Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

2009 antivirus infection


  • Please log in to reply
5 replies to this topic

#1 Shannacat

Shannacat

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Colorado
  • Local time:01:48 AM

Posted 16 November 2008 - 03:17 PM

I have a Dell Precision 450, Win XP Pro and I opened an email yesterday (I KNOW BETTER, I really do, but...) with the header "Hallmark Card." As soon as it opened I knew I made the mistake and immediately ran Adaware and AVG.

I have the red X in the system tray, my MSFT automatic updates are turned off (not by me) and tried to turn them back on to no avail. The computer is rebooting itself every few minutes and I cannot run Spybot. Internet updtates to Adaware and AVG are not successful.

I did not install the antivirus program eveytime it told me the computer was infected, so do I have just a virus trigger? I looked for that in the "Add/Remove Programs" and no Virus Trigger is on the list.

Then I came to this site. Downloaded Malwarebytes' Anti-malware to a flash drive and installed on infected computer and started the scan. The computer rebooted itself before the scan was completed. When the computer is restarted cannot restart Malwarebyte, cannot uninstall/reinstall. At this point I can only access the comptuer in safe mode and tried system restore to a restore point several days ago. That was not successful either.

Please help.
Thanks,
Shannacat

BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:03:48 AM

Posted 16 November 2008 - 04:03 PM

Hi Shannacat

If you have access to critical files, I would do a back up of that data. We can worry about cleaning that up if needed later.

Please print out and follow these instructions: "How to use SDFix". <- This program is for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to renable you anti-virus and and other security programs before connecting to the Internet.
-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#3 Shannacat

Shannacat
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Colorado
  • Local time:01:48 AM

Posted 17 November 2008 - 03:28 PM

Thanks Rigel,
I have all the backups done.

Imported SDFix to my desktop. Here my progress ends. I attempted to install from the desktop icon by double clicking, open, run (I am administrator.) No install, no message, nothing. I tried to install from a flash drive and the computer freezes.

I tried to install in safe mode and at least I got a message saying I could not install in safe mode.

Do you have any other suggestions?

Thanks,
Shannacat

#4 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:03:48 AM

Posted 17 November 2008 - 07:28 PM

Hi Shannacat,

I think it is time to move on to the HJT forum. This team uses advanced tools that can only be run under direct supervision. Please follow this guide from step (9) and post your log to the HJT forum. Also, please link back to this topic so the team member that takes your log will know what has been done to date.

You are in very good hands...

Take care and please let me know if you have any problems creating the log.

rigel

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#5 Shannacat

Shannacat
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Colorado
  • Local time:01:48 AM

Posted 20 November 2008 - 04:12 PM

Rigel,
Just thought I'd post here to let you all know what's happening.

I cannot run a scan from any of the scan sites listed on the HJT forum, of the programs listed I was able to run McAfee Stinger only. It said all the files were clean.

I cannot get to any website that deals with antivirus or malware.
I cannot update Windows.
I cannot run any antivirus or anti spyware program already installed on my computer.
I cleaned out all the temp files with a cleanup utility (Cleanup 452) in safe mode from a flash drive.
I called in a local computer expert and he used Umbuntu boot disc to gain access to the MSFT system files. We deleated all the new files created after I opened the contaminated file. We used the Win XP disc to Repair the OS.

The computer is still infected. I cannot run the HJT log.

I changed all the usernames and passwords at all financial websites I use, just in case (from another computer.)

My next step is to format and install a new OS.

I would really like to meet the creator of this little program in person.

Thanks for your help. I hope you guys find a way around this malware.
Shannacat

#6 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:03:48 AM

Posted 20 November 2008 - 06:59 PM

Try to rename the hjt file to shanna.bat. Try running it and see if you can post a log. Worth a try :thumbsup:

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users