Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Xp/joke-bluescreen.c Variant?


  • This topic is locked This topic is locked
2 replies to this topic

#1 neon_trotsky

neon_trotsky

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 15 July 2008 - 08:26 AM

Dear friends,

For the last four and a half hours I have been grappling with malware unleashed by an email trojan in a fake .avi file opened by an unsuspecting family member.

The initial symptoms were those brought about by malware of the Antivirus XP/Spysheriff variety. Perhaps there is a new strain, as the names of the system processes I had to kill were different to those named in the guides I was using to remove them.

Since completing this (and in the most satisfying instant, deleting the perpetually taunting .bmp background file), I find that I am:

1. Without an internet connection/any kind of networking capability.
2. Unable to change my background image or replace this horrid 'Windows Classic' theme. In fact, half of the tabs from Display Properties have evaporated.
3. Perhaps in some kind of Windows lockdown mode? USB devices are only detected on restart - waiting and refreshing the page in My Computer doesn't work. And (not that it ever really did, but 'Eject'/'Safely Remove Hardware' doesn't work either. Maybe all the Active Desktop style things have died?
4. Informed every time I start in Selective Startup Mode, in order to prevent threatening processes from starting, that I do not have the authority to make the changes I have made despite being logged in as the system administrator. And the changes seem to be made, regardless.

For a while, every time I restarted the PC (XP/SP2), McAfee diagnosed joke-bluescreen.c, but doesn't really seem to have done anything about it. I am not convinced that the problem is necessarily joke-bluescreen.c, and perhaps this is McAfee using its magical heuretic identification powers. Anyway, I'll give it the benefit of the doubt.

I am sure I don't know or understand nearly as much about this kind of thing as the talented volunteers here. So I shall not theorise out of my depth any longer about possible causes - I will leave it to you - the experts - as impotent as this makes me feel.

Any assistance would be greatly appreciated.

Sincerest thanks,

Angus


Please find attached: hijackthis.log

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:53 PM

Posted 15 July 2008 - 03:40 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:
Obviously you have some capability to transfer files to and from the infected computer, so as long as you can get combofix to run it should restore your connection.

Please download ComboFix and save it to your desktop.
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.



If combofix won't respond, rename combofix.exe to cf.exe and then run it.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:53 PM

Posted 25 July 2008 - 06:34 AM

As there has been no response, this thread will now be closed.

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users