Author Topic: can.t remove this viruses help  (Read 4219 times)

Offline pro5188

  • Jr. Member
  • **
  • Posts: 21
    • Personal Message (Offline)
can.t remove this viruses help
« on: February 25, 2011, 02:04:16 AM »
--------------------------------------------------------------------------------

here what going on  have a virus cant remove with avast free version ,  scan and it keep showing up , it won.t remove it, or let me put it in chest valt..when i scan and say to remove it to shutdown your pc and restart it i do it and its steal ther.i restore and and its steal there, here what it say the threat is


FILE NAME------PHYSICALDRIVEO

SEVERITY------ HIGH

STATUS--------THREAT:ROOTKIT:HIDDEN

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28962
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: can.t remove this viruses help
« Reply #1 on: February 25, 2011, 06:52:11 PM »
Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it


Click the "Scan" button to start scan


Click the "Fix" in case of infection


Save the aswMBR.log to the desktop then post the log here


Offline jkaszynski

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Re: can.t remove this viruses help
« Reply #2 on: April 14, 2011, 01:18:32 AM »
I hope it's still ok to post here!

I followed your directions and this is the log:

aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-13 18:13:57
-----------------------------
18:13:57.343    OS Version: Windows 5.1.2600 Service Pack 3
18:13:57.343    Number of processors: 2 586 0x409
18:13:57.343    ComputerName: HARDDRIVE  UserName: Jaime
18:13:58.046    Initialize success
18:14:03.609    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
18:14:03.609    Disk 0 Vendor:   Size: 0MB BusType: 0
18:14:03.625    Disk 0 MBR read error
18:14:03.625    Disk 0 MBR scan
18:14:03.625    MBR BIOS signature not found 0
18:14:03.625    Disk 0 scanning C:\WINDOWS\system32\drivers
18:14:09.671    Service scanning
18:14:10.859    Disk 0 trace - called modules:
18:14:10.859    ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys sphj.sys hal.dll >>UNKNOWN [0x82d8e938]<<
18:14:10.859    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82d6b030]
18:14:10.859    3 CLASSPNP.SYS[f84b5fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x82d42940]
18:14:10.875    Scan finished successfully
18:14:17.781    Disk 0 MBR fix error
18:14:22.812    Disk 0 MBR fix error
18:14:35.703    Disk 0 MBR fix error

Any help?

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28962
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: can.t remove this viruses help
« Reply #3 on: April 14, 2011, 05:31:43 PM »
Could you go to this site please and follow the directions at step 6 http://www.bleepingcomputer.com/forums/topic34773.html and then re-run ASWMbr

Also what are your problems ?

Offline asilad

  • Newbie
  • *
  • Posts: 4
    • Personal Message (Offline)
Re: can.t remove this viruses help
« Reply #4 on: May 08, 2011, 08:01:22 AM »
Is it still ok to post here? I have exactly the same problem as above.

I also followed your directions and here is my log:

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-08 09:49:34
-----------------------------
09:49:34.756    OS Version: Windows 6.0.6002 Service Pack 2
09:49:34.756    Number of processors: 2 586 0x170A
09:49:34.756    ComputerName: IAN-PC  UserName: Ian
09:49:36.550    Initialize success
09:50:05.316    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
09:50:05.332    Disk 0 Vendor: Hitachi_HTS545025B9A300 PB2OC64G Size: 238475MB BusType: 3
09:50:07.375    Disk 0 MBR read successfully
09:50:07.375    Disk 0 MBR scan
09:50:07.375    Disk 0 TDL4@MBR code has been found
09:50:07.375    Disk 0 MBR [TDL4]  **ROOTKIT**
09:50:07.375    Disk 0 scanning C:\Windows\system32\drivers
09:50:13.350    Service scanning
09:50:14.895    Disk 0 trace - called modules:
09:50:14.910    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys
09:50:14.910    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8565cac8]
09:50:14.910    3 CLASSPNP.SYS[82fa88b3] -> nt!IofCallDriver -> [0x8450a918]
09:50:14.926    5 acpi.sys[806946bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x84ebcb98]
09:50:14.926    Scan finished successfully
09:50:47.016    Disk 0 fixing MBR ...
09:50:57.031    Disk 0 MBR restored successfully
09:50:57.031    Disk 0 Windows 600 MBR fixed successfully

Online argus

  • Anti Malware Fighter _ ASAP_
  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1335
  • Gender: Male
    • Personal Message (Online)
Re: can.t remove this viruses help
« Reply #5 on: May 08, 2011, 08:12:17 AM »
Re-run aswMBR, and press Fix

Save the aswMBR.log to the desktop then post the log here

Offline asilad

  • Newbie
  • *
  • Posts: 4
    • Personal Message (Offline)
Re: can.t remove this viruses help
« Reply #6 on: May 08, 2011, 09:37:30 AM »
Here are the results of the re-run after the fix.

