My photos are uploading to Local Disk Q: and I can't access it!

I

IhaveIssues

Member
Hi,

I'm new here so please forgive me if I don't know all the correct computer 'terms'.

I have Windows Vista 32bit on a Dell PC. My computer picked up the "Windows Vista Repair" virus a few weeks ago, and I'm pretty sure I got it out completely. However, now when I plug in my digital camera to try to upload photos, I am unable to view it. Prior to this issue, when I would plug in the usb it would automatically allow for me to view photos and it would be a "removable device". Now it goes to "Local Disk Q:" which I can not access at all. I've googled nonstop for days and still have not been able to access that drive or delete it, etc.

Also, when I try to run a 'Microsoft Fix It' or any other method that requires internet access, I receive an error stating they can not find a connection to the Internet (even though I am currently connected and online as I type this) So I'm thinking that whatever those programs need in order to reach their server may also be in that Q: Drive now.

So, I am looking for help. I need to be able to get my photos to open and to get them to stop going to Q: drive. When I look in my Device Manager under "Disk Drives" I see the following: Mat****a DMC-FZ5 USB Device (that is my digital camera) and ST316081 2AS SCSI Disk Device

Thanks in advance!
 

My Computer

System One

I think youre still partially infected.

How did you remove the last issue?

You should run malwarebytes and a know AV to triple check your clean.
 

My Computer

System One

  • CPU
    Dual L5639 // i7 950 @ 4.0Ghz
    Motherboard
    Evga SR-2 // Gigabyte x58a-ud3r
    Memory
    12Gig Corsair XMS3 // 6Gig OCZ Gold
    Graphics Card(s)
    gtx 560 ti // gtx 260-216
    Monitor(s) Displays
    Dual 22" // Headless
    Hard Drives
    OCZ aGILITY 3, 120Gig + Seagate 500Gig x 2
    PSU
    Silverstone da700 // Corsair 520hx
    Case
    Rosewill BlackHawk Ultra // Antec 900v1
    Cooling
    Twin CM Hyper 212+ // Noctua NH-u12
    Other Info
    Acer 8930 laptop with x9100...
Hello IHaveIssues and welcome to the forums :party:

Yes let's check you're all clean before continuing. Can you do the following for me please?

Malwarebytes Anti-Malware

Download and install MBAM from here
Run a full scan and attach the log with your next post for me to analyse

CKScanner

Please download CKScanner from here to your Desktop.

Make sure that CKScanner.exe is on the your Desktop before running the application!

Double-click on CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved
Attach the log CKFiles.txt that has been created on your desktop with your next post

OTL

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.


Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

:\_OTL\MovedFiles
in most cases this will be C:\_OTL\MovedFiles

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
Hello Tom982,

I am attaching the MBAM logs, the CKFiles.txt, and the OTL log.

Thanks so much for your assistance! I hope you (or someone) can figure out what my issue is and how to repair it.
 

Attachments

  • mbam-log-2011-07-19 (11-43-48).txt
    1.1 KB · Views: 97
  • protection-log-2011-07-19.txt
    5.6 KB · Views: 64
  • ckfiles.txt
    426 bytes · Views: 61
  • Extras.Txt
    45.7 KB · Views: 67
  • OTL.Txt
    107.4 KB · Views: 57
Last edited:

My Computer

System One

Your MBAM log looks fine, as does your CKScanner one. OTL logs tend to take a little longer to interpret, (as you can probably guess!) so I'll get back to you on that later :)

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
Can you open up OTL again but this time I want you to copy and paste the following into the custom fixes box at the bottom:

Code: 
:FILES
[2011/07/06 17:16:25 | 000,009,248 | -HS- | M] () -- C:\ProgramData\7q4da2444o4nswy /D
[2011/07/06 17:16:24 | 000,009,248 | -HS- | M] () -- C:\Users\Melissa\AppData\Local\7q4da2444o4nswy /D
:OTL
@Alternate Data Stream - 288 bytes -> C:\ProgramData\TEMP:8927A071
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:408F95E5
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:ECF54A0E
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:B468194E
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:9F5DDD64

Then press the run fix button. Copy and paste the contents of the log that opens upon completion into your next post please.

Also, I would like you to upload the following files to VirusTotal - Free Online Virus, Malware and URL Scanner

C:\ProgramData\~38657784
C:\ProgramData\~38657784r
C:\ProgramData\38657784

Send me the link to each report please

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
I'm pretty sure I got it out completely
Click to expand...
If you are lucky, you completely removed the virus. But that did not repair the damage this virus has done. You could try a repair/install, but if that does not fix your problems, you have to either set back to an image from before you caught the virus or reinstall.
 

My Computer

System One

  • Manufacturer/Model
    Dell
    CPU
    Q6600
    Memory
    4GB
    Monitor(s) Displays
    HP w2207h
    Hard Drives
    2x250GB HDDs
    1x60GB OCZ SSD
    6 external disks 60 to 640GBs
    Other Info
    Also 1xHP desktop, 1xHP laptop, 1xGateway laptop
whs said:
I'm pretty sure I got it out completely
Click to expand...
If you are lucky, you completely removed the virus. But that did not repair the damage this virus has done. You could try a repair/install, but if that does not fix your problems, you have to either set back to an image from before you caught the virus or reinstall.
Click to expand...

Yes exactly, I found a few traces of this in his OTL log. We'll soon see what those other files are like

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
Hi Tom,

Here is all the info. I was unable to find one of the files you asked me to upload.

