Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Massive Infection On Computer!


  • Please log in to reply
6 replies to this topic

#1 spiff77

spiff77

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 02 May 2008 - 10:21 PM

I have never seen something like this. Antispyware catches some things but then it adds reg keys to tell the antispyware that it is okay. It has copied everything, made system information folders that i can't delete on each drive.

Hijacked the wireless router and added others to it. Added network places that you can't see even though the windows "hide icons" is not activated. I am not a pro but the reg keys show password logs, urls, etc etc copied. My computer icon is even a shortcut now.

If you insert a thumb drive or CD or anthing. It replicates a system32 file, a IE icon, a mozilla icon. So far no damage or bank accounts/credit cards stolen but I can't send emails or the like as I am sure its replicating there too. Its a monster and affecting life. My wife is so stressed. We help with veteran and soldier issues and can't do anything right now.

Please help I have no idea what to do.

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:30 PM

Posted 03 May 2008 - 01:16 AM

http://www.microsoft.com/technet/community...gmt/sm0504.mspx

altho this was written 4 years ago, I feel it's probably truer today than it was then and I don't think you will find a higher up source on this issue

The only way to clean a compromised system is to flatten and rebuild.
Chewy

No. Try not. Do... or do not. There is no try.

#3 ruby1

ruby1

    a forum member


  • Members
  • 2,375 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 03 May 2008 - 02:36 PM

dare one say welcom :flowers:

So far no damage or bank accounts/credit cards stolen

how do you know this? surely you ought to assume the worst and change them all from a CLEAN computer and contact any banks to so advise

of interest what is ( or was ) your windows version, your antivirus program and other protection programs
if there iS another computer 'attached' to it I hope you have disconnected it and run thorough full scans on it ?

and as da chew states..................... your most sensible option..flatten
Posted ImagePosted Image

then rebuild
Posted Image

from your computer's cd of course :thumbsup:

#4 spiff77

spiff77
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 05 May 2008 - 03:54 PM

Well, thanks everyone. And I have tried to stay on top of the finance stuff. True I do not know for sure....but so far nothing that has caused me to do a double take. I have disconnected other systems and changed passwords. I am using XP SP2 and was running two Counterspy and spybot when it happened. It took over both of those and anything I throw at it now.

I have no issue with just blowing it all always except for any data I save to disks or what have you it copies it there as well. So I was trying everything I could first.

#5 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:30 PM

Posted 05 May 2008 - 04:10 PM

I have had a few where I wasted a day or so fighting a bad infection, and infected my own computer. I now use subs flash disinfecor for my usb drive, have both home and pro generic xp disks for running as a repair and then use tools like MBAM, SAS, SDFix. ATF cleaner, etc, but without the advanced training of the hijackthis experts it's almost impossible to cure the worst infections.
Chewy

No. Try not. Do... or do not. There is no try.

#6 spiff77

spiff77
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 06 May 2008 - 11:21 PM

So any ideas as to where to go from here. Still think flatten? Actually I think it has gotten worse, now it boots to the query of safe mode, safe mode with etc etc..you know the one but the keyboard input is shut out. Then it goes to windows and just does a reboot over and over.

#7 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:30 PM

Posted 06 May 2008 - 11:47 PM

Still think flatten?


yes you probably have seperate competing infections that are updating as you stay on the internet
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users