Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

User32.dl + nvtpm32.dll constant respawn - crash system


  • Please log in to reply
6 replies to this topic

#1 gabaod

gabaod

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 02 March 2009 - 02:06 PM

Hi there, Im new to these forums as I have never had a problem in the past removing malware/viruses, but this one has me stumped and Im about to reformat it as I am presuming its a boot sector virus now.

What happens is this. if i delete user32.dll from the system it wont start up, if i replace it with a known good version, within 10 minutes of the pc being turned on that file will be rewritten with a new timestamp, it creates some 1.tmp 2.tmp 3.tmp file names which than creates nvtpm32.dll which ties into 3.tmp which is tied into svhost.exe. On next reboot nvtpm32.dll will now be tied into winlogin.exe and the file list keeps growing and growing until theres about 100 files which at that point no other .exe file will execute unless the pc is in safe mode. Combofix does not see the nvtpm32.dll or user32.dll as bad files, Malware antibyes sees the nvtpm32.dll as bad, but not the user32.dll file, and it will delete it on reboot, but it respawns within 10 min of rebooting.

Here are my attachments.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Neil at 12:53:59.32 on Mon 03/02/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12

============== Running Processes ===============


============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
TB: {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} - hxxp://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LMIinit - LMIinit.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\neil\applic~1\mozilla\firefox\profiles\pfzs2flf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-03-02 12:52 62,560 a------- c:\windows\system32\3.tmp
2009-03-02 12:52 164 a------- c:\windows\system32\2.tmp
2009-03-02 12:41 578,560 a------- c:\windows\system32\user32.dll
2009-03-02 10:15 578,560 a------- c:\windows\system32\xuov
2009-03-02 09:27 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-02 09:27 <DIR> --d----- c:\program files\CCleaner
2009-03-01 12:13 2,148 a------- c:\windows\system32\wpa.dbl
2009-03-01 11:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-03-01 11:58 <DIR> --d----- c:\docume~1\neil\applic~1\SUPERAntiSpyware.com
2009-03-01 11:42 <DIR> --d----- c:\docume~1\neil\applic~1\Malwarebytes
2009-03-01 11:42 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-01 11:42 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-01 11:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-01 11:42 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-27 16:39 676,352 a------- c:\windows\system32\rtl60.bpl
2009-02-19 06:54 <DIR> --d----- c:\program files\iPod
2009-02-19 06:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

==================== Find3M ====================

2009-03-02 09:27 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-16 21:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll
2009-01-04 13:21 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-19 03:10 87,552 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 03:10 31,232 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-18 23:25 634,024 -------- c:\windows\system32\dllcache\iexplore.exe
2008-12-18 23:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-12-11 04:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2005-01-30 19:54 475 a--sh--- c:\windows\system32\qxv.dll

============= FINISH: 12:54:33.65 ===============




ALSO HERE IS ANOTHER LOG OF DDS Since as I said files keep spawning, so this is ran about 10 minutes after the last log I just posted


DDS (Ver_09-02-01.01) - NTFSx86
Run by Neil at 13:04:52.60 on Mon 03/02/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12

============== Running Processes ===============


============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
TB: {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [SytéUpdates] 3.tmp
mRun: [services] c:\windows\services.exe
mRun: [reader_s] c:\windows\system32\reader_s.exe
mRunServices: [SytéUpdates] 3.tmp
dRun: [SytéUpdates] 3.tmp
dRun: [hdiyytkx.exe] c:\windows\hdiyytkx.exe
dRun: [reader_s] c:\documents and settings\neil\reader_s.exe
dRunServices: [SytéUpdates] 3.tmp
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} - hxxp://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LMIinit - LMIinit.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\neil\applic~1\mozilla\firefox\profiles\pfzs2flf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-03-02 12:59 213,120 a------- c:\windows\system32\dllcache\ndis.sys
2009-03-02 12:59 47,104 a------- c:\windows\system32\reader_s.exe
2009-03-02 12:59 30,208 a------- c:\documents and settings\neil\reader_s.exe
2009-03-02 12:58 56,321 a------- c:\windows\services.ex_
2009-03-02 12:57 136,128 a------- c:\windows\system32\drivers\ethqnwwj.sys
2009-03-02 12:55 162,816 a------- c:\windows\system32\4.tmp
2009-03-02 12:52 134,656 a------- c:\windows\system32\3.tm_
2009-03-02 12:52 164 a------- c:\windows\system32\2.tmp
2009-03-02 12:41 578,560 a------- c:\windows\system32\user32.dll
2009-03-02 10:15 578,560 a------- c:\windows\system32\xuov
2009-03-02 09:27 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-02 09:27 <DIR> --d----- c:\program files\CCleaner
2009-03-01 12:13 2,148 a------- c:\windows\system32\wpa.dbl
2009-03-01 11:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-03-01 11:58 <DIR> --d----- c:\docume~1\neil\applic~1\SUPERAntiSpyware.com
2009-03-01 11:42 <DIR> --d----- c:\docume~1\neil\applic~1\Malwarebytes
2009-03-01 11:42 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-01 11:42 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-01 11:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-01 11:42 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-27 16:39 676,352 a------- c:\windows\system32\rtl60.bpl
2009-02-19 06:54 <DIR> --d----- c:\program files\iPod
2009-02-19 06:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

