HDD Virus

[Richandlou1992]

Hi All,

 

I appear to have been hit by a virus which has installed a programm called HDD Removal. Everytime i switch the machine on it does a scan and informs me I have all manner or issues with the hard drive etc. I am hoping some one may know how to remove this? It is a real pain as I cannot run the computer normally whilst this is installed. I have googled this and down loaded a couple of Trojan removal programmes, however once they have done a scan, they need me to pay £30 to safely remove the problem? Can anyone advise if this can be done for free, or do i need to pay, if so can you reccomend a good removal programm.

 

Any help would be appreciated.

 

Thanks

Richard

 

PS - I am no computer whiz kid so if you could bear that in mind with any answers!!:):)

[RandyL]

Hi.

Please follow the advice on the link below. It might help speed things up.

Before posting for Malware Removal help.

[Starbuck]

Hi Richandlou1992,

 

This is a nice one, it can come bundled with the TDSS rootkit.

We better work on that assumption.

 

Following the normal guide may not work with this malware, try this.

 

Step 1

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
  
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
   
  http://img.photobucket.com/albums/v708/starbuck50/new/tdss1.png
   
  
• If an infected file is detected, the default action will be Cure, click on Continue.
   
  http://img.photobucket.com/albums/v708/starbuck50/new/tdss2.png
   
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
   
  http://img.photobucket.com/albums/v708/starbuck50/new/tdss3.png
   
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
   
  http://img.photobucket.com/albums/v708/starbuck50/new/tdss4.png
   
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file in your next reply.
   
  

 

Step 2

Please download RKill.com to your desktop from the following link.:

Rkill download link

Download page will open in a new tab or browser window.

When at the download page, click on the Download Now button to download RKill.com and save it on your desktop.

Once it is downloaded, double-click on the rkill.com icon.

If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the malware when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself .

 

If the malware is persistant, you may have to run RKill a number of times.

When it has finished, the black window will automatically close and you can continue with the next step.

 

If you continue having problems running rkill.com, you can download iExplore or eXplorer.exe from the rkill download page. Both of these files are renamed copies of rkill.com, which you can try instead. Please note that the download page will open in a new browser window or tab.

 

Note

Please do not reboot your system until you have completed the following step, or the Malware may restart itself:

 

Step 3

Please download Malwarebytes Anti-Malware and save it to your desktop.

• Make sure you are connected to the Internet.
  
• Double-click on Download_mbam-setup.exe to install the application.
  
• When the installation begins, follow the prompts and do not make any changes to default settings.
  
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
    
  • Launch Malwarebytes' Anti-Malware

  [*]Then click Finish.

  [*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

  [*]On the Scanner tab:

  • Make sure the "Perform Full Scan" option is selected.
    
  • Then click on the Scan button.

  [*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.

  [*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.

  [*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".

  [*]Click OK to close the message box and continue with the removal process.

  [*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.

  [*]Make sure that everything is checked, and click Remove Selected.

  [*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)

  [*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

  [*]Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

 

 

In your next reply, please submit:

TDSSKiller report

MBAM scan report

 

 

Thanks.

[Richandlou1992]

Thanks for your response, I will carry out these steps and post the reports.

 

Cheers

Richard

[Richandlou1992]

I have a further problem. I downloaded the first programm, which loads a zipped file on to my desktop, and i dont have winzip. I have downloaded a version, however it cannot load it on to the computer in safe mode. I have tried to open the computer in normal mode but the virus does not allow me open any files!! I have fallen at the first hurdle, any ideas?????

 

Many Thanks

Richard

[Starbuck]

Hi Richandlou1992,

 

Ok, leave TDSSKiller for now,

Try the next 2 steps and let me know how it goes.

If you can't get into normal mode .... try safe mode with networking.

At least this will give you an internet connection.