Rootkits

[Beatriz Alma]

Hi Britec and friends from Britec :

Nice meeting you.
In my XP PC , AVG register 44 Rootkits , were 36 until short , AVG can not fix them , Malwarebytes do not see them .
Britec said on one youtube , if you use TDSkiller do not delet , cure or skipe or you will loose the booting  , but in another youtube he said , delet. So I don't now and don't want to format. The summaty that I coppied from AVG is in the attachment.

I hope the hacker has not taken the other PC trough the network and I hope you can help me .


THX
Bea

[Britec]

Hey Bea, Welcome to the forum.

Step 1

 Run TDSSKiller Scan

·         Please download  TDSSKiller and save the file to your Desktop.

·         Right-Click  TDSSKiller.exe and Run as administrator.

·         Click Change parameters. Place a checkmark next to Detect TDLFS file system.

·         Click Start Scan. please be patient and  Don't use computer while scan is running.

·         If infected files are found, please change the action to skip.

·         Click Continue and close TDSSKiller.

·         Look for log file in root directory that's c:\  please copy  contents of the log and paste it in your next post.


Step 2

 Run Scan with aswMBR


Please download  aswMBR and save it to your desktop.
Please temporary disable your Anti-Virus and Anti-Malware software.

·         Right-click  aswMBR.exe and Run as Administrator.

·         Click Yes to Allow Virtualisation.

·         Click Yes to download the latest anti-virus definitions for aswMBR from avast.

·         Click Scan.

·         Once completion, you will see Scan finished successfully. Click Save log.

·         Please copy log and post on your next reply

[Beatriz Alma]

Hi Britec :

I downloaded TDSS on another PC , will copy with flash , can't install on desktop ,onlt on a temp in C:\
Do I run it of line or on line ? Disconet the internet ?

At the end I will donate , but please give me a PayPall account , is all I have , I'm in the Netherlands.
THX
Bea

[GuiltySpark]

(12-08-2014, 06:08 PM)Beatriz Alma Wrote:  Hi Britec :

I downloaded TDSS on another PC , will copy with flash , can't install on desktop ,onlt on a temp in C:\
Do I run it of line or on line ? Disconet the internet ?

At the end I will donate , but please give me a PayPall account , is all I have , I'm in the Netherlands.
THX
Bea

I would disconnect from the net (but it doesn't matter too much as its just a scan)
PayPal is one of the options offered.

[Beatriz Alma]

OK THX Britec and Guilty , I'll do the TDSS now , scary.
we'll do it with PayPall later.

[Britec]

Don't forget to run aswMBR

[nsm0220]

(12-08-2014, 08:31 PM)Beatriz Alma Wrote:  OK THX Britec and Guilty , I'll do the TDSS now , scary.
we'll do it with PayPall later.

if aswMBR.exe doesn't work you can try dr web cure it which it can repair damage windows files and folders https://www.freedrweb.com/download+cureit/?nc=t&lng=en

[Beatriz Alma]

Hi Britec , nsm0220 & friends

I coppied TDSSkiller from flash to the infected PC , to temp in C:\ , dubble click there , clicket on Detect TDLFS file system. Not from the desktop , can't access it .
he found no serious threads only suspicious objects medium risk , ousb2hub and ousbehci . (I guess for signature )

Malwarebytes don't see the rootkids , only AVG , does , a friend told me that AVG internet security  is very sensitive and if I don't close well  the rubbish will be taken as rootkids . I don't know .
Don't dare to install aswMBR.exe because I'have to disconect AVG and Malwarebites , thats all protection I have now .

If you think I am still infected or the programs are fooling me , please help .
If you think I am clean , tommorrow I'll Paypall a gift for you .
And defititelly I'll post you on my FB and Youtube.


Thank you .
Greatings Bea

[Britec]

Please follow instructions carefully, your not running all the programs I asked and your not posting logs from the scan results.

Step 1

 Run Scan with aswMBR


Please download  aswMBR and save it to your desktop.
Please temporary disable your Anti-Virus and Anti-Malware software.

·         Right-click  aswMBR.exe and Run as Administrator.

·         Click Yes to Allow Virtualisation.

·         Click Yes to download the latest anti-virus definitions for aswMBR from avast.

·         Click Scan.

·         Once completion, you will see Scan finished successfully. Click Save log.

·         Please copy log and post on your next reply

Step 2

 Malwarebytes Anti-Rootkit (MBAR)

• Please download Malwarebytes Anti-Rootkit and save the file to your desktop.
• Double-click MBAR.exe to run the installer.
• Select a convenient location to extract the contents and click OK.Navigate to the location you selected.
• Double-click MBAR.exe to run the programme.
• Follow the prompts to update the programme and scan your computer.
• Upon completion, click Cleanup*and reboot your computer.
• After the reboot, rerun the programme to verify no threats remain. If threats are still detected, click the Cleanup button once more.
• Upon completion, two logs (mbar-log.txt and system-log.txt) will be created.*Copy the contents of both logs and paste in your next reply.
• Note: Both logs can be found in the MBAR folder.
  
  

[Beatriz Alma]

Hi Britec :

you said: Please follow instructions carefully, your not running all the programs I asked and your not posting logs from the scan results.


Is because I am scared , don't know how to desable AVG and Malwarebytes . I'll ask my husband to desable them.

Is Malwarebytes antirootkit the same as Malwarebytes ? If so I have it sinds october 2014 .

The picture is what I have , if it the same ? Will I loose the  premium licensie if I dowload again ?

I'll try the aswMBR and mail you the result.

Thank you for your patiente .

Gr Bea .