TDSS Killer not running Options

[boon]

Hello,

I have recently acquired the windows removal virus... I followed a guide that instructed me to go in and rename the virus located in the all users/application data folder; doing this appears to have stopped the spamming of the visual affects of the virus. However I still can not access the Task manager, all of my files are still considered hidden, I keep getting audio from what seems like a TV commercial through my speakers though nothing is running that I can see visually, I keep getting a plug in script error for internet explore to some random sites, and I can not run TDSS Killer(i have tried renaming as well as changing from .exe to .com). When I click on Tdss killer it does absolutely nothing.

Any help would be greatly appreciated... I believe these are the correct files you have requested.

Attached File(s)

 GetSystemInfo_BOON_0VRFA58QN8_Boon_2011_04_24_00_31_26.zip ( 92.29K ) Number of downloads: 4
 virusinfo_syscure.zip ( 23.39K ) Number of downloads: 2

 

[richbuff]

Welcome. If you don't have Kaspersky installed, please feel free to use the AVP Tool. It is linked in the important read me topic, located at the top of this forum page.
Attach its sysinfo.zip.

[boon]

here is the sysinfo.zip from AVP

This post has been edited by boon: 24.04.2011 17:18

Attached File(s)

 avptool_sysinfo.zip ( 13.45K ) Number of downloads: 1

 

[richbuff]

Run this script, instructions: Open the main window of KVRT > Manual disinfection tab > in the field under Step 3 right-click > select Paste from the drop-down menu > click the Execute button. PC will reboot:

CODE

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('C:\Documents and Settings\All Users\Application Data\iCEyocHtffAu.exe','');
DeleteFile('C:\Documents and Settings\All Users\Application Data\iCEyocHtffAu.exe');
RegKeyParamDel('HKEY_USERS','S-1-5-21-1229272821-796845957-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run','iCEyocHtffAu');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

After run script, attach a Combofix log, please review these instructions carefully before downloading Combofix, and follow these instructions carefully after downloading Combofix.

Before downloading and Saving combofix to Desktop, please rename combofix to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows and pause Kaspersky (right click the K icon and click pause protection > Choose the
option "resume manually" if still active) until after the scanning and removal process has taken place.

Please double click on the Combofix file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after
scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post. Also, please don't
forget to resume the Kaspersky that you paused.

Download Combofix here -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

--------------------
The instructions posted here are for the original poster Only. If you have same or other issue, please see the first Important read me topic, and then open a New Topic for yourself.

[boon]

Here is the combofix log... all seems to be running great now, Let me know if there is anything else I should be doing... I really do appreciate your help, you have been awesome!

Attached File(s)

 ComboFix.txt ( 11.93K ) Number of downloads: 4

 

[richbuff]

Run this script, instructions same as the last one:

CODE

begin
CreateQurantineArchive('c:\quarantine.zip');
end.

A file called quarantine.zip should be created in C:\. Then please zip up C:\qoobox\quarantine and upload both it and C:\quarantine.zip to a filehost such as http://www.mediafire.com/
Then, Private Message me the Download link to the uploaded file. Click my user name and select Send message. Lastly, uninstall Combofix by: pause Kaspersky > Start > run >
type combofix /uninstall > ok. Or Start > run > type 123 /uninstall > ok. Restart Kaspersky.

Also, if you use Windows System Restore, turn it off > reboot. This to remove malware from system volume information files. Then turn system restore back on, if you wish. How to turn it off/on: http://support.kaspersky.com/faq/?qid=208279208

Also, scan with Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php Update it first, scan and attach its log, but Please Don't remove anything yet, until the log is reviewed.

[boon]

Pm sent...

Combofix Uninstalled

System Restore Turned off

Malwarebytes scan ran, Log attached

Attached File(s)

 mbam_log_2011_04_24__19_00_18_.txt ( 900bytes ) Number of downloads: 3

 

[boon]

Additional scan ran, as I forgot to update Malware bytes, log attached

Attached File(s)

 mbam_log_2011_04_24__19_09_37_.txt ( 899bytes ) Number of downloads: 4

 

[richbuff]

Looks good. Any changes with your original issues?

[boon]

Yes! I am no longer receiving any of problems mentioned in my original post, Everything appears to be running correctly at this time

[boon]

Well system took a dump today... everything was running fine but then a window poped up that said windows recovery it started to do what it did previously but this time it went to a blue screen, then restarted the comp automatically, and now when I restart it wont load windows, it just goes in circles continually restarting... I figured I would just format the pc but I can't even do that as it looks out my keyboard halfway through the boot, and when it says hit a button to boot from cd it wont work when i hit a button.....

[richbuff]

Can you get to your Bios settings, and configure CD drive as first in Boot Order?

[boon]

Yes I can, and I have... however sometime between there and windows starting up it disables my keyboard and when it says push key to boot from cd, it wont allow me to push a key... then the timer runs up and it boots hard drive which then says windows did not shut down properly please choose startup method... however the keyboard is still disabled at this stage so i can't choose anything and it auto defaults to start normally after 25 seconds where it then starts to load windows but crashes and just starts the whole cycle over again... it seems like I have control of the key board right up until it loads the raid on boot. I was thinking maybe using a floppy windows boot disk? as it is I cant even format the drive at present let alone add a new boot sector...

This post has been edited by boon: 26.04.2011 09:27

[boon]

Just got it to boot from cd by hitting F8, I assumed the bios would default to allow this no matter what at that stage... Now debating wither to repair the boot sector or just format....

[boon]

ehh will attempt to rewrite the boot sector... if this does not work i will try format... have a feeling this is in the bios...


This post has been edited by boon: 26.04.2011 09:50

[boon]

Formatting...