Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Many Virus Infections No Cure


  • Please log in to reply
4 replies to this topic

#1 Nikki Rockstar

Nikki Rockstar

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Galveston Island
  • Local time:05:51 AM

Posted 21 August 2008 - 11:39 PM

Ok, I had posted something in HJT. I could not download nor install the requirements from the Mods for that area. Tried the USB, FLASH (jump), and other ways...data transfer cables...etc

I am operating XP sp3

Of course I am getting the wonderful and FREE Antivirus 2009 Scans Compliments of some A**hole who thought it was funny to do this. Anyways...PC Cillin, HouseCall, McAfee did not pick up any of these viruses I currently have. Safe mode was not an option from normal F functions (F8), I ended up going through MSConfig and made it start in safe mode that way. I was then able to go to C:> cd \AV-CLS and tried scanning with all options, but Kaspersky would not run. It was being blocked. However, while scanning all the options, McAfee and Trend did not pick up anything what so ever. As sheer determination, I went directly to their (Kaspersky) website and am scanning now. Within seconds I had 17 infections and 3 threats. While typing all of this, I received 4 threats and 18 infections. As of right now this is what I have:

Packed.win32.polycrypt.d Did a good job getting this one
Trojan.Win32.Monderb.fus Only definition, no cure information through google
Trojan.Win32.Monder.fth Only definition, no cure information through google
not-a-virus:Monitor.win32.keylogger.dq Apparently..this one is just as bad as the polycrypt.d


Apparently the polycrypt.d one is the one that is really causing the most problems (the grey colored ones are no more important, just trying to keep it easier to see each and every issue I can recollect):
Porn pop-ups
Antivirus 2009 complimentary scans
freezing Internet
if I look up a file and look at virus properties it locks up the computer
when restarting it would give me a message upon loading windows that Files Already Existed...it would then go to my desktop and all I saw was the background. Eventually the desktop would load.
Closing processes that I knew for a fact were not necessary and 90% sure it was infected (malicious) would not end
When running preliminary HJT reports, these infections were not listed...the files were, but were not able to be deleted
I ran CCleaner, but have not made any changes or deletions until Kaspersky is done cleaning and have conversed with you guys.
One really interesting thing I did find, in the Control Panel-Add/Remove, I have the first 6-9 programs listed and then a HUGE GAP that I have to scroll down to see the bottomI know how to do a print screen, but not sure how to load the image so you guys can see what I mean


Can't think of much more BAD crap that is happening. At this point if you name it, I am sure it is happening. LOL

I am about to go absolutely :thumbsup: but like I said earlier...sheer determination has kicked in. What aggravates me the most is that I like to think I am pretty good with computers/programs (suck at networking). These infections are my fault due to a Limewire download about a year ago. It was a Thomas the train download (video) that I never got around to opening. I then wanted to convert an AVI file and wasn't sure what the extensions were on my videos I already had. I should have opened one I played for sure and knew was clean, but when I had the Thomas the Train file scanned for viruses, it came back clean. So I am kicking my own arse on this one.

Anyways, thank you guys for your time and hope you can give me some insight on the viruses that are causing the problems. Tracking down the processes and files have really been tidieous and unsuccessful.

Best regards,

Nikki

Edited by Nikki Rockstar, 21 August 2008 - 11:40 PM.


BC AdBot (Login to Remove)

 


m

#2 doug-ctr

doug-ctr

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 21 August 2008 - 11:55 PM

go to this link: http://www.bleepingcomputer.com/forums/t/163337/remove-vundo/ (good advice)
and
look for this: Please download Malwarebytes Anti-Malware and save it to your desktop.

also use SUPERantiSpyware.....

#3 Computers Kill

Computers Kill

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 22 August 2008 - 12:04 AM

I think you should wait for a Moderators help before doing anything, but if you want the advice of someone that just did this, definitely download MalwarByts Anti-Malware, I'm sure that there is plenty of links around this site, but if you can't find one go to www.downloads.com And put MalwareBytes In the search, once thats done, update MalwareBytes. Also Get Comodo Firewall, its a very nice program. After updating, do a quick scan, save the log ( You will need this, though it should save itself ) And reboot. After this Ad-Aware can be used to clean up some garbage. You should beable to find most of this at downloads.com. But like I said, don't take my word for it. Wait for someone much more knowledgeable, unless you are just ready to kick this in the butt. Malwarebytes will surely help... With a good firewall in the background... Like Comodo.
If I could float to space, I would... But instead I'm stuck in cyber space.. And its killing me. X_X;

#4 Nikki Rockstar

Nikki Rockstar
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Galveston Island
  • Local time:05:51 AM

Posted 22 August 2008 - 12:15 AM

Thank you for the recommendations and information. It is appreciated, but yes I will wait for the Mods.

UPDATE to the Kaspersky Scan...

Total so far is
9 threats
24 infections

Added to the list above:
Packed.win32.polycrypt.d Did a good job getting this one
Trojan.Win32.Monderb.fus Only definition, no cure information through google
Trojan.Win32.Monder.fth Only definition, no cure information through google
not-a-virus:Monitor.win32.keylogger.dq Apparently..this one is just as bad as the polycrypt.d

Here is what else has popped up:

not-a-virus:adware.win32.zenosearch.ca (quarantined in PC Cillin but can NOT be deleted)
trojan-clicker.win32.agent.btf (this one is listed twice, but is also in quarantine in PC Cillin but CAN NOT be deleted)
trojan.win32.monder.frx (file is located in C:\recyclers\s-1-5-18 DC323.dll)
trojan-downloader.win32.VB.fen (file is located in C:\recyclers\s-1-5-18 DC.exe)
not-a-virus:downloader.win32.popcap.a (C:\windows\downloaded program files\popcaploader.dll - I know this is a game website/programs - have played Pop Cap games, but not in a long time like 2+ years)

I just realized I can see where these files are located, but some of them in the registry will not let me delete due to Windows lock out. I am still operating in Safe Mode.

Question and Thought:

What if I was to create another profile and transfer document files and so forth and trash the current profile, would that help or fix my problem?

#5 Computers Kill

Computers Kill

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 22 August 2008 - 12:30 AM

Yes, the Access Denied bit, its because those files have higher privilege status on your computer. When you download and use MAlware, with Comodo Firewall it seems to somehow kill off these files, and with the firewall blocking them from gaining higher access to your computer before they can get away. .And as for your idea, I think that'll only really prolong the problem. But htats only MY opinion. Its not an expert one.. Just an experienced one.. Been through the same thing and it took me a day or two, trail and error, but the method I recommended is what I myself know what works.
If I could float to space, I would... But instead I'm stuck in cyber space.. And its killing me. X_X;




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users