==================== Find3M ====================

2009-03-02 12:59 213,120 a------- c:\windows\system32\drivers\ndis.sys
2009-03-02 09:27 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-16 21:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll
2009-01-04 13:21 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-19 03:10 87,552 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 03:10 31,232 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-18 23:25 634,024 -------- c:\windows\system32\dllcache\iexplore.exe
2008-12-18 23:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-12-11 04:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2005-01-30 19:54 475 a--sh--- c:\windows\system32\qxv.dll

============= FINISH: 13:05:04.37 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gabaod

gabaod
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 03 March 2009 - 12:43 AM

Ok. Now Im really confused how to clean this up, thinking it must be a bios based virus or something. I have just done a full format, plus 2 quick formats and reinstalled windows, updated to sp3, installed avg, firefox, adobe reader, ccleaner, office and guess what. user32.dll once again is being malicious and that nvtpm32.dll once again is back too..


I have never seen a virus stay on a computer after a full format. Please help.

#3 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:54 AM

Posted 03 March 2009 - 05:06 PM

Hello Gabaod,

I'm afraid I have bad news for you :thumbup2:

I see you're dealing with Virut on your system. In that case, it's unfortunately a lost cause - Game over situation and a format and reinstall is the fastest and especially the safest solution.

You may want to read this why:
Virut and other File infectors - Throwing in the Towel?

So, I suggest you to start backup all of your valuable data/documents/pictures/movies/songs/etc.. Do NOT backup any applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files...
This because these files may be infected as well. If you back them up and replace them afterwards, it will infect your computer again.
I guess that's what's happening to you. Either reinfecting by use of infected data you backed up, or an infected external medium.
Make sure during reinstall you delete all partitions present on the hard drive, and use the (slower) deep format prior to creating new partitions !!

Read here for instructions how to format and reinstall Windows: http://web.mit.edu/ist/products/winxp/adva...all-format.html

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#4 gabaod

gabaod
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 03 March 2009 - 05:17 PM

Hi Thunder.

Ive presumed its a virut already as the problems I am having. As of lately I have had it fully cleaned up, every anti rootkit software I could throw at it, etc all are saying clean. As soon as I had it join a wireless network, within seconds windows/system32 directory started creating 1.tmp files in there. This is insane.

My next step is to do a tcp/ip trace to see where the requests are going and redirect those to the local host to see if that will prevent further spread.

This is what I worry about Thunder. How can I restore any data from this machine?

I have created an ACronis image of the original data onto a 200gb external drive, its a single image file. And I know I have viruses within that image.

The thing is, I never once accessed that file directly, or mounted it to view its contents. All I did is plug in the external drive and instantly AVG started noticing viruses.

When I ran sysinternals rootkit revealer it did show some issues with G:\$Extend... information, but it locked up trying to save the log. G:\ is my external, so I am presuming now that my G:\ drive is infected, which is just acronis true image files.. Is it possible that the virus could merge itself into those Acronis image files that we had saved prior? I have not accessed any other files from that external since I have backed up data to it.

It seems the only way around this is for me fully reformat my external drive, and reformat the laptop drive that caused the issues, and just not be able to save any backed up data as it seems theres no way I can retreive any info without the virus spreading, unless you have other input.

#5 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:54 AM

Posted 04 March 2009 - 04:53 PM

Hello Gabaod,

Just make sure you install and UPDATE adequate security programs before even considering restoring backed up data !!
Avira AntiVir would be my first choice, SuperAntispyware as antispyware protection to build in secundary protection.

If you really need to back up some data, then make sure you don't include any of the file types listed higher.
I'd burn them to a CD/DVD, make sure autoruns is disabled on the drive you'll use to read them,
and then scan the CD/DVD prior to transferring anything back.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#6 gabaod

gabaod
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 04 March 2009 - 06:01 PM

Well I just did another test.

I reformated the drive, reinstalled xp home, installed avg, ccleaner, java, adobe flash/reader, firefox, reboot, installed drivers, reboot, popped out hard drive and made an image of it. put drive back into computer and had it join a wireless network, within 2 minutes avg is spawning virus threats.

I then put that image i created onto a different hard drive, booted up off of that and once again virus threats as soon as it went online.

So now Im down to 3 things that are causing this. 1. Infected install media (attempting a pressed xp home cd now) 2. infected flash drive (though I ran the exact same .exes and it was set to autorun on a different XP home machine and that machine is still virus free. 3. A really new type of virus that has learned how to embed itself into the bios or some other flash memory within this laptop where it can survive a full re-format.

Ill post after this next install from a pressed xp home cd, using a burnt cd of downloaded drivers from a virus free computer, and see if it detects viruses once its online again.

also take note, this last attempt I never had the old backed up data plugged into the computer at all, so I know the root is not coming from that.

Edited by gabaod, 04 March 2009 - 06:06 PM.


#7 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:09:54 AM

Posted 12 March 2009 - 05:13 PM

Hello Gabaod,

Still having those problems ?

And please, try using Avira Antivir this time in stead of AVG,
just to see if it can't prevent that malware from loading any better.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users