Other > Viruses and worms
[SOLVED] VIRUS/Rootkit => URL Blocked http://rk400.com/?sov=rook-s1ysoft.com
jeffce:
Hi,
Let's see what this may reveal...
Please download TDSSKiller.zip
[*]Extract it to your desktop
[*]Double click TDSSKiller.exe
[*]when the window opens, click on Change Parameters
[*]under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
[*]click OK
[*]Press Start Scan
[*]Only if Malicious objects are found then ensure Cure is selected
[*]Then click Continue > Reboot now
[/list]
[*]Copy and paste the log in your next reply
[*]A copy of the log will be saved automatically to the root of the drive (typically C:\)
[/list][/list]
thekochs:
--- Quote from: jeffce on April 09, 2012, 08:08:33 PM ---Hi,
Let's see what this may reveal...
Please download TDSSKiller.zip
[*]Extract it to your desktop
[*]Double click TDSSKiller.exe
[*]when the window opens, click on Change Parameters
[*]under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
[*]click OK
[*]Press Start Scan
[*]Only if Malicious objects are found then ensure Cure is selected
[*]Then click Continue > Reboot now
[/list]
[*]Copy and paste the log in your next reply
[*]A copy of the log will be saved automatically to the root of the drive (typically C:\)
[/list][/list]
--- End quote ---
Attached is picture & log of what TDSSKiller found.....I recognize both these.....they are part of Macrum Reflect's imaging software. The pssnap is alternative to the Microsoft VSS service, the other is the Reflect service......thus, I did SKIP (note there was no "cure" option......only quarantine or delete...or skip)
Question, is there a reason you did not want me in the ESET Online scanner that found Win32\OpenCandy applicaton threat to run with remove threat option ?
jeffce:
Hi,
--- Quote ---is there a reason you did not want me in the ESET Online scanner that found Win32\OpenCandy applicaton threat to run with remove threat option ?
--- End quote ---
Sometimes ESET will remove an entry that does not actually need to go and that is why we ask that you don't remove them. I removed it with OTL. :)
thekochs:
--- Quote from: jeffce on April 09, 2012, 11:18:59 PM ---Hi,
--- Quote ---is there a reason you did not want me in the ESET Online scanner that found Win32\OpenCandy applicaton threat to run with remove threat option ?
--- End quote ---
Sometimes ESET will remove an entry that does not actually need to go and that is why we ask that you don't remove them. I removed it with OTL. :)
--- End quote ---
Oh....OK.
So, not sure where we are.......... :-\
I'm no expert but seems the computer has a virus that every time you open Internet Explorer trys to access the http://rk400.com/?sov=rook-s1ysoft.com site.....which Avast promptly blocks. It seems to do this three times in succession then no more until you close out of IE and re-open. I have no idea the virus but I'm also puzzled I canot block this attempt via Avast Site Blocker by putting in the string http://rk400*.* into Avast's site blocker.....perhaps I am doing this wrong ? I would assume this Avast site blocking option/feature would block the attempt so I did not even see the popup. As stated, this would be a band-aid and not solve the underlying issue.....even mask it.....but if this is a non-lethal virus we cannot find perhaps the solution if we can get it to work ?
I don't want to give up but I've had two instances where the popup did not come up for couple days.....one was after the first OTL custom scan you asked me to do....one prior but cannot remember what I had done. Not sure if there is a link here anyway....but it did stop for coupple days....seems odd.
Do you want me to re-run ESET as before to see what comes up ?
Any others to try ?
jeffce:
I tried to access the same site and got the same results as you. Do you receive the same results when opening Firefox or Google Chrome?
Let's take a look and see what we have
In the run box type the following
diskmgmt.msc
When disc management opens expand it so that all drives are visible
Take a screenshot and post it here
Are you able to burn a CD on another computer ?
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version