Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Infected with one seriously bad trojan(virus?)

  • Please log in to reply
3 replies to this topic

#1 freakerxtreme


  • Members
  • 2 posts
  • Local time:10:59 AM

Posted 25 November 2008 - 08:26 AM

I was trying to find a windows XP geniune update crack and stumbled onto a site (which I sadly did not record) for a version 1.8 +. Anyways I was trying to download the crack and instantly my NOD32 picked up a Connection that was loading the TrojanDownloader.FakeAlert.PL.Gen.Trojan, I terminiated the connection, but a few seconds later had my IE.temp infected with a Patched.AE virus which was "quarentined". Ever since my computer has been going downhill. I have a computer with windows XP SP3.
I have access to my msconfig, taskmanager and most other programs. But my AV and any AS programs will not boot or has been disabled. I can't access any online scanners, and so far Spybot, Adaware 2008, NOD32, Kaspersky (which I installed after the fact), combofix, MSNCleaner, mbam, spy sweeper, sophos rootkit remover, and blacklight either has been disabled, not found anything or cannot install. The only thing I know is that Combofix (9-28-08 ver) says I have a rootkit and need to reboot (after 5 reboots it's still saying the same thing). All my attempts have been done in safemode (minimal as admin).
I have some experience (little) with fixing computers, but even so, after disabling (renaming some suspicious files in ERD commander) and taking out some startups, I'm still having the same problem. I really need help especially with my finals coming up in 1 week; I know my school's IT will just tell me to back all 250 gigs and just reformat, but that will take me the rest of the week.
Should I post my HijackThis in the other form? anything else I can attempt to run and post?

Thanks for any help or input I can get

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,597 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:59 PM

Posted 25 November 2008 - 12:11 PM

I was trying to find a windows XP geniune update crack

The practice of using crack or keygen tools is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.


...the University of Washington study on spyware...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

If you use those kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, these sites are infested with a smörgåsbord of malware. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

The only thing I know is that Combofix (9-28-08 ver) says I have a rootkit

Please note the message text in blue at the top of this forum.

You should not be using Combofix unless instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. Please read Combofix's Disclaimer.

Some infections are difficult to remove completely because of their morphing characteristics which allows the malware to regenerate itself. Sometimes there is a hidden piece of malware which has not been detected that protects files (which have been detected) and registry keys so they cannot be permanently deleted. Disinfection will probably require the use of more powerful tools than we recommend in this forum. Before that can be done you will need you to create and post a RIST/HijackThis log for further investigation.

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running Random's System Information Tool (RSIT) which will create a hijackthis log as part of its log.

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 freakerxtreme

  • Topic Starter

  • Members
  • 2 posts
  • Local time:10:59 AM

Posted 27 November 2008 - 06:21 PM

Thank you for the info. I feel that at this point it's just best for me to just reformat the computer after backing it up. If what you say is true, the virus may never be fully cleaned out, and it may take longer than 1 week to find that out. Once again I really appreciate the your time.

#4 ruby1


    a forum member

  • Members
  • 2,375 posts
  • Local time:07:59 PM

Posted 27 November 2008 - 06:38 PM

Of interest, is the computer per ce loaded with a GENUINE version of XP with license key or are you actually running on a Crack windows version ?

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users