|
Post by raymondo70 on Nov 25, 2014 19:57:15 GMT -8
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 25, 2014 20:00:34 GMT -8
Ok comes back clean (0)
Is there a log in between showing what TDSSkiller did to the VBR ??
Quads
|
|
|
Post by raymondo70 on Nov 25, 2014 20:11:49 GMT -8
That's the only log that was created. What is the VBR?
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 25, 2014 20:13:55 GMT -8
Volume Boot Record
Now when you restart the system with TDSSkiller now saying clean the system should load Windows OK.
Quads
|
|
|
Post by raymondo70 on Nov 25, 2014 20:17:05 GMT -8
Ok. It rebooted without incident. Any next steps?
|
|
Quads
Malware Removalists
In New Zealand
Posts: 9,387
|
Post by Quads on Nov 25, 2014 20:22:25 GMT -8
I did see 2 random named folders in the Recovery Mode FRST.txt but
I will let dbrisen carry on where we was up to now that your system now has Windows booting and Cidox has been dealt to (TDSSkiller has its own quarantine folder)
Quads
|
|
|
Post by raymondo70 on Nov 25, 2014 20:26:46 GMT -8
C:\ProgramData\CulgAdyu & C:\ProgramData\GoloMuya perhaps?
That bad or indifferent?
Also, thanks for the help!
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Nov 25, 2014 20:55:37 GMT -8
Now that is taken care of, let's get a fresh start and work on whatever is left over. Read Slowly and all of it.If you still have a Addition.txt log file on your desktop, please delete it now. Start FRST64 that is on your Desktop by right clicking and selecting "Run as Administrator". The tool will start to run. When the tool opens click Yes to disclaimer. (if it does) Select Additional.txt in the Optional Scans section of FRST64. Press Scan button. It will make two logs ( FRST.txt and addition.txt) on your Desktop. Please attach the logs in your reply back. Or open the logs in notepad and copy the logs and paste back in a message as a reply. ( Ask if you don't know how to do either of these). Notes:
If your Security software blocks the running or download of FRST / FRST64, please disable the security software or make an exception for this file. FRST is updated very frequently and is safe to run but because of the frequent changes (to keep up with newest malware techniques) most Security Software does not approve of the unknown file. Right now the forum will not allow one to attach the Addition.txt file so please use wikisend.com or filedropper.com to upload the file and then post the download link here in your reply post.
|
|
|
Post by raymondo70 on Nov 25, 2014 22:05:11 GMT -8
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Nov 25, 2014 22:49:28 GMT -8
And let's get back on track now>>>>
You may want to read carefully all of this message first before starting the steps.
NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Download the script file that is attached by right clicking on it and selecting "Save Target As..." or "Save Link As ...." (depends on the browser you are using). Please make sure that the file type is set as Text File and the files name is Fixlist.txt , have it on the Desktop, so that fixlist.txt is next to FRST64.exe,
DO NOT DRAG AND DROP to download the script, it won't work properly for FRST.
The script tells FRST what to do.
Start FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..."
When the tool opens click Yes to disclaimer. (if it still does)
Press the Fix button just once and wait. The script will be processed and your system restarted to complete the removal / breakage of the malware.
The tool will make a log on the Desktop (Fixlog.txt) please post it to your reply (attach or paste)
|
|