Author Topic: T4.. whatever virus (Read 4414 times)

bambam58 · « **on:** August 16, 2012, 01:12:53 AM »

Okay, so i googled one of these 3 urls that were being blocked by avast. It took me to a thread on this forum. I followed what was said to the person whos problems seemed to by exactly like mine. I'm up to the point where i have completed my combo fix, its contents are below. I will continue to run farbar after i post this. Thanks guys. You do some great work.

bambam58 · « **Reply #1 on:** August 16, 2012, 01:14:33 AM »

Well, i guess my log is longer than the 10k character max? I'm not sure how to post

bambam58 · « **Reply #2 on:** August 16, 2012, 01:15:38 AM »

http://forum.avast.com/index.php?topic=103027.0

This is the thread i was looking off of

Also, for some reason, there is no right click option on the tdsskiller report. I dont know how to copy it to here.

Farbar Service Scanner Version: 06-08-2012
Ran by User (administrator) on 15-08-2012 at 18:20:26
Running from "C:\Documents and Settings\User\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
aswTdi(10) Gpc(4) IPSec(6) irda(3) NetBT(7) PSched(

Tcpip(5) WSIMD(9)
0x0B0000000600000001000000020000000300000004000000050000000B0000000A000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****

Jtaylor83 · « **Reply #3 on:** August 16, 2012, 01:30:57 AM »

http://forum.avast.com/index.php?topic=53253.0

Please attach OTL, Extras, and aswMBR logs in your next post and essexboy or Jeffce will assist you.

DavidR · « **Reply #4 on:** August 16, 2012, 01:32:50 AM »

Log files can be attached (it is easier) using the Attachments and other options link, see image, click to expand.

Regardless of what might be seen in another topic everything in it is unique, so shouldn't be followed, follow the instructions in this topic - http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.

bambam58 · « **Reply #5 on:** August 16, 2012, 02:04:38 AM »

I blue screened and crashed during the mbr scan...

bambam58 · « **Reply #6 on:** August 16, 2012, 02:28:34 AM »

ran another

DavidR · « **Reply #7 on:** August 16, 2012, 03:30:03 AM »

There may be some delay due to differing time zones and availability of the volunteer malware removal specialists.

bambam58 · « **Reply #8 on:** August 16, 2012, 04:20:39 AM »

hopefully i didnt come of as such a jackass that they ignored me

essexboy · « **Reply #9 on:** August 16, 2012, 07:25:52 PM »

Hi sorry you were missed.. Could you attach the combofix log please, also the TDSSKiller log will be at C:\TDSSKiller date time. Also what are your current problems

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Quote
:OTL
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\fbxxx.sys -- (vfjgwhj)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Author Topic: T4.. whatever virus (Read 4414 times)

bambam58

T4.. whatever virus

bambam58

Re: T4.. whatever virus

bambam58

Re: T4.. whatever virus

Jtaylor83

Re: T4.. whatever virus

DavidR

Re: T4.. whatever virus

bambam58

Re: T4.. whatever virus

bambam58

Re: T4.. whatever virus

DavidR

Re: T4.. whatever virus

bambam58

Re: T4.. whatever virus

essexboy

Re: T4.. whatever virus