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-08 11:33:25
-----------------------------
11:33:25.550    OS Version: Windows 6.0.6002 Service Pack 2
11:33:25.550    Number of processors: 2 586 0x170A
11:33:25.550    ComputerName: IAN-PC  UserName: Ian
11:33:43.318    Initialize success
11:33:47.858    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
11:33:47.858    Disk 0 Vendor: Hitachi_HTS545025B9A300 PB2OC64G Size: 238475MB BusType: 3
11:33:49.902    Disk 0 MBR read successfully
11:33:49.902    Disk 0 MBR scan
11:33:49.902    Disk 0 TDL4@MBR code has been found
11:33:49.902    Disk 0 MBR [TDL4]  **ROOTKIT**
11:33:49.902    Disk 0 scanning C:\Windows\system32\drivers
11:33:58.265    Service scanning
11:33:58.686    Disk 0 fixing MBR ...
11:34:08.701    Disk 0 MBR restored successfully
11:34:08.701    Disk 0 Windows 600 MBR fixed successfully
11:34:08.701    Disk 0 trace - called modules:
11:34:08.701    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys
11:34:08.717    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x855592b8]
11:34:08.732    3 CLASSPNP.SYS[82fa38b3] -> nt!IofCallDriver -> [0x84eb0918]
11:34:08.748    5 acpi.sys[806926bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x8450a8a0]
11:34:08.748    Scan finished successfully

Online argus

  • Anti Malware Fighter _ ASAP_
  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1335
  • Gender: Male
    • Personal Message (Online)
Re: can.t remove this viruses help
« Reply #7 on: May 08, 2011, 09:47:02 AM »
Download TDSSKiller on the Desktop:
http://support.kaspersky.com/downloads/utils/tdsskiller.exe

 When you download the program do the following:

 Deactivate/turn off your protective software.
                                                   

 Close running programs.

Run program. Press the button Start scan.
When the scan is over, the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
If malicious objects be found, make sure that you choose "Cure"

http://support.kaspersky.com/images/support_new/2663-2-eng.png

and click Continue, and then click Reboot Now.


Okaci me the contents of a log from the following location:
C: \TDSSKiller_version_DD.MM.GG_HH.MM.SS.txt

note:
(DD-day, MM-month, year-GG, HH-hour, MM minutes, SS seconds; date and time the log is made)

Offline asilad

  • Newbie
  • *
  • Posts: 4
    • Personal Message (Offline)
Re: can.t remove this viruses help
« Reply #8 on: May 08, 2011, 01:01:46 PM »
Is this the attachment you mean?

Offline asilad

  • Newbie
  • *
  • Posts: 4
    • Personal Message (Offline)
Re: can.t remove this viruses help
« Reply #9 on: May 08, 2011, 02:19:39 PM »
Argus - I have now ran a full system scan and it is no longer picking up any infections so fingers crossed all is now ok. A big thank you to you for your help which was very much appreciated. THANK YOU! :)

Online argus

  • Anti Malware Fighter _ ASAP_
  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1335
  • Gender: Male
    • Personal Message (Online)
Re: can.t remove this viruses help
« Reply #10 on: May 08, 2011, 04:17:06 PM »
My pleasure, although I have not seen the log  :)

Offline Pete75

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Re: can.t remove this viruses help
« Reply #11 on: September 16, 2011, 11:07:31 PM »
I hope it is still ok to post here.

I did that that above and here is re run log.
Hope someone could check if there is something still.

