Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nasty Malware Keeps Reinstalling Itself - Help!


  • Please log in to reply
No replies to this topic

#1 Steve`

Steve`

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 01 July 2008 - 08:20 PM

I'm newly registered here but was aware of combofix and ran it before I saw your instructions here. In fact I have run it five times tonight after downloading a virus about 4 hours ago. Norton picked up "malwareprotector" and I seemed to get of that by deleting some files in safe mode. Then I ran Hijack and found suspicious browser objects with random generated file names. The files were in SYSTEM32 folder and not deletable. HiJack couldn't get rid of them because they are running processes. I tried to delete with safe mode start but no luck. That's when I tried combo fix. Everytime I ran it, stuff kept appearing and getting deleted.

I have an unregistered copy of Security Task Manager that shows a varying number of dangerous processes running. Once deleted they seem to come back. I also searched and found some of the names in my registry and deleted those keys but the bad processes keep coming back.

So, I need to take a deep breath and have someone lead me through a wiser process to track this down. thanks for any help you can offer. I have or can create logs as needed.

Sometime ago I learned of combofix trying to get rid of Virtumonde and it worked. This bug "could" be Virtmonde but I have no proof.

UPDATE Here's hoping I have most of this done -- if not I'll be back! :thumbsup: Ran fixes for Vundoo (8 hits) and Virtumonde (1 hits). Still had a suspicious dll loading which combofix deleted. On restart rundll was trying to run one of the quarantined mods but fails cause it can't be found. Scanned my registry and found a pointer to it and deleted it. Any suggestions on anything further to do (other than head slap for downloading the nasty thing)?

Edited by Steve`, 02 July 2008 - 04:58 AM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users