Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple infection renders XP machine useless


  • This topic is locked This topic is locked
2 replies to this topic

#1 CaptainOblivious

CaptainOblivious

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 17 March 2009 - 08:36 PM

I cannot for the life of me pin this down.. Anybody care to have a look?

Symptoms:
-Initial Antivirus360 infection, which has since been removed.
-Immediately following removal of av360, Windows Update fails and select programs (specifically targeted?) will load but not operate. These problems did not occur prior to av360 removal.
-An instance of iexplore.exe runs whenever explorer.exe loads, as evidenced by running explorer from cmd during safemode-prompt boot. There are no Internet Explorer browser windows, however.

Details:
I cannot run programs such as Malwarebyte's Anti-Malware (the program proper nor its installer), ComboFix, AVG8free, ATFcleaner, and Spybot S&D. Windows Defender installs and runs, but detects no problems.

Attached is my HijackThis log, but I recognize everything on it as legitimate.

As much as I dislike to, I am about to attempt a Windows XP Repair Install. I am not sure that would fix the issue, though.

And a question on my way out... Is this Antivirus360 thing spreading as fast as I think it is? I have been called out to attempt a fix for it for three separate and unrelated clients already. This is the fourth. Is it possibly evolving to account for the symptoms listed above?

I'll be around to answer any further questions.

Attached Files



BC AdBot (Login to Remove)

 


#2 CaptainOblivious

CaptainOblivious
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 24 March 2009 - 11:18 AM

WARNING: visitors to this site should not take my advice as golden. This is only my own experience in removing my own problem in my own topic.
---

This problem is fixed... It ended up being a rootkit - TDSS. RootRepeal.exe allowed me to track the sys file, back it up, and wipe it, and then Avenger gave a clean report. AVG scans this file as "Win32/Cryptor"

My programs and windows updates run once again, as does Malwarebytes which found several objects the rootkit downloaded, and successfully removed them.

This virus/rootkit is evolving to remove our avenues of recourse. So far, RootRepeal seems to be the best stepping stone to removing it in full.

I will be around to provide any further information requested of me by the staff.

Edited by CaptainOblivious, 24 March 2009 - 11:20 AM.


#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:08:56 PM

Posted 24 March 2009 - 11:40 AM

Thanks for informing us what you did.
Good luck.

This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users