comes to start-up things.

Now I've made the CD and everything, however when it comes up with "press any key to boot from CD" I tried pressing F8, while in brings me all the normal options (such as safe mode, boot logging etc) it doesn't have Repair Your Computer!

I tried just pressing any old key at the boot from CD bit as well, which takes me to "Install Windows" and has options for country, language etc.

Is that path the right one?

[Essexboy]

Thats the one - select your country and language

You will then be presented with the repair your computer prompt
Select that and a menu will appear with several tools
Select command prompt
Then run the commands as in the previous post

[Horaldo]

Well good news is that I'm no longer blue screening upon shutdown/reboot and that TDSSKiller is running fine (I've attached the log if you want to read, but it said it found nothing).

Now for some reason every time i log into full or safe mode "System Properties" appears. I also have been blue screening after logging in successfully, after a few tries I think it's actually when I try to go to "Networking" because my internet is showing as unconnected even though my modem is fine and fully lit (and works fine with my phone).

Luckily it's also fine in Safe Mode with Networking which is what I'm posting from right now.

Do you think this is somehow related to a problem that I've been having for far longer than the virus stuff? I sometimes need to "repair my connection" when logging into the computer, even if all the lights are green. It sometimes takes a few tries but when it's done, it's done. I don't lose connection once it's established.

Attached Files

•  TDSSKiller.2.4.21.0_29.04.2011_21.16.48_log.txt   122.94KB   133 downloads