Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan/Policies


  • Please log in to reply
4 replies to this topic

#1 Eppiox

Eppiox

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 05 March 2009 - 12:57 AM

I am currently fixing a PC (not this one i am posting with right now) That was infected in between the 24th to the 26th.

The user (my auntie) downloaded and used limewire for quite some time (against my advice) but this time was struck when a movie file asked her to download a program to run the movie.
Her system was infected and she deleted limewire (Original files used to infect the pc have already been deleted) and tried to run avg (which failed)

Symptoms and things i have tried. Note most of these passed the installation process
  • Cant Open many virus scanners/malware scanners.
  • Web site redirects.
  • Windows policies changed to prevent some programs running.
  • Uninstalled Java, reinstalled it.
  • Windows recovery fails to start.
  • Avg(fails to load)
  • ComboFix (fails to load)
  • Super anti spyware (fails to load)
  • SDfix (fails to load)
  • Spybot Search n destroy (fails to load)
  • Nod32 (full system scan found 60 items cleared them all and now no more random .exe files appear in C, however browser hijacking and .exe files still fail to load even renaming them to different things)
  • HJT(cleared everything,(there was not much left after i uninstalled java and virus scanners ect) Things pop back up in there.
  • MBam(Fails to load but with an error) the error is
  • Header "vcAccelerator SGrid II Controll"
  • message " Run-Time error "0" "
  • next error
  • Header "Malware Antibytes' Anti-Malware"
  • message "Automation error"
  • Had help in majorgeeks forums but the last comment was after my logs were read "i cant see any malware present on your system".
  • Also tried online scans, the websites with the specific scan fail to load.
  • Constant redirection to Webclicks.
I even tried to reset policies but the recovery console does not start. as soon as i select it in start up it goes to a blinking dashing line and will sit there indefinitely.
Crap Cleaner works and i cleaned as much as i could out.
Reg edit works but i have no idea what to look for anymore.

Note Java once uninstalled would not reinstall returning an error along the lines of "you do not have permission", i had help from the majorgeeks forum to run a reg file that got it working.
The system seems hijacked, but i cannot determine what is causing it. It seemed completely stealthed or part of windows (which leads me to believe some policies are stopping me doing things)

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:02:55 PM

Posted 05 March 2009 - 09:04 PM

Uninstall mbam and reinstall it

If mbam won't install

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 Eppiox

Eppiox
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 06 March 2009 - 02:44 AM

Unfortunately i have tried renaming most programs in an attempt to get them running. the short cuts and the original file. I even created a bat file to launch it but it still did not work.
I just checked around logs and i get a few "missing mui" (along those lines) errors.

I might try an avg bootkit.
And in a last attempt probably in a week or so i might try to check the drive for errors with a boot disk loader in an effort to get the recovery console working, (just read some horror stories so i will save it for last)

#4 Eppiox

Eppiox
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 06 March 2009 - 04:52 AM

Avg root kit did the job, found 13 entries. Deleted them and all seems good. mbam installs now and super anti spyware, im running them all.
Super anti spyware found 3 things on a deep scan after 20 minutes, Mbam is still going at 25 minutes with 9 things found so far.

After reading up on kernel level boot kit infections i think to be 100% sure a format is needed (the one thing i was trying to avoid)
The pc i am fixing is used for a lot of internet banking and other things, maybe i should make a root kit infection of my own to stop lime wire or other risky programs from running :thumbsup:

#5 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:02:55 PM

Posted 06 March 2009 - 07:49 PM

used for a lot of internet banking

I wouldn't even risk it. I would go ahead and reinstall
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users