Author Topic: Help! My gaming DT has been hosed!!  (Read 15385 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help! My gaming DT has been hosed!!
« Reply #15 on: September 25, 2012, 10:13:00 PM »
It would be a darn sight quicker than trying to clean it.  As there is probably some system damage as well

phydron

  • Guest
Re: Help! My gaming DT has been hosed!!
« Reply #16 on: September 25, 2012, 11:04:10 PM »
I know that seemed like a stupid question but I've done that before and the Virus or whatever comes back
when I get the operating system installed. This M/B has a reset button that interrupts the BIOS battery
and that should be the end of it. I have a Nvidia 9800 video card with 1 Gb memory that could be harboring
this evil beasty.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help! My gaming DT has been hosed!!
« Reply #17 on: September 25, 2012, 11:12:57 PM »
I have yet to come across malware in either the Video RAM or the BIOS.  If you do a full reformat and wipe the drive that will kill anything around

phydron

  • Guest
Re: Help! My gaming DT has been hosed!!
« Reply #18 on: September 26, 2012, 12:31:11 AM »
I just reformatted this drive, installed the operating system and it says Win paint is scheduled for removal.
I have no idea where to go from here.

Thanks for all your efforts, I do appreciate it.

P.S. The Dell mini you helped me with is still working, many thanks.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help! My gaming DT has been hosed!!
« Reply #19 on: September 26, 2012, 04:09:48 PM »
Have you restarted since this warning ?  Did you deselect any windows elements when you re-installed ?

phydron

  • Guest
Re: Help! My gaming DT has been hosed!!
« Reply #20 on: September 26, 2012, 06:18:06 PM »
I have restarted and it comes right back. Is it possible for a virus to remain in the partition? I didn't change anything on the
Windows disk.
I removed the HDD, reformatted it on another PC with /U, disconnected the BIOS battery and removed and re-installed the RAM
and video card.
Obviously, I've missed the location of this bug. I haven't used any other thumb drives, etc. or any other sources of infection.
It's not been connected to the net. It has to be hiding somewhere, I just don't know where.
It has already disabled notepad, won't recognize any I/O devices, SD cards, etc.
I certainly don't have any idea of what to do next.

Help! 

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help! My gaming DT has been hosed!!
« Reply #21 on: September 26, 2012, 07:32:04 PM »
Quote
won't recognize any I/O devices, SD cards, etc.
That to me suggests hardware rather than malware

If the HDD was reformated then nothing will be left software wise

phydron

  • Guest
Re: Help! My gaming DT has been hosed!!
« Reply #22 on: September 26, 2012, 07:56:29 PM »
I just made a bootable CD and installed the programs you gave me earlier, ran Kaspersky rescue disk
and several tools you recommended and now it seems to be running normally.
I'll attach a few logs FWIW.

Thanks again for your time and effforts, I do appreciate it.


I spoke too soon, Its still there.
« Last Edit: September 26, 2012, 08:57:50 PM by phydron »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help! My gaming DT has been hosed!!
« Reply #23 on: September 26, 2012, 08:19:11 PM »
Both of those logs are clear did Kas find anything ?

phydron

  • Guest
Re: Help! My gaming DT has been hosed!!
« Reply #24 on: September 26, 2012, 09:30:41 PM »
No. It allowed me to DL Avast but then began redirecting and now it's blocking almost everything.
There must be some program that will identify this.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help! My gaming DT has been hosed!!
« Reply #25 on: September 26, 2012, 10:24:50 PM »
Prior to Avast did you install anything or use a USB

phydron

  • Guest
Re: Help! My gaming DT has been hosed!!
« Reply #26 on: September 27, 2012, 12:48:12 AM »
No. I suppose my tinkering with it is counter-productive as far as you're concerned, but I've run
several cleaning utilities and now it's behaving fairly well, only redirecting occasionally.
I can probably run some diagnostic software, if there is something that might help.

Again thanks.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help! My gaming DT has been hosed!!
« Reply #27 on: September 27, 2012, 03:17:55 PM »
You can check out the MBR although a re-install would have squashed that

Download the latest version of TDSSKiller from here and save it to your Desktop.
 
 
  • Doubleclick on TDSSKiller.exe to run the application


  • Then click on Change parameters.
     

     
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
     
  • Click the Start Scan button.
     
     
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
     

     
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

  • Get the report by selecting Reports

 
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.

phydron

  • Guest
Re: Help! My gaming DT has been hosed!!
« Reply #28 on: September 27, 2012, 05:48:24 PM »
This PC runs somewhat normally until I connect to the internet. I was able to run everything you requested
except Mbam, which quit before it was finished.
I guess there is a small bit of code that downloads more malware when connected.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Help! My gaming DT has been hosed!!
« Reply #29 on: September 27, 2012, 08:44:59 PM »
It makes me wonder where it is coming from, how many other computers use the router ?  And do they experience the same problem ?

A fresh install wipes all software from the computer so nothing will be left behind.  The only other alternative would be that the installation disc is infected, but that is clutching at straws in reallity.  Did you run TDSSKiller ?

 Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:OTL
O3 - HKU\S-1-5-21-2202700497-936279443-959575130-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - Startup: C:\Users\Norm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_19306474.lnk = File not found

:Files
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt  /c
ipconfig /release /c
ipconfig /renew /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.