Author Topic: Avast scan loopt vast  (Read 17571 times)

0 Members and 1 Guest are viewing this topic.

Willem 1

  • Guest
Re: Avast scan loopt vast
« Reply #15 on: May 01, 2013, 09:57:53 PM »
Hi i did run combofix, during the proces 2 times apeared the notice (free dutch translation) "the instruction linkt to memoy 0x0d544e rea or write failiure" asked abort program / twice oke but program went going on.
Also run  aswMBR   both log included   thanks

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: Avast scan loopt vast
« Reply #16 on: May 02, 2013, 12:14:43 AM »
Willem, you still have MBR rootkit.


Open notepad and copy/paste the text present inside the code box below:


Code: [Select]

File::
c:\windows\system32\drivers\2hscy.sys

Driver::
2hscy.sys

DDS::
mStart Page = hxxp://search.myheritage.com




Save this as CFScript.txt



Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )


*******************************



Delete old TDSSKiller, we will use new fresh one...



Re-run TDSSKiller then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.

  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.


  • Click the Start Scan button.

    - If a suspicious object is detected, the default action will be Skip, click on Continue.
    - If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".

  • Please attache the contents of that file here.



Willem 1

  • Guest
Re: Avast scan loopt vast
« Reply #17 on: May 04, 2013, 01:23:07 PM »
Hello magna86,thanks again,  i did run Combofix and a new TDSSKILLER, both logs follow TDSS in 2 parts file is to big.

Willem 1

  • Guest
Re: Avast scan loopt vast
« Reply #18 on: May 04, 2013, 01:23:57 PM »
part 2 ddskiller post

Willem 1

  • Guest
Re: Avast scan loopt vast
« Reply #19 on: May 04, 2013, 01:25:39 PM »
earlyer tdsskiller before reboot and combofix log

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: Avast scan loopt vast
« Reply #20 on: May 04, 2013, 02:32:24 PM »

Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A small window should open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your deskop. Please attach the contents of that file.

Willem 1

  • Guest
Re: Avast scan loopt vast
« Reply #21 on: May 04, 2013, 06:40:03 PM »
mbrcheck log

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: Avast scan loopt vast
« Reply #22 on: May 04, 2013, 06:52:26 PM »
Looks good. How is your computer running now?

Willem 1

  • Guest
Re: Avast scan loopt vast
« Reply #23 on: May 04, 2013, 09:14:56 PM »
Evertything seems to be running as it should, Avast fast scan worked, firs time since 2 months.
I updated avast to 1488, still loking good.The computer works faster and is much more quiet, before the hard disk/pc was constantly working.
Two questions, should i reinstal some of the programs i downloaded to scan the pc ?
and i am not a expert, you saw the logs could you if possible explain to me what was wrong ?

thanks

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4235
    • Ambulanta MyCity Forum - ASAP Member
Re: Avast scan loopt vast
« Reply #24 on: May 04, 2013, 10:08:29 PM »
Among few other things, you had an what we call MBR Rootkit. MBR rootkits are very powerful and rootkits are by themselves are hard to remove ...
http://en.kioskea.net/faq/5590-sinowal-mebroot-mbr-rootkit-infection

Let's remove all used tools:

Download "Delfix by Xplode"
Run the tool and check the boxes below;
  • Remove disinfection tools
  • Purge System Restore
  • Reset system settings
Click on "Run" button.

I don't need DelFix log report.