Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware/svchost errors/No System Restore/No Safe Mode/No Brains


  • Please log in to reply
8 replies to this topic

#1 logicallad

logicallad

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 03 March 2009 - 10:04 AM

Hi,

First my system specs:

OS: Windows XP (SP3)
RAM: 4GB
Processor: Intel Quad Core Q6600
I use:
1. AVG v8.0 Free (I update definitions daily twice)
2. Comodo Internet Security v3.5 (I update definitions daily)
3. S&D Spybot v1.6
4. Windows Defender
5. Advanced System Care v3.0 Pro

Yesterday I was surfing the net trying to find a software when I stumbled upon a link for a file which was renamed into the file I was searching (later i understood that it was a divxaccess.exe file). And I do not know whether my stars were bad or I was going through a phase of having my brain numbed I installed the exe file (however, before installing I scanned it using AVG v8.0 free with the latest definitions and with Comodo Internet Security v3.5 again with latest definitions and both did not find any problem in the exe file). Also, Spybot did not throw a registry modification approval window.

After installing the first thing I noticed was that I lost my network (I use a WPA2-TKPor TPK security enabled wireless) I could not access the internet and then being fully aware that restarting the computer would cause problems I restarted the computer (I think I was brain dead at this time). Anyways, as soon as Windows was loaded I got multiple svchost application errors with memory problems (I think it were around 15 or so all for the programs that load on start up).

I pressed ok for most (another mistake) and then my system hanged. So, I restarted and got into windows again but this time I did not acknowledge the svchost application errors and tried to open Spybot but could not, AVG was scanning but nothing got registered as threat in the scan. Comodo was able to pick up 3 potential Virus/Spyware/Malware but it hanged.

I also tried System restore but it gave me an error and asked me to restart the system and then try (I could not even access System Restore). Also, I am not able to use the F8 on startup of computer. I read about Malware attacking boot.ini file so that I cannot boot into safe mode by the System Configuration Utility (or whatever its called). I will be trying to access System Configuration Utility (or whatever its called) and select the SAFEMODE option from Boot.ini but I am not optimistic about it working out.

I also read somewhere about the Malware modifying all svchost processes into scvhost processes which I am yet to confirm.

I really DO NOT want to Repair or do a fresh installation (God forbid). Can anyone suggest a solution please?

Many thanks in advance,
Logicallad
P.S. I will be loading the HJT file as soon as I can reach home from work.

Edited by logicallad, 03 March 2009 - 10:42 AM.


BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:09:12 PM

Posted 03 March 2009 - 10:45 AM

http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

HJT logs go in this forum, not here

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

I see you edited out the word crack

Edited by DaChew, 03 March 2009 - 10:45 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#3 logicallad

logicallad
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 03 March 2009 - 10:55 AM

Yes, I was being honest, but it was not taken in a positive manner on Neowin, so I was forced to delete it.

#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:09:12 PM

Posted 03 March 2009 - 11:07 AM

No subject matter will be allowed whose purpose is to defeat existing copyright or security measures. If a user persists and/or the activity is obviously illegal the staff reserves the right to remove such content and/or ban the user. This would also mean encouraging the use or continued use of pirated software is not permitted, and subject to the same consequences.


This is almost universal on any web forum

Also

The latest most maliscous infections are spread that way, some can't even be cured

Using any peer-to-peer (P2P) or file sharing program is a security risk which can make your system susceptible to a smörgåsbord of malware infections, remote attacks, and exposure of personal information.

The reason for this is that file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. This practice can make you vulnerable to data and identity theft, system infection and remote access exploit by attackers who can take control of your computer without your knowledge. Even if you change the risky default settings to a safer configuration, downloading files from an anonymous source increases your exposure to infection because the files you are downloading may actually contain a disguised threat. Many malicious worms and Trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities. In some instances the infection may cause so much damage to your system that recovery is not possible and a Repair Install will NOT help!. In those cases, the only option is to wipe your drive, reformat and reinstall the OS.

Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The best way to eliminate these risks is to avoid using P2P applications. Read P2P Software User Advisories, Risks of File-Sharing Technology and P2P file sharing: Anticipate the risks....
Chewy

No. Try not. Do... or do not. There is no try.

#5 logicallad

logicallad
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 03 March 2009 - 11:15 AM

Understood. I will keep it in Mind. Thank you.

Also, I was not using any P2P. It was a direct download from the net.

#6 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:09:12 PM

Posted 03 March 2009 - 11:34 AM

Warez and Crack sites are just as bad as P2P

The web sites are setup and run by the bad guys
Chewy

No. Try not. Do... or do not. There is no try.

#7 logicallad

logicallad
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 03 March 2009 - 11:49 AM

Ok. I will keep away from these sites.

However, do you have any suggestions on the problem?

I would really appreciate if you could suggest something.

Many thanks,
Logicallad

#8 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:09:12 PM

Posted 03 March 2009 - 11:54 AM

The odds are not in your favor, with your symptoms and where you got the infection, I feel it would be waste of time to persue a cleanup in this forum, the HJT forums are backed up and even after a wait it will be a challenge to remove the infection with their advanced tools. A clean install will be the best alternative.
Chewy

No. Try not. Do... or do not. There is no try.

#9 logicallad

logicallad
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 03 March 2009 - 12:01 PM

:thumbsup: :flowers: :trumpet: :inlove: ok...thank you!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users