Author Topic: Aureon.k Found Disk 0, Partion 3  (Read 11383 times)

0 Members and 1 Guest are viewing this topic.

blynn0480

  • Guest
Aureon.k Found Disk 0, Partion 3
« on: March 24, 2012, 08:40:49 AM »
aswmbr shows Aureon.k present. See attached

OTL log. See attached. Could not attach "Extras"

Had to paste

Malawarebytes shows nothing. See below.

What next to remove this problem?

Malwarebytes' Anti-Malware 1.25
Database version: 1062
Windows 5.1.2600 Service Pack 3

11:49:19 AM 8/26/2008
mbam-log-08-26-2008 (11-49-19).txt

Scan type: Quick Scan
Objects scanned: 63079
Time elapsed: 7 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
« Last Edit: March 24, 2012, 09:04:27 AM by blynn0480 »

SafeSurf

  • Guest
Re: Aureon.k Found Disk 0, Partion 3
« Reply #1 on: March 24, 2012, 11:17:57 AM »
Thank you for posting your logs.  I am going to refer you to our Certified Malware expert, named Essexboy.  He will also review your logs and give you further instructions.  He will respond to you in this thread, so remember to check this thread daily.

Please do not make any further changes to your machine after you have provided the logs.

IMPORTANT: If you are on a home network, disconnect the affected machine from the network.  Do not share a USB/flash drive with this affected machine.  Do not use this machine unless Essexboy instructs you do to malware removal instructions; use a different machine to check email, sync your phone, etc. if possible.

Let us know if you have any questions.  Thank you.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Aureon.k Found Disk 0, Partion 3
« Reply #2 on: March 24, 2012, 01:37:53 PM »
Hi could you copy aswMBR to your C drive root please i.e. C:\aswMBR

Then run the following command

Go Start > Run
Or press the windows and R key together
Copy and then paste the bold command below
Then press OK

aswMBR.exe -ap 1

Once it has run then reboot and re-run an aswMBR scan

NEXT

  • Download RogueKiller  and save it on your desktop
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ... 
  •     Click on Scan
   
 
  • Wait for the end of the scan. 
  • The report has been created on the desktop. 
  • Click on the Delete button.
     
  • The report has been created on the desktop.
  • Next click on the ShortcutsFix   

  • The report has been created on the desktop.
Please post:    All RKreport.txt text files located on your desktop.

FINALLY

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Quote
    :OTL
    DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\filbdbng.sys -- (heyuvea)
    O28 - HKLM ShellExecuteHooks: {a5780613-492e-4a2a-a7fd-549610edf6cc} - No CLSID value found.
    [2011/01/27 17:44:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Lkoduwonezonuso.bin
    [2011/01/27 17:44:07 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Pnitilita.dat

    :Files
    ipconfig /flushdns /c
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

blynn0480

  • Guest
Re: Aureon.k Found Disk 0, Partion 3
« Reply #3 on: March 24, 2012, 04:11:40 PM »
Thanks for the reply

Copied aswmbr to c drive and ran command aswmbr.exe -ap 1.

Received reply that changing partions could make my machine "unbootable" and gave me a yes / no answer. see attached

Should I say yes?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Aureon.k Found Disk 0, Partion 3
« Reply #4 on: March 24, 2012, 04:15:07 PM »
Answer yes please

blynn0480

  • Guest
Re: Aureon.k Found Disk 0, Partion 3
« Reply #5 on: March 24, 2012, 04:52:33 PM »
rebooted PC.

System is asking to run diagnostics. choices are test momory, test system exit

Which one to select ?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Aureon.k Found Disk 0, Partion 3
« Reply #6 on: March 24, 2012, 05:11:18 PM »
Run test system and then exit

blynn0480

  • Guest
Re: Aureon.k Found Disk 0, Partion 3
« Reply #7 on: March 24, 2012, 05:38:28 PM »
Thanks

Running express test

received error code 0f00:137B
IDE Device faled blank media or no media is present in optical drive.....

Asks if I wish to continue testing. Choices are yes / no/ retry.  I am guessing "no".

Which choice to pick?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Aureon.k Found Disk 0, Partion 3
« Reply #8 on: March 24, 2012, 05:39:04 PM »
Aye no will do

blynn0480

  • Guest
Re: Aureon.k Found Disk 0, Partion 3
« Reply #9 on: March 24, 2012, 06:13:54 PM »
Exch time I exit the tests the system reboots back to the diagnostic

How do I get to a C prompt to run aswmbr?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Aureon.k Found Disk 0, Partion 3
« Reply #10 on: March 24, 2012, 06:18:32 PM »
Reboot the computer, press F8 to get to the safe mode menu
Select command prompt
Type in the following

aswMBR.exe -ap 2

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Aureon.k Found Disk 0, Partion 3
« Reply #11 on: March 24, 2012, 07:38:04 PM »
If that fails then do the following

I need you to download: gparted-live-0.10.0-3.iso (115.1 MB)
 
Create a bootable CD, for Gparted from the ISO images.  You can use ImgBurn do this.
 
Now boot off of the newly created Gparted CD.
 

You should be here...
Press ENTER
 

By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER.
 

Choose your language and press ENTER. English is default [33]
 

Once again, at this prompt, press ENTER
 
You will now be taken to the main GUI screen below

According to your logs, the partition that you want to delete is 8 MB
Click the trash can icon to delete and then click Apply.
 
You should now be here confirming your actions:

 
Now you should be here:

 

Is "boot" next to your OS drive?
 
If "boot" is not next to your OS drive under "Flags", right-mouse click the OS drive while in Gparted and select Manage Flags
 
In the menu that pops up, place a checkmark in boot like the picture below:

 
Now double-click the button.
 
You should receive a small pop up like this:

Choose reboot and then press OK.
 

blynn0480

  • Guest
Re: Aureon.k Found Disk 0, Partion 3
« Reply #12 on: March 24, 2012, 08:24:48 PM »
Need to download gparted-live and change boot menu to boot from the CD

Successfully deleted partion 3

Partion 1 labeled "dell utility" is flagged as "boot"

Once I exit do I need to:
 -  change boot menu back to boot from c drive ?

 - reboot in safe mode then run aswmbr?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Aureon.k Found Disk 0, Partion 3
« Reply #13 on: March 24, 2012, 08:26:41 PM »
Correct make the C drive (windows ) the boot partition - It was an error on my part I set the wrong partition to boot

Reboot to normal windows and re-run aswMBR please

blynn0480

  • Guest
Re: Aureon.k Found Disk 0, Partion 3
« Reply #14 on: March 24, 2012, 08:35:33 PM »
rebooted but got back to the test program

 does this mean I should flag partion 2 as "boot" then reboot to normal windows?