Winrscmde has stopped working

Discussion in 'Windows Support' started by jonnycack, Feb 22, 2012.

  1. jonnycack

    jonnycack New Member

    Joined:
    Feb 22, 2012
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    Hey Guys,

    I have done quite a bit of searching on this topic and found various ways to fix the problem, but I was wanting to see what you recommend. I think there are a lot of people with these problems, so hopefully I'm not double posting on the same issue, sorry if I am.

    One site said to run TDSSkiller: so I did. It found this:

    Rootkit.Boot.Pihar.b
    \Device\Harddisk0\DR0

    There was a lot of other info in the report, but I dont know if it's important, and I don't know how to post it.

    Anyway, they also said to run aswmbr: so I did. It found this:


    aswMBR version 0.9.9.1618 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-20 16:17:55
    -----------------------------
    16:17:55.308 OS Version: Windows x64 6.0.6002 Service Pack 2
    16:17:55.308 Number of processors: 4 586 0x170A
    16:17:55.309 ComputerName: OFFICE-PC UserName: Lucas
    16:17:57.100 Initialize success
    16:18:45.711 AVAST engine defs: 12022002
    16:18:52.066 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    16:18:52.069 Disk 0 Vendor: Hitachi_ STDO Size: 610480MB BusType: 3
    16:18:52.071 Device \Driver\iaStor -> MajorFunction fffffa80074e95c4
    16:18:52.074 Disk 0 MBR read successfully
    16:18:52.077 Disk 0 MBR scan
    16:18:52.081 Disk 0 Windows VISTA default MBR code
    16:18:52.102 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
    16:18:52.145 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 597166 MB offset 27265024
    16:18:52.150 Service scanning
    16:19:20.254 Modules scanning
    16:19:20.259 Disk 0 trace - called modules:
    16:19:20.264 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8008865350]<<66742141.sys >>UNKNOWN [0xfffffa80074e95c4]<<hal.dll
    16:19:20.267 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f7e790]
    16:19:20.272 3 CLASSPNP.SYS[fffffa6000fcdc33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003ec5050]
    16:19:20.275 \Driver\iaStor[0xfffffa8007270530] -> IRP_MJ_CREATE -> 0xfffffa80074e95c4
    16:19:23.001 AVAST engine scan C:\Windows
    16:19:27.534 AVAST engine scan C:\Windows\system32
    16:24:56.920 AVAST engine scan C:\Windows\system32\drivers
    16:25:28.911 AVAST engine scan C:\Users\Lucas
    16:31:53.633 Disk 0 MBR has been saved successfully to "C:\Users\Lucas\Desktop\MBR.dat"
    16:31:53.640 The log file has been saved successfully to "C:\Users\Lucas\Desktop\aswMBR.txt"
    16:32:47.829 File: C:\Users\Lucas\AppData\Local\Temp\29E2.tmp **INFECTED** Win32:MalOb-IK [Cryp]
    16:32:48.091 File: C:\Users\Lucas\AppData\Local\Temp\3076.tmp **INFECTED** Win32[​IMG]ropper-KDD [Drp]
    16:35:11.400 File: C:\Users\Lucas\AppData\Local\Temp\jar_cache812827438487245398.tmp **INFECTED** Win32:Cycbot-OD [Trj]
    16:35:29.822 File: C:\Users\Lucas\AppData\Local\Temp\nslB2FD.tmp\nlw6tmk.3bt **INFECTED** Win32:MalOb-HO [Cryp]
    16:35:29.969 File: C:\Users\Lucas\AppData\Local\Temp\nslB2FD.tmp\qyrb5od.zfp **INFECTED** Win32:MalOb-HO [Cryp]
    16:35:30.011 File: C:\Users\Lucas\AppData\Local\Temp\nslB2FD.tmp\uqb4apu.max **INFECTED** Win32:MalOb-HO [Cryp]
    16:54:23.189 AVAST engine scan C:\ProgramData
    16:56:53.314 File: C:\ProgramData\Microsoft\Windows\DRM\2934.tmp **INFECTED** Win32:Malware-gen
    16:56:53.372 File: C:\ProgramData\Microsoft\Windows\DRM\2934.tmp.dat **INFECTED** Win32:MalOb-IK [Cryp]
    16:56:53.461 File: C:\ProgramData\Microsoft\Windows\DRM\2FD8.tmp **INFECTED** Win32:Malware-gen
    16:56:53.516 File: C:\ProgramData\Microsoft\Windows\DRM\2FD8.tmp.dat **INFECTED** Win32[​IMG]ropper-KDD [Drp]
    16:56:53.680 File: C:\ProgramData\Microsoft\Windows\DRM\D3B5.tmp **INFECTED** Win32:MalOb-IK [Cryp]
    17:20:39.501 Scan finished successfully
    17:25:36.647 Disk 0 MBR has been saved successfully to "C:\Users\Lucas\Desktop\MBR.dat"
    17:25:36.676 The log file has been saved successfully to "C:\Users\Lucas\Desktop\aswMBR.txt"
    17:28:08.627 Disk 0 MBR has been saved successfully to "C:\Users\Lucas\Desktop\MBR.dat"
    17:28:08.633 The log file has been saved successfully to "C:\Users\Lucas\Desktop\aswMBR.txt"

    I have read to run something called ComboFix, but I have yet to do that because I wanted to see about the importance of what I already did.

    I am not very good with computers, but I learn fast, so if you need more info, let me know. Also, please tell me if I am just an idiot and I should let someone else fix this for me.

    Thanks!
     
  2. Ex_Brit

    Ex_Brit Older, But No Wiser Staff Member

    Joined:
    Jun 19, 2006
    Messages:
    3,314
    Likes Received:
    1
    Trophy Points:
    38
    Gender:
    Male
    Occupation:
    Air Canada (Rtrd: 2001)
    Location:
    Toronto
    1st thing to try. Boot into Safe Mode by tapping F8 repeatedly while booting up and then go to Start > All Programs > Accessories > System Tools > System Restore and see if you can take your machine back to before this happening.

    An alternative means to start System Restore is to go to Start/Run and type in rstrui.exe and click Enter.

    If successful, temporarily disable System Restore to delete the infected restore point.

    If not read on....

    Boot into 'Safe Mode with Networking' and download the FREE version of THIS tool, update it (important) and then run a full scan ALL IN THAT MODE (it works!).

    Hopefully that will get rid of it.

    As far as TDSSKiller and ComboFix are concerned, they are best left to the experts on the malware removal forums.
     
  3. jairoh_

    jairoh_ New Member

    Joined:
    Feb 26, 2012
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    if you can't restore your old system. then run try running malwarebytes-antimalware,noobkiller, kaizer killer, your av with full scan. and combo fix still in safe mode.
     

Share This Page