Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W32.SillyFDC, Spyhunter & other nasty worms/malware.


  • Please log in to reply
No replies to this topic

#1 scotchman

scotchman

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Location:Atlanta
  • Local time:05:01 PM

Posted 01 March 2009 - 05:31 PM

I read your posting instructions which instructed to include in topic specific description of problem but believe I have numerous infections which can't be fixed. I need help!! Here's the background:

Operating System & Browser:
1. XP SP3 (MCE 2005) with most recent updates applied.
2. Firefox 3.0.6

Firewall, AV, Spyware Software Installed:
1. NIS 2009
2. Spybot (immunized & SDHelper Active)
3. MBAM (used only if Spybot finds malware)

Problems (started shortly after I restored some old files from external USB drive):
1. System performance slowing to a crawl and freezing (requiring hard reboot). Task manager showed numerous services taking up 100% cpu under User Name: System.
2. Firefox taking very long time to start, very slow performance and received frequent messages that sites were unavailable and try again.
3. WMPlayer couldn't play some video files, options in setup were changed suck as associated file types, proxies, hardware acceleration, privacy options.
4. Strange symbol appears in taskbar when trying to play videos with WMPlayer. Right click on it and description is "Ogg DirectX Filter" with no options to change or exit. I have never installed the Ogg directx filter.
5. MP4 video files can't be played with Quicktime.
5. Receiving configuration error message from ffdshow when options changed.

Fixes tried:
1. When problems noticed, ran NIS 2009 full scan on all drives and W32.SillyFDC worm found and fixed with restart required. Restarted pc.
2. After restart, ran Spybot and "Spyhunter" found and fixed. Checked system startup in tools in Spybot and found strange entries such as:
HK_CU:RunOnce (User .default) with no Value and no Command Line.
HK_CU:RunOnce (User S-1-15-19) also with no value and no command line.
3. Unchecked startup entries found in Spybot but they returned after reboot. I use Mike Lin's Startup program to manage startup entries but it doesn't show entries found in Spybot.
4. Then ran NIS 2009 full scan again and W32.SillyFDC found again but status showed fixed with restart required. 5. Checked on Symantec website for further info. on worm and followed additional instructions to fix:

a. Disable System Restore (couldn't disable in system properties with option greyed and "Disabled under Group Policy". Had to stop service in system administration.)
b. Search for all autorun.inf files and edit for strange *.exe entry and delete entries if found. Found 1 autorun.inf with entry pointing to a strange .exe in the USB drive attached to restore files so deleted.
c. Update NIS 2009 virus definitions.
d. Run NIS 2009 full scan in safe mode but found nothing.
e. Delete registry entries in following if "worm" found but nothing found:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\"load"

Now,after rebooting and on startup, get error message "vb Accelerator SGrid II Control" Run-time error '0' and clicked OK, then error message "Malwarebytes' Anti-Malware" Run-time error '440' Automation error and clicked OK and system finished starting up. MBAM won't start due to same error messages at startup.

I need expert help to fix this, please!!! What do I try next? Thanks in advance for any assistance. :thumbsup:

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users