Avast WEBforum
Other => Viruses and worms => Topic started by: Saul Luizaga on July 29, 2013, 09:17:50 AM
-
I hope you can help me, I don't have a clue wha's going on with my PC, I think it's a boot sector virus, but I'm not sure.
Avast! (w/autosandbox, searches for malware root kits on boot), Comodo: AV, D+, Clean Endpoint, auto-sandbox, IObit Antimalware, MalwareBytes Antimalware, nothing detects anything.
Symptoms:
1.- offload on network is disabled and can't be enabled.
2.- keyboard stops working, a few seconds later the mouse, then stays that way or restarts.
3.- When you have your Win 7 64-bit long starts to give BSODs: Windows informs kernel data corruption, 1A (complete Windows hang), 50, 3B, many more.
4.- The computer have a slight lag.
5.- the mouse won't click the first time and sometimes will dobleclick instead of single-click (it's not windows mouse config).
6.- programs crash.
7.- I have Planetside 2, if you know the game you'll know it's big, 13+ GB, among its files there are 256 that range from 3x MB to 1xx MB, so I made a back up copy on another hard drive and compared with TotalCommander 8 'Synchronize directories' function and it find differences on random files, the thing is when individually compared a some of those pair of files sometimes they're identical, sometimes the only difference is a hex string 'D2 FA 01 C0', seldom times 2 strings, but only on big files, copied or downloaded.
The corruption is progressive and eventually will corrupt the .exe files.
Any ideas?
Edit: I have tried to overwrite the master boot record with a tool called bootsect.exe, it's used to change the partition boot type between WinXP (NT52) and Win WinVista/7 (NT60), reinstalled windows 7 64-bit 6 times, 2 different installers. It could be Seagate hard drive self-corrupting, as I've seen it only once, but I don't think so.
I have tested RAM (2x 4 GB) with Microsoft Memory Diagnostic, extended test suit, extended memory map, 1 1-pass and 2 2-pass, no errors, so si not RAM, MoBo, CPU or Video Card, I booted from a CD-ROM.
That leaves Hard Disk Drive (HDD), I have made a chkdsk c: /r /x and all OK (70 GB partition). The WIndows 7 installers should be OK, so it's either HDD self-corruption or virus/malware/spyware on boot sectros/records.
Can anyone at Avast! please check if there are any virus signatures with those 4 bytes please?
-
follow guide and attach the requested logs (not copy and paste) http://forum.avast.com/index.php?topic=53253.0
run in order listed
AdwCleaner / Malwarebytes / OTL / aswMBR
when done removal experts will be notified and check the logs for infections....
if trouble running any of the Tools, try run from safe mode..
-
Thank you, I'll do that, I'll post ASAP
-
OK here are the 4 logs.
There was another log produced by OTL, but I can only attach 4 files so, I Pastebin it (http://pastebin.com/8Vi3Qu9W)
-
The logs look clean, AswMBR has flagged an unknown but that may be Comodo. However, I will check that out
Download the latest version of TDSSKiller from here (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.
- Doubleclick on TDSSKiller.exe to run the application
(https://dl.dropbox.com/u/73555776/tdss%20start.JPG)
- Then click on Change parameters.
(https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG)
- Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
- Click the Start Scan button.
- If a suspicious object is detected, the default action will be Skip, click on Continue.
(https://dl.dropbox.com/u/73555776/tdss%20threat.JPG)
- If malicious objects are found, they will show in the Scan results and offer three (3) options.
- Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
- Get the report by selecting Reports
(https://dl.dropbox.com/u/73555776/tdss%20report.JPG)
- Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.
-
The message exceeds the maximum allowed length (10000 characters). SO I pastebin it (http://pastebin.com/4Y44MFrn), again; the forum won't let me use 7-zip attachment.
-
The MBR also looks good as it stands I can see no indication of malware. We could run a scan outside of windows if you wish
-
Kind of you, but I'd like to check the 'unknown' first, I'll post again if I can't find the answer, thank you for your help.
-
The unknown is most probably related to sptd.sys (Daemon tools) CD emulating software
-
Thank you for the tip, I'll keep searching for now.
-
Nothing worked because it wasn't a virus, bad Win installation nor hard drive failure, it was a bad BIOS, the newer version for some reason weren't working well, I take it back to the newest version that would let a normal PC operation, thanks for all your help.
-
Glad it is resolved :)