Infected post installation of Spanish KB4012598 and Avast Update

[REDACTED]

As of May 15 I performed the following:

    Installed Spanish KB4012598 as protection for Wannacrypto.
    Installed No-Script add-on for Firefox and at some point while browsing, No-Script registered and asked me to forward information on a hijack attempt it had blocked.
    Updated AVAST

My computer has become very slow; Firefox became near to impossible to open; AVAST GUI wasn't loading properly and it constanttly shut off 1 of "x" number of protections.

Ran MiniToolBox; TDSSKiller; AdwCleaner; Junkware Removal Tool; and attempted to run ESET Online Scanner which I couldn't because I had Avast installed, but Avast wasn't working properly, so I "repaired" Avast, but it showed a conflict with Microsoft Security Essentials, which I can't seem to find, not even using REVO Uninstaller. AVAST GUI continued to fail so I finally removed AVAST and scanned with ESET and Malwarebytes.

Malwarebytes didn't find anything wrong but, ESET did:
"CDburner XPsetup_4.5.7.6623.exe a variant of Win32/FusionCore.L potentially unwanted application   cleaned by deleting". 

However, now I can't install anything else nor create a restore point, because my Hard Drive shows as being full, which is impossible having recently backedup and removed files from HD.

Malwarebytes, which I still have installed, doesn't allow me to select realtime protection.

Please help.

WINXP HOME EDITION SP3 user.

[mchain]

Hi msl_mia,

You might not have an active malware infection.  That could be good news.

Check for this issue:  http://techlogon.com/2011/03/28/how-to-fix-hard-drive-stuck-in-pio-mode/

Symptoms you are describing seem to fit.   Reboot after resetting your hard drive.  If PIO fix does not apply then you may have a failing hard drive.  Hope not but if you do, back up all personal files now.

[REDACTED]

Hi Spartan Warrior!

Attached pease find initial files requested for review after running Malwarebytes and Farber.

Meanwhile will follow up on your suggestion. I too hope that it is not the HD.

Thanks.

[mchain]

As the weekend is ending where you are but is still in force elsewhere, it will be a bit before a trained malware expert can assist you.

Please be patient, an expert has been notified. 

Back up your personal files.

[REDACTED]

mchain,

I followed up on your suggestion on checking PIO mode and none were set as such. Results were the following:

My Primary IDE Channel

Device 0
Device Type= Autodetection
Transfer Mode= DMA if available
Current Transfer Mode=Ultra DMA Mode 5

Device 1
Device Type= NONE
Transfer Mode= DMA if available
Current Transfer Mode= not available.
 
My Secondary IDE Channel
Device 0
Device Type= Autodetection
Transfer Mode= DMA if available
Current Transfer Mode=Ultra DMA Mode 2

Device 1
Device Type= Autodetection
Transfer Mode= DMA if available
Current Transfer Mode=Ultra DMA Mode 2 

[mchain]

Now you've to wait a bit.

[dbrisendine]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

How is your system now?

[Eddy]

MSE need to be removed completely.
http://www.ache.nl/#m

[REDACTED]

Are you referring to my original  FRST  file I posted?

[Pondus]

Are you referring to my original  FRST  file I posted?

What is it you don't understand?

[REDACTED]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

How is your system now?

Attached please find file.

I checked my hard drive and it still shows as almost full.
As I waited for a response I had gone ahead and stopped a process related to IDriveT.exe, which I'm not sure is responsible for opening up a 5.9G on my hardrive but, there it was. I was then able to  defragment my HD. I don't however, have any restore points even after running FIX on FRST.


I'm so grateful you are looking into my case.

[REDACTED]

Are you referring to my original  FRST  file I posted?

What is it you don't understand?

Please disregard. Thankfully FRST pulls everything on its own as long as I "place in the same location".
All done and posted.

[REDACTED]

MSE need to be removed completely.
http://www.ache.nl/#m

I followed instructions on link provided and I downloaded MicrosoftFixit50692 which is file to use to remove MSE but, I get a system message stating that can not access Windows Installer. This can occur if executing in Safemode  or if Windows Installer is not correctyly installed...".

[REDACTED]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

How is your system now?

Attached please find file.

I checked my hard drive and it still shows as almost full.
As I waited for a response I had gone ahead and stopped a process related to IDriveT.exe, which I'm not sure is responsible for opening up a 5.9G on my hardrive but, there it was. I was then able to  defragment my HD. I don't however, have any restore points even after running FIX on FRST.


I'm so grateful you are looking into my case.

My Volume control keeps on disappearing from my taskbar everytime I start up and my icons get shifted around back to original setting, and when I play a video I am unable to modify volume.
Also, when I bring up system restore, all I see is a blank screen.
My computer does seem to be running smoother, as far as speed is concerned but, it does seem that everytime I take a look there is something not quite right.

Thanks.

[Eddy]

Backup your data and perform a clean installation of the OS (and updates).