========== FILES ==========
Invalid Switch: 06 17:16:25 | 000,009,248 | -HS- | M] () -- C:\ProgramData\7q4da2444o4nswy
Invalid Switch: 06 17:16:24 | 000,009,248 | -HS- | M] () -- C:\Users\Melissa\AppData\Local\7q4da2444o4nswy
========== OTL ==========
ADS C:\ProgramData\TEMP:8927A071 deleted successfully.
ADS C:\ProgramData\TEMP:408F95E5 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:ECF54A0E deleted successfully.
ADS C:\ProgramData\TEMP:FB1B13D8 deleted successfully.
ADS C:\ProgramData\TEMP:B468194E deleted successfully.
ADS C:\ProgramData\TEMP:9F5DDD64 deleted successfully.

OTL by OldTimer - Version 3.2.26.1 log created on 07212011_124747


http://www.virustotal.com/file-scan/report.html?id=13d6bce4e12c071c9bed2550fb5982d9651be192ab444cb544f64f1df257cff7-1311277606

http://www.virustotal.com/file-scan/report.html?id=13d6bce4e12c071c9bed2550fb5982d9651be192ab444cb544f64f1df257cff7-1311277834

I wasn't able to find this file: C:\ProgramData\~38657784r

Thanks Again!
 

My Computer

System One

Sorry the invalid switch errors was my fault. Can you do the same with this text please:

Code: 
:FILES
C:\ProgramData\7q4da2444o4nswy /D
C:\Users\Melissa\AppData\Local\7q4da2444o4nswy /D
C:\ProgramData\~38657784 /D
C:\ProgramData\~38657784r /D
C:\ProgramData\38657784 /D

Can you scan your computer with the ESET Online Scanner:

Free ESET Online Antivirus Scanner

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
Here are the new results from OTL:
========== FILES ==========
C:\ProgramData\7q4da2444o4nswy deleted successfully.
C:\Users\Melissa\AppData\Local\7q4da2444o4nswy deleted successfully.
C:\ProgramData\~38657784 deleted successfully.
C:\ProgramData\~38657784r deleted successfully.
C:\ProgramData\38657784 deleted successfully.

OTL by OldTimer - Version 3.2.26.1 log created on 07212011_181555

And I'm attaching a screenshot of what ESET said.

Thanks Again!
 

Attachments

  • eset.jpg
    eset.jpg
    57.5 KB · Views: 43

My Computer

System One

Can you install Microsoft Security Essentials and run a full scan please.

Can I also have a fresh OTL log please? I'll see if I can find anything about your proxy error

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
Hi Tom,

I'm attaching the OTL Log and the error message I received from Microsoft Security Essentials. It says I'm not connected to the Internet, but I am.

Thank You
 

Attachments

  • OTL.Txt
    107.2 KB · Views: 53
  • mse.jpg
    mse.jpg
    195.3 KB · Views: 45

My Computer

System One

Okay, can you run the attached script as an administrator please?

Tom
 

Attachments

  • Flush DNS and restore HOSTS file.bat
    380 bytes · Views: 22

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
Okay, I ran the script and then I ran the Microsoft Security Essentials (it worked). There were 9 "Severe" items found and I removed them. Now what would you like for me to do?

Thank You
 

My Computer

System One

Can you tell me what it found and in which files please?

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
Hi Tom,

Here is what it found:

Trojan:JS/Hiloti.B
PWS:Win32/Sinowal.AHC
Exploit:Java/CVE-2008-5353.QX
Exploit:Java/CVE-2008-5353.VL
Exploit:Java/CVE-2009-3867.E
Exploit:Java/CVE-2009-3867.FM
Exploit:Java/CVE-2009-3867.KL
Exploit:Java/CVE-2010-0840.EU
TrojanDropper:Win32/Vundo

And here is where it found it all. (In order):

containerfile:C:\Users\Melissa\AppData\Local\{FC6B2AAD-6EDC-418E-B1C7-E918089C470A}\chrome\content\overlay.xul
file:C:\Users\Melissa\AppData\Local\{FC6B2AAD-6EDC-418E-B1C7-E918089C470A}\chrome\content\overlay.xul->(SCRIPT0000)

file:C:\Users\Melissa\AppData\Local\Temp\tjoG.exe

containerfile:C:\Users\Melissa\AppData\Local\Temp\jar_cache6824168184530303882.tmp
file:C:\Users\Melissa\AppData\Local\Temp\jar_cache6824168184530303882.tmp->total/Server2.class

containerfile:C:\Users\Melissa\AppData\Local\Temp\jar_cache6824168184530303882.tmp
file:C:\Users\Melissa\AppData\Local\Temp\jar_cache6824168184530303882.tmp->total/AServers.class

containerfile:C:\Users\Melissa\AppData\Local\Temp\jar_cache4172850732957245633.tmp
file:C:\Users\Melissa\AppData\Local\Temp\jar_cache4172850732957245633.tmp->Main.class

containerfile:C:\Users\Melissa\AppData\Local\Temp\jar_cache3632715398223864722.tmp
file:C:\Users\Melissa\AppData\Local\Temp\jar_cache3632715398223864722.tmp->W.class

containerfile:C:\Users\Melissa\AppData\Local\Temp\jar_cache3632715398223864722.tmp
file:C:\Users\Melissa\AppData\Local\Temp\jar_cache3632715398223864722.tmp->C.class

containerfile:C:\Users\Melissa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\72480852-634f6bea
file:C:\Users\Melissa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\72480852-634f6bea->xmlTools/XMLMaker.class

file:C:\ProgramData\tufajufi\tufajufi.dll


 

My Computer

System One

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
I spoke too soon.
Here are the results from the Security Check:

Results of screen317's Security Check version 0.99.17
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
Microsoft Security Essentials
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 16
Java(TM) SE Runtime Environment 6
Out of date Java installed!
Flash Player Out of Date!
Adobe Flash Player 10.0.45.2
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````
 

My Computer

System One

You must log in or register to reply here.
Back
Top