Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Infections


  • Please log in to reply
24 replies to this topic

#1 killmypc

killmypc

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:04:18 PM

Posted 31 May 2008 - 07:25 PM

Hey y'all..
First I would like to say thanks you you guys, since i found this site, and followed the instructions here for keeping my pc clean....I no longer want to kill it.. :thumbsup: .. I have been problem free for over two years now.... :trumpet: .
My friends pc is horrific....I have scanned with AVG8 Free, SuperAntiSpyware, A2 Free, Adaware, and Spybot...found over 2000 infected files. Then connected to Internet, updated all, scanned again...found 15 more with these programs, but found over 5000 infections with Malwarebytes Anti-malware. :flowers: ...WOW
I have quarantined all these, but don't really know where to go from here...Thanks in advance for your help. As always, it is deeply appreciated.

TM

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:18 PM

Posted 31 May 2008 - 07:40 PM

I would clean out the quaratines, set a new restore point and flush the old ones

then run atf cleaner and SAS from safe mode followed by a last scan with MBAM from normal mode

hopefully the logs will be small enough to post and the last one clean
Chewy

No. Try not. Do... or do not. There is no try.

#3 killmypc

killmypc
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:04:18 PM

Posted 31 May 2008 - 07:46 PM

Sounds like a plan, will do...thanks..

(If logs are small enough, I'll post) lol

Edited by killmypc, 31 May 2008 - 08:01 PM.


#4 killmypc

killmypc
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:04:18 PM

Posted 31 May 2008 - 08:50 PM

Hey y'all... I am running A2(squared) scanner in Safe mode now, but am unable to run SuperAntiSpyware in safe mode. It is telling me I must have Admin priv......but I am logged on to Admin acct....??

#5 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:18 PM

Posted 31 May 2008 - 08:59 PM

http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/

I would go directly to sdfix next, as it's obvious the infection is becoming worse the longer you stay on the internet

I don't ever let such an infected machine on the internet and especially with other healthy machines

Edited by DaChew, 31 May 2008 - 09:00 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#6 killmypc

killmypc
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:04:18 PM

Posted 31 May 2008 - 09:09 PM

Thanks for your help, the infected pc is NOT connected to the internet at this time. ONLY when updates are required for the scanners, or downloads for diag.
Would you think I should stop the A2 scanner and use sdfix first, or let the scanner finish?
(I am on BC on my pc, which is running FINE thanks to you guys) :thumbsup: .

I cannot give you guys enough praise.... :flowers:

Edited by killmypc, 01 June 2008 - 10:34 AM.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:18 PM

Posted 31 May 2008 - 09:19 PM

How long is that scan running?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:18 PM

Posted 31 May 2008 - 09:22 PM

if you have a usb drive let's use it after immunizing it and your computer to fix the infected one
Chewy

No. Try not. Do... or do not. There is no try.

#9 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:18 PM

Posted 31 May 2008 - 09:26 PM

Download http://www.techsupportforum.com/sectools/s...Disinfector.exe by sUBs and save it to your desktop.

Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that is plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.


this is on the clean computer

how are you disconnecting the infected computer?

Edited by DaChew, 31 May 2008 - 09:26 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#10 killmypc

killmypc
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:04:18 PM

Posted 31 May 2008 - 09:26 PM

Scan is finished now, I can post the results if you like...(200+ infections).
I have been doing most by burning programs to disc and running on the infected pc.

I don't have a removable drive....

#11 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:18 PM

Posted 31 May 2008 - 09:29 PM

let's start a good list of downloads

sdfix

newest mbam and manual definitions updates


same for SAS

ATF cleaner

deckard's scanner

do you need any links?

how are you disconnecting the infected computer?

Edited by DaChew, 31 May 2008 - 09:30 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#12 killmypc

killmypc
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:04:18 PM

Posted 31 May 2008 - 09:30 PM

manually unplugging cable to disconnect...
No, thanks, links not neccessary

Edited by killmypc, 31 May 2008 - 09:30 PM.


#13 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:18 PM

Posted 31 May 2008 - 09:39 PM

run the sdfix
Chewy

No. Try not. Do... or do not. There is no try.

#14 killmypc

killmypc
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:04:18 PM

Posted 31 May 2008 - 09:53 PM

Running now, will post back in a.m.

Thanks again for your help.

#15 killmypc

killmypc
  • Topic Starter

  • Members
  • 221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:04:18 PM

Posted 01 June 2008 - 12:58 PM

Alright, I have completed the scans from:
SDFix. seems to have removed quite a few (can post log if you like)
MBAM. found nothing
SAS. found 3 (cookies)
ATF cleaner. (select all ... successful)
Deckards scanner. (gave me 3 logs- main, extra, moved)

Please advise which, if any logs you would like me to post, and where.

Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users