Page 1 of 2 12 LastLast
Results 1 to 10 of 15
  1. #1
    Member
    Join Date
    Jun 2011
    Posts
    8
    Points
    0

    Default problem on system running Windows XP

    Hi,
    We seems to be 'losing' files on our system. A list of symptoms:
    - we cannot save files to a particular directory and see them
    - there seems to be a complete copy of our hard-drive in another directory called pbackup
    - we are running AVG (I used a bootable CD version to check the entire computer this morning - nothing came up)
    - we have run all of the recommended scans (see logs)

    Any ideas?

    Thanks,
    J0du
    Attached Files

  2. #2
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello and welcome to Help2Go

    We apologize for the delay in responding to your request for help. Here at Help2go we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

    Please take note:

    1. If you have since resolved the original problem you were having, we would appreciate you letting us know.
    2. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
      • If you are unsure about any of these characteristics just post what you can and we will guide you.
    3. Please tell us if you have your original Windows CD/DVD available.
    4. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
    5. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
    6. Upon completing the steps below I will review your topic an do their best to resolve your issues.
    7. If you have already posted a DDS log, please do so again, as your situation may have changed.
    8. Use the 'Add Reply' and add the new log to this thread.


    We need to see some information about what is happening in your machine. Please perform the following scan again:

    • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    • Notepad will open with the results.
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control HERE


    We also need a new log from the GMER anti-rootkit Scanner.

    Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

    Please first disable any CD emulation programs using the steps found in this topic:

    Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:


    Note:
    If you are unable to run a Gmer scan due the fact you are running a64bit machine please run the following tool and post its log.

    Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.




    Thanks and again sorry for the delay.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  3. #3
    Member
    Join Date
    Jun 2011
    Posts
    8
    Points
    0

    Default next round of log files and some more information

    GMER Log - part.txtattach.txtdds.txt

    - We have the original Windows CD's.
    - I have purchased a new hard drive - and a USB enclosure for the hard-drive with the problem. The plan is to rebuild the computer with the new drive and then pull any needed info off the corrupted drive. I am worried about contaminating the new drive and loss of files.

    - The GMER scan would not complete. It would freeze after about 5 minutes (the entire computer would freeze). I reran the scan and saved a log-file as close to the point at which this occurs as I could.

    - I have attached the DDS log files (2) and the GMER partial log file.

    Thank you!

  4. #4
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello, We can try and fix this machine first and get your files back before you move them over.

    Please do the following and see how your machine is running.

    1.
    Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


    2.
    Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
    Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • If TDSSKiller does not run, try renaming it.
    • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
    • Click the Start Scan button.
    • Do not use the computer during the scan
    • If the scan completes with nothing found, click Close to exit.
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C.
    • Copy and paste the contents of that file in your next reply.


    3.
    Please download Unhide.exe and let it run.

    Things to include in your next reply::
    aswMBR log
    TDSSKiller log
    A new DDS log
    How is your machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  5. #5
    Member
    Join Date
    Jun 2011
    Posts
    8
    Points
    0

    Default additional scans

    I ran the three scans and have attached the log files. We are still unable to see the files in one directory. Was I supposed to run a repair or fix using aswMBR?

    In case AVG was blocking unhide - I re-ran this with AVG off and internet disconnected.

    Full disclosure - our other computer was infected with an Aeleron trojan the other day (we returned from vacation and checked email before letting our virus software update). I was able to partially clean this up with the TDSSKiller program. In case the problem was the same on this computer, I ran the scan on this computer as well. TDSSKiller did not pick up anything then.

    Thanksattach.txtTDSSKiller.2.5.4.0_11.06.2011_12.41.35_log.txtdds.txtaswMBR.txt

  6. #6
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    Please rerun aswMBR and select fix this time to let it fix the problem.



    You can try and use this manual fix to see if you can get your files back in that one directory.

    This is a manual fix for XP users:

    1. Copy the entire content of this folder:
    C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\1
    and paste it to this folder:
    C:\Documents and Settings\All Users\Start Menu

    2. Copy the entire content of this folder:
    C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\2
    and paste it to this folder:
    C:\Documents and Settings\user_name\Application Data\Microsoft\Internet Explorer\Quick Launch

    3. Copy the entire content of this folder:
    C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\3
    and paste it to this folder:
    C:\Documents and Settings\user_name\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar

    4. Copy the entire content of this folder:
    C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\4
    and paste it to this folder:
    C:\Documents and Settings\All Users\Desktop

    If the above does not work then you can restore the defaults for the Start Menu, Accessories and Administrative Tools as follows:

    For any other missing program shortcuts you will probably need to reinstall the application or manually create new shortcuts.


    Things to include in your next reply::
    aswMBR log
    a new HIJAckThis log
    How is your machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  7. #7
    Member
    Join Date
    Jun 2011
    Posts
    8
    Points
    0

    Default manual attempt to find files unsuccessful

    I scanned, fixed and rescanned with *aswMBR* (log attached). I rebooted after fixes.
    I tried *unhide* again (no luck)
    I tried the manual fix to find files - but the 'smtmp' directory does not exist for any uses
    I ran *hijackthis* (log attached)

    I ran the two *winxptutor* programs - could not see the 'smtmp' directories or the lost files. I will reboot, try unhide again and also the manual fixes.

    aswMBR.txthijackthis.txt

  8. #8
    Member
    Join Date
    Jun 2011
    Posts
    8
    Points
    0

    Default reboot results

    I tried rebooting, running *unhide* - the files are still missing (as is the 'smtmp' directory).

  9. #9
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,


    Have you ran any kind of temp file Cleaner or registry cleaner during your attempt to fix the problem before coming to Help2go?

    We need to see if that MBr fix worked.



    1.
    Please download aswMBR ( 511KB ) to your desktop.
    • Double click the aswMBR.exe icon to run it
    • Click the Scan button to start the scan
    • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  10. #10
    Member
    Join Date
    Jun 2011
    Posts
    8
    Points
    0

    Default next step

    I had to set up a functional system - so pulled the hard-drive with the virus/trojan/malware out and rebuilt the computer Sunday and Monday. I tried to boot again with the drive so I could run the suggested scan and could not get the computer to boot off of the drive (this is due to my computer ignorance).

    Some interesting observations:
    - when I connect the drive to the computer as a USB device, it seeks the internet
    - the folder with the missing files cannot be copied or moved

Page 1 of 2 12 LastLast