Reply
Epic Talent
malwarekiller
Posts: 3,835
Registered: ‎08-08-2011

Re: Another troj z access..

[ Edited ]

OK..lets get the reverse way.If combofix doesnt run even after many tries in safe mode please follow this

 

Download AVPTool from Here to your desktop 
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named ) 

First we will run a virus scan 

Click the cog in the upper right 
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan 
(Please be patient as this scan can take a long long hours)
Posted Image

Allow AVP to disinfect all infections found [delete if disinfection not possible]
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post 


Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information 

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post 

Posted Image

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Stone Emissary
shainsaw
Posts: 23
Registered: ‎03-01-2012

Re: Another troj z access..

Heres the Kaspersky scan...

Please use plain text.
Stone Emissary
shainsaw
Posts: 23
Registered: ‎03-01-2012

Re: Another troj z access..

[ Edited ]

and final kaspersky zip log..

 

 

[Mod Note:  .zip file removed - please see Trend Participation Guidelines]

Please use plain text.
Stone Emissary
shainsaw
Posts: 23
Registered: ‎03-01-2012

Re: Another troj z access..

just out of curiosity, is this going to take care of things? already seems better... also can i reinstall trend micro without infecting things again? just got it not that long ago.... also, any clue why my audio has dissappeared after all of this? none at all, not even standard bells and whistles...

Please use plain text.
Stone Emissary
shainsaw
Posts: 23
Registered: ‎03-01-2012

Re: Another troj z access..

any info. on how to get my audio back up and running? seems the scans for malware have rendered the drivers inoperable...

Please use plain text.
Epic Talent
malwarekiller
Posts: 3,835
Registered: ‎08-08-2011

Re: Another troj z access..

[ Edited ]

Hi can u please try and run combofix in safe mode and attach the log as some important drivers are missing  and combofix will replace them also please upload sysinfo zip file to www.mediafire.com and post the sharing link on next reply.

 

 

also see here: http://www.mediafire.com/faq.php

—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Stone Emissary
shainsaw
Posts: 23
Registered: ‎03-01-2012

Re: Another troj z access..

Back again, sorry for the delay...... heres the link...http://www.mediafire.com/?ezgp9fufpquxsk6... also I dont know what the deal with combo fix is... no matter how I use it (safe mode or not) it never finishes scanning.... just says it detects ROOTKIT... really would like to get this machine going again... works worse now than with the gremlins...

Please use plain text.
Epic Talent
malwarekiller
Posts: 3,835
Registered: ‎08-08-2011

Re: Another troj z access..

[ Edited ]

Hi we have to kill whatever is alive anthen try combofix to get the infection out...

 

  • Re-run AVPTool 
  • Select the Manual Disinfection tab and press Script execution tab
  • Where it states  Insert text  script in the following box copy/paste the below script and press Run script
    Copy from Begin until End
begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
 DeleteFile('C:\WINDOWS\System32\Drivers\dump_atapi.sys');
 DeleteFile('C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS');
 DeleteFile('C:\DOCUME~1\Bill\LOCALS~1\Temp\128.tmp');
 DeleteFile('C:\Documents and Settings\Bill\Local Settings\temp\_uninst_77177826.bat');
 DeleteFile('C:\Documents and Settings\All Users\Application Data\privacy.exe');
 DeleteFile('C:\WINDOWS\system32\savscan.dll');
 DeleteFile('\SystemRoot\system32\DRIVERS\1081806drv.sys');
end.
  • Your system will reboot on completion, if it does not please do so yourself   
  • On completion please run another analysis scan and attach the zip file 

NEXT


  • Download RogueKiller and save it on your desktop.  
  •     Quit all programs 
  •     Start RogueKiller.exe.  
  •     Wait until Prescan has finished ... 
  •     Click on Scan

  
   

  • Wait for the end of the scan.   
  •     The report has been created on the desktop.   
  •     Click on the Delete button.

  
   

  • The report has been created on the desktop.
  • Next click on the ShortcutsFix  
      
      
  • The report has been created on the desktop.

Please post:  
  
All RKreport logs located on your desktop.

 

 

Delete the current combofix from desktop and download a fresh version from here 

rename combofix to winlogon.exe and then try running it.

and attach the log


—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Epic Talent
malwarekiller
Posts: 3,835
Registered: ‎08-08-2011

Re: Another troj z access..

[ Edited ]

If combofix again fails to run we will start it in special way...We will use force breach mode of combofix

 

Running Combofix from Run Command

--------------------


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Click on your START button and choose Run. Then copy/paste the entire content of the following quotebox (Including the "" marks and the Symbols) into the run box.

    Go to Posted Image -> Run -> copy/paste in the following single line command into the run box and click OK.


    "%userprofile%\desktop\combofix.exe" /killall



    Posted Image


  • Click OK and this will start ComboFix in a special way.
—————
Was this post helpful? Say “thanks” by giving me a “Kudo”!
Was your question answered or issue solved? Mark that post as an “Accepted Solution”!
Please use plain text.
Stone Emissary
shainsaw
Posts: 23
Registered: ‎03-01-2012

Re: Another troj z access..

heres the updated scan...http://www.mediafire.com/?2acx8dmd8ox987b  btw, rogue killer link doesnt work either..

Please use plain text.