Pc issues

gnimia

RussJK wrote: »

If your wireless is playing up, is it possible to connect the PC to the modem via a network cable?

thanks - its a bit hit and miss, im back on the pc now... thanks tho!

closed

master boot record is not the same as java cache, do a boot time scan or try scanning with tdsskiller.

RussJK

So you've got an MBR rootkit. Malwarebytes didn't find the main problem.

Try aswMBR and TDSSkiller. With aswMBR, don't download the Avast definitions as it'll do a long scan, just use the guide on the page.
http://public.avast.com/~gmerek/aswMBR.htm
http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Both are potentially quick. There is the potential that fixing the problem might make it difficult to get into Windows.

Also Hitmanpro, another quick one.
http://www.surfright.nl/en/hitmanpro

HJT shouldn't crash. If it's on your desktop, then try LEFT SHIFT as well as RIGHT CLICK. If it still crashes, leave it alone for now.

Afterwards, report back if you like - and the Avast boot scan will be a good idea.

gnimia

Ok - have done the avast bootscan and it's picked something up under sun/java/deployment. It gives me a lot of options- delete, delete all. Move to chest. Move all to chest. Repair. Repair all. Ignore

?

RussJK

Move to chest.

gnimia

Wow - thanks - I ran the TDS killer and that seems to have got rid of it - the Boot scan didnt find it tho, and that took a while!
Its also not been having trouble starting up, so maybe the two are linked?
Anyway - thanks for all your help!

RussJK

Yes it was an infection of the MBR, which includes the bootloader, so intimately related to booting. It's a serious infection.

Which did TDSSkiller say it was? TDL3?

Rootkits hide other malware, and they also leave methods for them to come back. I wouldn't leave it at that at all - where is the malware that installed the rootkit in the first place?

See if you can do Hijackthis now, and please post a log. I would re-run both Malwarebytes QUICK scan and HitmanPro. It wouldn't hurt to stick either Panda free av or Prevx for a second opinion and some additional realtime protection (can uninstall after a week or two), and to block any attempts for the rootkit to come back.

I would uninstall Java unless you need it, big security risk.

Lastly leave it scanning overnight with Dr Web (Stop the default scan, and choose FULL. It'll take ages to complete https://www.freedrweb.com/download+cureit/gr/?lng=en).

gnimia

Sorry - i didnt catch what tdsskiller said it was. And cant seem to find a log?
Hijackthis is working, but again, i cant work out how to post a log - i seem to have downlaoded the micro version, if that makes a difference.

What kind of additional realtime protection would you recommend?

And thanks!

gnimia

Quick malware bytes scan:
Malwarebytes' Anti-Malware 1.51.0.1200
https://www.malwarebytes.org

Database version: 7060

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/07/2011 00:25:14
mbam-log-2011-07-10 (00-25-13).txt

Scan type: Quick scan
Objects scanned: 193183
Time elapsed: 11 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

gnimia

Hitman found a bunch of tracking cookies which ive deleted, but nothing else.
Will run Dr Web tonight - what a date