the skynet.exe

Posted 14 May 2009 - 04:35 AM

i have a an exe file on my computer called skynet. this virus slows down the machine, makes copies of every folder in my hard drive as an exe file by the same name, and eventually doesn't let me see the files on my hard drive at it's final stages. Iv'e tried quite a few anti-malware programs, mostly free versions. ive reinstalled windows, problem is that the virus is on my external drives and as soon as i connect those, the whole thing starts all over again

CAN ANYBODY HELP ??? IM AT A DEAD END RIGHT NOW

• Back to top

Posted 14 May 2009 - 09:39 AM

Hi,

Welcome here.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

• Make sure you are connected to the Internet.
• Double-click on Download_mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
• On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.
• Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

• Back to top

Posted 14 May 2009 - 07:38 PM

• Back to top

Posted 15 May 2009 - 12:29 AM

Hi,

Please perform a new, full scan, and post the logfile in your next answer.

• Back to top

Posted 17 May 2009 - 04:06 AM

all right did that.

the scan took 43 hours, and the restart abolut an hour more. all the rest looks pretty much the same. here's the log

Malwarebytes' Anti-Malware 1.36
Database version: 2132
Windows 5.1.2600 Service Pack 2

5/17/2009 6:07:47 PM
mbam-log-2009-05-17 (18-07-47).txt

Scan type: Full Scan (C:\|E:\|F:\|G:\|)
Objects scanned: 184376
Time elapsed: 43 hour(s), 46 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{EE87E6D6-1329-4ED5-946C-72FDE4D6EB84}\RP22\A0006363.dll (Adware.Agent) -> Quarantined and deleted successfully.
F:\kdxdweli.cmd (Trojan.Agent) -> Quarantined and deleted successfully.

looking forward to the next step thanks very much

• Back to top

Posted 17 May 2009 - 09:20 AM

• Back to top

Posted 18 May 2009 - 07:55 PM

• Back to top

Posted 19 May 2009 - 04:28 AM

• Back to top

Posted 19 May 2009 - 07:07 AM

Hi,

Did it, here is the log

Deleting files
"C:\Program Files\eMule\Incoming\Prevx CSI - Free Malware Scanner 3.0.0.199.zip" deleted
F:\SkyNet.exe deleted
"F:\SpyNoMore 2.83.080502.zip" deleted

all signs show that virus is still there. lots of hidden folders, folders labled "microsoft corporation" and folders named skynet.

• Back to top

Posted 19 May 2009 - 08:20 AM

• Back to top

Posted 19 May 2009 - 07:02 PM

• Back to top

Posted 19 May 2009 - 07:28 PM

• Back to top

Posted 20 May 2009 - 09:02 AM

System Volume Information is a folder with the system restore points. So that's why.

I'm going to redirect you to the HijackThissection of this forum. This, because it's a deeper infection.
Read this page and follow it's steps: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Good luck.

• Back to top

Posted 23 May 2009 - 04:00 AM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/228648/the-skynetexe-virus-again/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond. Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom

• Back to top