Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus W32/new-malware!maximus In Svchost.exe


  • Please log in to reply
9 replies to this topic

#1 cheercoach

cheercoach

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 25 July 2007 - 12:33 AM

Hello,
My father's computer has apparently been infected with a malware virus. Because of this, he is unable to connect to the internet at all - therefore I cannot download and run several of the online scans suggested in many of the messages posted here.

I did run the Clearwire scan (before it quit working too) and it said that it detected:

W32/new-malware!maximus and it was located in:

c:\windows\system32\wins\svchost.exe

BUT...it would not quarantine it and it couldn't remove it either. (sucks)

I have since purchased Bitdefender but I cannot even get it to run in safe mode AND It won't allow me to install it at all - not even to run a pre-scan. I've gone through the taskmanager processes running and there are several Svchost process running and I have tried ending them. Some make my system automatically shut down in 60 seconds.

I have run out of ideas and really need some help. If anyone has some Ideas....I'm all ears!
Thanks in advance for your help.

BC AdBot (Login to Remove)

 


#2 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:09:39 PM

Posted 25 July 2007 - 12:53 AM

Can you start this computer in safe mode with networking?

here is a link to the Tutorial, just in case.

Did you purchase Bitdefender as a download or CD?

please let us know.

Edited by oldf@rt, 25 July 2007 - 12:54 AM.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#3 cheercoach

cheercoach
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 25 July 2007 - 10:53 AM

Hi Thank you for your reply... Yes, I can boot in safe mode with networking. I know this because I tried to get out on the internet in safe mode but it wouldn't let me. So, I called the support technician from Clearwire and he came over and for whatever reason, he uninstalled the Clearwire software from the system. NOW, I can't get it to re-install because of the virus!!!

As for Bit Defender, I purchased the CD in the box. When I try to install it, it will auto launch but then with the dialogue window come up and you hit "install", etc... It says it is checking to see if there are previous versions of Bit Defender on the system and then is NEVER goes any further.

I am clearly frustrated and am open to any and all suggestions.
Thanks

#4 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:09:39 PM

Posted 25 July 2007 - 01:17 PM

Most bit defender cds are bootable, so leave the cd in the drive, restart the computer and see if the cd drive boots instead of the hard drive It may be necessary to go into the bios and change your boot order.

once you have booted the cd, run the bitdefender scanner this is the only thing that I can find at their web site: http://www.bitdefender.com/PRODUCT-2143-en...s-Plus-v10.html

I was looking for instructions, so hopefully it they are in your manual.

Edited by oldf@rt, 25 July 2007 - 01:18 PM.

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#5 cheercoach

cheercoach
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 25 July 2007 - 11:26 PM

Thanks again.... I will go over first thing in the morning and try it again with the Bit Defender CD. I have booted from it previously and it gives you options to "scan" but it doesn't ever give you anywhere to "tell" it what you want scanned...(i.e. C: drive or D: drive, etc.) It looks like it is just wanting to scan it's own files...rather than my computer files. I will do it again in the morning and take note of specifics it gives me and then come back and post them for you to "ponder". :o)
I do have the manual ...but it hasn't been much of a help for doing a boot from cd scan.

I'll let you know what happens....keep your fingers crossed.

#6 cheercoach

cheercoach
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 26 July 2007 - 06:08 PM

Hi again,

Well, I tried booting with Bit Defender and it finally let me get to where I could indicated what files I wanted it to scan and it started to go through the motions...but then would hang up and just cycle but not do anything. I tried several different individual (targeted) files and got the same result with all. So...I decided to try a couple of things from the "preparation guide" for HJT...as in....I first did a "cleanmgr" command and then I came home and downloaded AdAware 2007 and burned the set-up file to a CD and then went back over and while in safe mode copied it to the desk-top. It wouldn't let me install it in safe mode, of course, so I re-booted, installed, and did a full scan - it only came up with 2 infected files - one of which was in the registry. It deleted both and I did another scan. Nothing new. I had planned on trying to do the same with "Search and Destroy" if you thought it would be beneficial. I am on a mission now to conquer this computer will continue to chip away at it until either it or I die in the process. :thumbsup:)

I have to be honest, I am still frustrated that BitDefender didn't make my life easier. I am still hoping that after I get this all straightened out that it will be a decent program (in combination with other programs) to protect my dad from the evils (viruses, etc.) lurking out there. I had read that BitDefender was one of the best (I think in consumer reports) so I went with that for him. We'll see!
That is if I ever get this one figured out.

Let me know what you might suggest I do now.
THx

#7 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:09:39 PM

Posted 26 July 2007 - 06:53 PM

Holy Hannah, sounds like there are some real nasties in this machine. keep on with the preparation guide, when you scan with spybot, do it in safe mode, and make sure that you scan each user account separately, if it needs to restart, don't. log off and scan the other accounts if you have more than one. Again since I am assuming that you have windows XP, you will have the admin account and the main user account.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#8 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:09:39 PM

Posted 26 July 2007 - 06:56 PM

Also, lets try a little smackdown, with Dr Web: Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:
  • Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
  • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan tab" and UNcheck "Heuristic analysis"
  • Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
  • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  • When done, a message will be displayed at the bottom advising if any viruses were found.
  • Click "Yes to all" if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#9 cheercoach

cheercoach
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 28 July 2007 - 11:40 PM

OK....Hello again! I am finally able to get back to you with some results - although I don't know if any of them are going to mean much.. :thumbsup:( And, yes, he has XP on that computer.

I ran Spybot (in safe mode on each each user) and it found and fixed/deleted 58 infected files. I then ran Dr. Web and it found nothing - hence no report to post on what it detected.

I rebooted and was happy to find that many of the things that I could NOT do before (like open the control panel or open My Computer) are working great. However, when I again tried to install BitDefender it will not allow me to do so. It still auto-launches and gives me the option to either Install, Browse CD, or Exit. When I select Install, it does a little bit of self-extracting and then it gives me a dialogue window saying it is looking for a new version of BitDefender. It hangs up there and NEVER moves forward. I'm puzzled as to if it is looking for a new version ON the system OR if it is wanting to connect to the internet and look for a newer/updated version there.... I can't get on the internet yet so I'm still stuck.

So....there's where I am in a nutshell. Any ideas where to go from here? I'm ready.
Thx.

#10 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:09:39 PM

Posted 29 July 2007 - 12:28 AM

Create a new user account, with full administrative privileges.

Download and run WinSockFix.
Be sure to print out and follow the instructions provided in the Winsock Repair Tutorial. If you need a tutorial with screenshots see here.

Download and run WinSockFix.
Be sure to print out and follow the instructions provided in the Winsock Repair Tutorial. If you need a tutorial with screenshots see here.

Once you have run the Winsock XP tool, and the machine restarts, start your work in the new account, then see if you can install Bitdefender.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users