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-17 01:47:24
-----------------------------
01:47:24.890    OS Version: Windows 5.1.2600 Service Pack 3
01:47:24.890    Number of processors: 2 586 0x1C02
01:47:24.890    ComputerName: CATI  UserName: Kati
01:47:25.812    Initialize success
01:47:27.156    AVAST engine defs: 11091601
01:47:36.593    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
01:47:36.609    Disk 0 Vendor: ST916031 0005 Size: 152627MB BusType: 3
01:47:36.625    Disk 0 MBR read successfully
01:47:36.640    Disk 0 MBR scan
01:47:36.640    Disk 0 Windows XP default MBR code
01:47:36.656    Disk 0 scanning sectors +312560640
01:47:36.812    Disk 0 scanning C:\WINDOWS\system32\drivers
01:47:54.328    Service scanning
01:47:55.859    Service vsdatant C:\WINDOWS\System32\vsdatant.sys **LOCKED** 32
01:47:56.421    Modules scanning
01:48:20.703    Disk 0 trace - called modules:
01:48:20.734    ntkrnlpa.exe CLASSPNP.SYS disk.sys SahdIa32.sys iaStor.sys hal.dll
01:48:20.734    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d3f030]
01:48:20.750    3 CLASSPNP.SYS[f7548fd7] -> nt!IofCallDriver -> [0x86d7d478]
01:48:20.750    5 SahdIa32.sys[f7569939] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86d6a028]
01:48:24.046    AVAST engine scan C:\WINDOWS
01:48:46.312    AVAST engine scan C:\WINDOWS\system32
01:51:17.687    AVAST engine scan C:\WINDOWS\system32\drivers
01:51:40.031    AVAST engine scan C:\Documents and Settings\Kati
01:56:07.515    AVAST engine scan C:\Documents and Settings\All Users
01:59:38.000    Scan finished successfully
02:02:56.406    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kati\Työpöytä\MBR.dat"
02:02:56.437    The log file has been saved successfully to "C:\Documents and Settings\Kati\Työpöytä\aswMBR1.txt"



Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21671
  • Gender: Male
    • Personal Message (Offline)
Re: can.t remove this viruses help
« Reply #12 on: September 16, 2011, 11:15:18 PM »
@pete75

Start a topic that is yours, and....


follow the guide here and attach the log`s   http://forum.avast.com/index.php?topic=53253.0  and essexboy will have a look when he arrive

Lower left corner > additional options > attach
If logs are to big you may upload to http://www.mediafire.com/ and post the download link here
« Last Edit: September 16, 2011, 11:17:40 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline ayneantonio

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Re: can.t remove this viruses help
« Reply #13 on: September 05, 2012, 04:47:17 PM »
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-06 00:18:37
-----------------------------
00:18:37.409    OS Version: Windows 6.1.7601 Service Pack 1
00:18:37.409    Number of processors: 2 586 0x1C0A
00:18:37.425    ComputerName: MARIELLEANTONIO  UserName:
00:19:36.643    Initialize success
00:19:38.874    AVAST engine defs: 12090501
00:20:26.688    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:20:26.688    Disk 0 Vendor: ST9250315AS 0003DEM1 Size: 238475MB BusType: 11
00:20:26.719    Disk 0 MBR read successfully
00:20:26.735    Disk 0 MBR scan
00:20:26.782    Disk 0 Windows 7 default MBR code
00:20:26.782    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
00:20:26.828    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 81920
00:20:26.860    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       223434 MB offset 30801920
00:20:26.875    Disk 0 scanning sectors +488395120
00:20:26.984    Disk 0 scanning C:\Windows\system32\drivers
00:20:44.581    Service scanning
00:21:19.229    Modules scanning
00:21:31.210    Disk 0 trace - called modules:
00:21:31.787    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
00:21:31.818    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8493c270]
00:21:31.849    3 CLASSPNP.SYS[86bac59e] -> nt!IofCallDriver -> [0x84856918]
00:21:31.881    5 ACPI.sys[868973d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84854030]
00:21:33.035    AVAST engine scan C:\Windows
00:21:35.609    AVAST engine scan C:\Windows\system32
00:25:46.957    AVAST engine scan C:\Windows\system32\drivers
00:26:09.592    AVAST engine scan C:\Users\Marielle Antonio
00:38:31.037    File: C:\Users\Marielle Antonio\AppData\Roaming\bjvhq.exe  **INFECTED** Win32:Malware-gen
00:40:42.327    AVAST engine scan C:\ProgramData
00:42:16.738    Scan finished successfully
00:43:05.348    Verifying
00:43:15.401    Disk 0 Windows 601 MBR fixed successfully
00:43:45.898    Verifying
00:43:55.976    Disk 0 Windows 601 MBR fixed successfully
00:44:49.975    Disk 0 MBR has been saved successfully to "C:\Users\Marielle Antonio\Desktop\MBR.dat"
00:44:49.991    The log file has been saved successfully to "C:\Users\Marielle Antonio\Desktop\aswMBR.log"


Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21671
  • Gender: Male
    • Personal Message (Offline)
Re: can.t remove this viruses help
« Reply #14 on: September 05, 2012, 04:50:30 PM »
@ayneantonio    why are you posting in a 1 year old topic  ???

if you need help start a new topic  and attach logs ...see guide here   http://forum.avast.com/index.php?topic=53253.0
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now