Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Malware, But Not Sure What.


  • Please log in to reply
4 replies to this topic

#1 NorthbyNorthwest

NorthbyNorthwest

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 19 April 2008 - 07:24 PM

My computer is running Windows XP. Thursday night, my sister downloaded god know's what onto my system without asking and also somehow disabled my TrendMicro AntiVirus (bonehead :thumbsup:) and now for the first time in my computing life I have an infected system. She tried to fix the problem before I found out and I think has made it worse. She has downloaded and installed HijackThis, AVG Anti-Spyware, Malwarebytes Anti-Malware, ATF Cleaner, and Spybot Search and Destroy in attempts to clean the trojans off, and has deleted many files that have shown up in the sweeps. She also tried to run Panda online but says that the process shuts down before completing. When I found out today, the first thing I did was disconnect the computer from the internet to hopefully prevent more infections. Unfortunately she can't remember everything she deleted so hopefully nothing important. She did tell me that every time she ran a sweep it was picking up different programs so it might be that the trojan kept changing and installing more malware? I'm not sure how that works, obviously I'm not technically inclined.

I am on a friend's laptop hoping to find a solution.

The symptoms I have noticed are:

multiple pop-ups and pop-unders and freezing IE Windows. I haven't tried Firefox yet to see what happens there.

error messages, such as: "out of memory" and Spybot Search and Destroy since installed gives multiple "failed to load" messages, mutiple Microsoft Visual C++ errors, "Debug Assertion Failed dbgheap.c," and "invalid floating point operation."

Whatever she deleted or whatever trojans I have seem to have erased all system restore points except and infected one.

How can I tell what's infecting me and how to remove it? I don't even know where to begin to fix it. Any help would be appreciated.

Edited to add- I thought I might should also give the information that my system has two different user accounts. One password protected, which is the account that was infected and the other a general Administrator account.

Edited by NorthbyNorthwest, 19 April 2008 - 07:29 PM.


BC AdBot (Login to Remove)

 


#2 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 20 April 2008 - 09:05 AM

did you set up specifically the General Administrator account and do you know it IT too is infected?

to ask ; one notes she downloaded the HJT tool ; what if anything did she 'do' with it?

do you have any logs/reports from the scans you (she) ran and if so can you post them on here for examination? if you can get SOME reports it will help the Experts on here decide which cleaning programs might be appropriate for you to use to try to clean up

#3 NorthbyNorthwest

NorthbyNorthwest
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 20 April 2008 - 12:48 PM

did you set up specifically the General Administrator account and do you know it IT too is infected?

to ask ; one notes she downloaded the HJT tool ; what if anything did she 'do' with it?

do you have any logs/reports from the scans you (she) ran and if so can you post them on here for examination? if you can get SOME reports it will help the Experts on here decide which cleaning programs might be appropriate for you to use to try to clean up


I have the report from the Malwarebytes scan ran after all that was done. I wasn't sure if I needed to go ahead and post it here, or if I needed to post it in the report forum and link back here or what. I just used Hijack This so I now have that log as well.

Should I make a new topic for my logs in that forum or just continue here? I don't want to step out of line or clutter up the board more than necessary.

Also, about the General Administrator account, I did not set it up, but I've been afraid to log on to it and check to see if it's infected too because I wasn't sure if I could spread the malware that way (tech dummy here).

Edited by NorthbyNorthwest, 20 April 2008 - 12:53 PM.


#4 skyfuser

skyfuser

  • Members
  • 470 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:01:41 PM

Posted 20 April 2008 - 01:12 PM

Hey NorthbyNorthwest.
Your infection sounds really nasty. Hope you get rid of it soon.
If there's something in your system32 folder, chances are all your accounts will be infected...
Anyways, it's advised you post a Hijackthis log, it's more comprehensive. Go here and scan with Kaspersky and then Deckard's System Scanner (you're lucky there's less steps now, we used to have like 5 :thumbsup:) and then post the logs here along with a Hijackthis log. After you do that, don't respond to this thread and wait or ask a moderator to close this thread. After that you should wait for a member of the HJT Team to come and help.
Good luck :D
"If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell

#5 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 20 April 2008 - 05:06 PM

suggest you only post on this thread the malabytes report ; as you may notice the HJT section of this forum (like most others) is swamped with HJT logs and they prefer to keep queries OUT of that section if at all possible ; the malabytes log can show the experts what may be going on and what tools you need to run

you could run the Deckards scanner too and report ITS findings but I suggest hold off on the HJT log until the reports from the other scans have been seen ; once they have been reviewed IF the Mods think an HJT log is the only way forward they will so instruct you


please post what logs you DO have but NOT NOT the HJT log :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users