No Way To Properly Title This!

M

mrclose

New Member
System Manufacturer/Model Number: Gateway FX4710-UB802A

OS Windows: Vista Home Premium (x64) Service Pack 2

CPU: 2.50 gigahertz Intel Core2 Quad Q9300

Memory: 4094 Megabytes Usable Installed Memory

Hello Everyone!

Terrible way to start .. nOOb that can't even title his post! 8)



This is a long post but 'please' try to hang in there.

I will bet that None of you have seen a problem like this before!

For over a month, I couldn't open 'anything' on my pc without some difficult work-a-rounds.

Browsers wouldn't launch, tools and apps wouldn't open and access denied would pop up on any system tool that I tried to use.

I did stumble upon a way (described below) to open a browser but that wouldn't help with the other stuff!

It was only when I ran the software tool JRT (junkremovaltool) that everything went back to normal .. EVERYTHING WORKED!!!

Everything worked until I booted the next day and every boot after that!

Every time I power on, I have to do my work-a-round (again .. described below) to get to the JRT tool to get things back to normal!

The kicker is that the tool doesn't clean or delete anything after that first run!
(I still have to run it though, every time I boot!)

My Work-a-round:

(only way to open a browser before I run JRT)

Routine:
1) Click on Start
2) Go to Programs/Accessories
3) Click System Tools
4) Click Windows Easy Transfer
(new window opens)

5) Click on link Go to web page for further information.

6) Click next
(new page)

7) Click on the X (close) button on the new page

8) Click on are you sure you want to cancel easy transfer?

9) Click Yes

10) Microsoft web page opens up as well as my home page (two tabs/windows).

11) I go to the JRT web site and 'run' the program

(12) JRT runs and ...

13) Back to normal, everything works normally again.
(Until next boot time)


I have to run JRT instead of downloading it because Nothing will function (including JRT) Until I run a scan with JRT.


If possible .. I am going to try and get the software (JRT) to run at startup!

Maybe I can eliminate steps 1 thru 12 then?

Think it'll work? 8)


I'm desperate. 8)


I have included links to two of JRT's finished scan results.

The first is the original and everything that the tool removed.

The second is how every other finished scan looks.

I don't get it?

Is the clearing of the Event Logs by JRT returning my pc to functioning properly?
(JRT owner says no)

That is all that is in the logs ,, except the very first one.

Only the first one (scan) from days ago has loads of stuff in it.



First time the tool was used ..

JRT #1 - http://pastebin.com/zCrxeWWr


All Others ...

ALL THE REST - http://pastebin.com/5trGJV3a

BTW: The JRT creator doesn't know why the tool works for me either!

I know this was a long ranting post and if you hung in there .. I Thank You!


Also: JRT is the only tool that returns my system to normal!

I have tried all of the well regarded tools: Malwarebytes, eset, superantispyware, hijackthis .. etc. etc.

All of them.

Same in safe mode.
 
Sounds like a nasty virus I once removed from my friends dad's PC.
It's called ZeroAccess Rootkit, and it pretty much declines you access from doing anything on your PC.
Normally I would suggest reinstalling the PC, because it's a really tough virus. The PC I had to remove it on (Got paid $200 to do it) had software on it for $6000 that couldn't be re-installed.

I followed this guide:
www.malwaretips.com: Remove ZeroAccess Rootkit

Even if it isn't the specific virus, this guide will pretty much cleanse your PC anyway. It deals with the fact that the virus blocks you from opening any anti-virus etc software, and how you get around that.
It includes download links and only uses free software.

I would suggest you follow that guide (took me quite a while, tons of restarts required, and that's rough on an old XP machine that hasn't been cleaned or tidied up in years :D)
 
I could give you specific instructions but I can't right now. But you can download and run tdsskiller and let me know if it found anything. At work right now but can help you better when I get home.
 
Ok, now that I am home please do the following.

1.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

tdssstartscan_zps32a151cd.jpg


TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

2663-2-eng.png


To remove the infections simply click on the Continue button and TDSSKiller will attempt to clean them or remove them.

After trying to clean them it will pop up with the results of the scan and its actions.

2663_3_en.png


Please reboot the system if asked to do so.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it example, C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

Please open the log and copy and paste it back here.

2.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
  • Download this file here :

    Combofix

  • When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
  • Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.

    cf-icon.jpg
  • We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

  • Close all open Windows including this one.
  • Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
    Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  • Please click on I agree on the disclaimer window.
  • ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.

    cf-preparing.jpg

  • ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.

    erunt.jpg

  • Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:

    recovery-console-prompt.jpg

  • At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  • Please click on yes in the next window to continue scanning for malware.
  • ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  • ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  • While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.

    still-scanning-clockchanges.jpg

  • When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  • This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  • When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  • Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.

If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
You must log in or register to reply here.
Back
Top