1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Virus

Discussion in 'Malware and Virus Removal Archive' started by malady, 2011/12/13.

Page 2 of 2
  1. 2011/12/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I hate to preach but this is what happens when you use some tool you're not familiar with on your own.

    You not only quarantined those items (TDSSKiller has "unquarantine" function) but you actually deleted them.
    You made some irreversible changes to legit entries.

    At this point I'm not even sure what can be done.

    Do you have Windows XP CD?
     
    broni,
    #21
  2. 2011/12/15
    malady

    malady Inactive Thread Starter

    Joined:
    2011/12/07
    Messages:
    64
    Likes Received:
    0
    Yws, you are right! I still have the quarantine folders and files (one in each). Folders are numbered 0-11 called susp0000 etc. The files are .dta around 30-50 kilobyes. Do you know how to restore them? Didn't see that function in the program.

    Couldn't run that script in OTL. I entered it and clicked "Run fix" and it hung for 4 hours on "Killing Processes-Do Not Interrupt ". Wasn't using the computer.
     
    malady,
    #22


  3. to hide this advert.

  4. 2011/12/15
    malady

    malady Inactive Thread Starter

    Joined:
    2011/12/07
    Messages:
    64
    Likes Received:
    0
    Sorry...typo ..meant "Yes ". Also. no windows xp or Toshiba recovery CD.I don't have a keyboard on here after I blew away the files wtih Kapersky.
     
    malady,
    #23
  5. 2011/12/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It looks like at least these two files are related to your keyboard:
    qmofiltr.sys
    qkbfiltr.sys

    I never done it before but re-run TDSSKiller and carefully examine all stages.
    At some point you should get a list of quarantined files.
    See if you can undo those two above.

    We'll get back to OTL issue later.
     
    broni,
    #24
  6. 2011/12/15
    malady

    malady Inactive Thread Starter

    Joined:
    2011/12/07
    Messages:
    64
    Likes Received:
    0
    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Babycakes
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Owner
    ->Temp folder emptied: 19788750 bytes
    ->Temporary Internet Files folder emptied: 6661411 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 10283844 bytes
    ->Flash cache emptied: 611 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 109744 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder

    emptied: 0 bytes
    RecycleBin emptied: 7324045 bytes

    Total Files Cleaned = 42.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Babycakes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService

    User: Owner
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.31.0 log created on 12152011_201111

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
    malady,
    #25
  7. 2011/12/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Did you attempt to unquarantine those files?
     
    broni,
    #26
  8. 2011/12/15
    malady

    malady Inactive Thread Starter

    Joined:
    2011/12/07
    Messages:
    64
    Likes Received:
    0
    Kapersky

    Ran Kapersky again and it says nothing found. Had no option to restore the files. Can't open them even with Kapersky. Thx.
     
    malady,
    #27
  9. 2011/12/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    At this point....

    In this forum, we make sure, your computer is free of malware and your computer is clean :)
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.

    Good luck!
     
    broni,
    #28
  10. 2011/12/15
    malady

    malady Inactive Thread Starter

    Joined:
    2011/12/07
    Messages:
    64
    Likes Received:
    0
    Thanks so much for your help! Appreciate it!
     
    malady,
    #29
  11. 2011/12/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome [​IMG]
     
    broni,
    #30
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...