BleepingComputer.com: Personal Antivirus, Antivirus Pro, Antivirus XP 20009, etc

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Personal Antivirus, Antivirus Pro, Antivirus XP 20009, etc Recommend slight addition to the tutorial on the removal

#1 User is offline   macinslaw 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 1
  • Joined: 08-July 09

Posted 08 July 2009 - 05:43 PM

I am new to your board and I must apologize already for recommending a change, however this new infection I have seen warrants at least the request. Your tutorial on removing this infection is very good and is very easy to find from google, that being said, I have been fighting an infection for 2 days now on a windows home xp machine. The infection
I'm seeing is antivirus aware. It intercepts the install of malwarebyte and every other type of antivirus/antimalware tht I've tried. It also will not allow IE, Firefox or Opera to load any antivirus web page or security sweep site.

I have created a bart pe disk in the hopes that I can qwell this infection, but thus far, it has been resilient against removal.

I should also mention that safe boot does not work, system restore states that it is disabled by gpo, though I suspect this is unavailable in XP home, though I need confirmation of this.

Update:
I was finally able to get something to install and begin removal of trojans from this unit. Most were unidentified, however there were 2 that were: Vundo and bat/delsys. I was able to install the T-R trojan remover. It identified the following files being hijacked and redirected to ones held in the following location:

C:\windows\temp\

win.exe, uninst.exe, rundll.exe, iexplore.exe as well as a few others. Also, the run32dll.exe in the c:\windows\system32 folder was also compromised. In addition, the install of any other tool resulted in corruption of either the install file in the temp directory, or the exe was reported as being a missing image file and would show the error C:\windows\system32\zabunego.exe.

After running T-R and 2 restarts later, the unit was uncrippled enough to install and run malwarebyte which found further infections, 18 to be exact. It also stated that the restore point as well as other items in the OS had been turned off including automatic updates. It offered to re-enable these items.

Once Malwarebyte had completed it also wanted a restart. I attempted to install avira at that time, however the install is still being compromised leading me to believe that something is still going on. I tried to look in the add/remove programs to see what may have happened, however any of the applications needing run32dll.exe are not working because it too was infected and neutralized by the T-R software. I am attempting to restore that file to see what further damage may have been done. As a side note, Stinger would not run and was being infected as it was copied to the hard drive.

Just thought someone may want to know.

This post has been edited by macinslaw: 09 July 2009 - 06:34 AM

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users