Anyhow, right after I downloaded an audio clip from that website, I received multiple alerts from Symantec Antivirus regarding a virus/trojan named Infostealer.Gampass and that a few files had been infected. A few of the files were able to be quarantined but the others were left alone. I tried to delete those manually but those files could no longer be found. I didn't think it was a big deal as that sometimes happens with temporary files. I ran another scan and everything seemed fine. Or so I thought. I also clicked on the link for the virus/trojan and on Symantec's website, it stated that the risk level for the virus/trojan was very low (a 1).
The next time I started my computer, I ran into multiple problems:
1) Windows Security Center wouldn't detect the antivirus program anymore and kept saying it was out of date even though it was not.
2) I kept getting error messages that said, "C:\WINDOWS\system32\xia6.exe is not a valid win32 application." (and also xia 2, xia4, and xia 6) When I closed them, I was asked if I wanted to report the problem to Microsoft (like if my IE or Microsoft Office documents had crashed).
3) Symantec antivirus popped up at least 7 times and listed those SAME viruses/trojans that were supposedly undetected the last time after clean up, but when I tried to delete them, at least half of them could not be located. Some of them problematic files include:
4) It showed that new programs were installed and when I clicked on the "Start" button, over half of my existing programs were highlighted and shown as newly installed.
5) When I tried to go to any website that required sign-ins (such as Yahoo Mail and Hotmail), I'd get the security certificate message.
At that point, I started looking up more information regarding this Infostealer.Gampass trojan. It appeared that it was a pretty new trojan and not many websites and forums had a lot of information about it. Furthermore, other people whose computer had been infected by this trojan were displaying different symptoms than what I've experienced, so there was no quick and easy solution - everybody said to try something different.
A few of the things that I've tried to do and failed (probably because of the infection) was to create a registry back-up and to go to task manager. The commands don't work anymore.
I've tried scanning and removing the trojan with the following programs:
- Symantec Antivirus
- Lavasoft Ad-Aware
- AVG Anti-Virus
- Spybot Search and Destroy
- Avast! Antivirus
All these programs detected and removed what they found, but upon start-up, all the problems that existed were still there, sometimes a few more files were found by Symantec, sometimes a few less. I've tried scanning in safe mode as well and a few of the programs even did pre-boot scans.
I tried to install Multi-AV as well but that program wouldn't run on my computer.
I've also tried installing the trial versions of McAfee and Sophos products, but installation kept failing for both. I've contacted technical support for both. That was a week ago. McAfee has not even given me any response. Sophos responded and said installation failed probably because of an existing virus and gave me some other options.
Sophos told me to go into safe mode command prompt and provided step-by-step instructions to scan and remove viruses. At the end, it said, "Failed to open log file 'c\remove.log'." I scrolled up and copied some items that didn't look quite right to me:
"Could not open C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat"
"Could not open C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG"
"Could not open C:\WINDOWS\system32\config\SYSTEM.LOG"
"Could not open C:\WINDOWS\system32\drivers\sptd.sts"
">>> Virus 'Mal/Behav-043' found in file C:\Program Files\Internet Explorer\NS\Sy-win7z.Jmp Disinfection failed"
">>> Virus 'Mal/Behav-043' found in file C:\WINDOWS\system32\xia11.exe
And then I couldn't get out of cmd.exe and had to use ctrl-alt-del to shut down my computer.
The next time I started my computer, it loaded in safe mode command prompt again! Nothing I've done so far would bring it out of that mode and load Windows again. I've tried "exit" and "win" but what that does is just closing cmd.exe and then all I see is a black background with "Safe Mode" on the four corners.
I've tried pushing F8 at the next startup, but it would not list the normal options at all. The only option that was listed was "Windows XP Home Edition" and nothing else! So now I can't do anything at all.
Mod Edit: Disabled active link to malware site.
Edited by quietman7, 21 December 2007 - 02:39 PM.