Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Virus


  • Please log in to reply
12 replies to this topic

#1 Infitima

Infitima

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 04 April 2009 - 06:15 AM

Uh hi, I don't know if this is the right place. If it's not can it be moved?

So recently my sisters computer went through some trouble I didn't know about. Malwarebyets cleaned it, but Norman was showing too many infections and couldn't clean it. Finally Malwarebytes didn't show anything. But Norman did. I let this go.
So the next day the first problem that showed up. Was every time I clicked on something or restarted the computer I got this "No-Disk Windows Error" that I had to hit cancel like 4 times before it closed. Open a picture it popped up again.
Then my external hardrive which was working before, stopped. The computer wasn't reading it. Infact no drives were read. All the drives under "My Computer" had plain dissapeared except for E - CDRom, D - REcovery, and C:\.
So when I unplugged the external hd, it restarted the computer. Plugged it back in, restarted. And this kept going on and on. I tried un-installing the external hd. But when it re-installed restarted again. Now I'm the tech support in the family, so when something happens, it's usually up to me to fix it.
I'm familliar with HJT and scanned with that but it brought up nothing except AVG files that weren't there anymore but were still being read. Even after deleting it all. I cleaned with CCleaner. Finally AVG went away. However errors were still there.
And every time it restarted it gave a minidump. I manually debugged those and found out it was an error in arpolicy.sys. But couldn't fix it. Tried FDFix, nothing. Finally! Tried ComboFix and it worked. The No-disk error is gone. All the drives are back....
So what's the problem? Nothing now, however I want to be sure. I can read HJT logs. But this Combofix log I'm not sure of...nothing on it is coming up in google, so I can't find what the problem was. I would like to know for next time if it ever happens again, or for preventions.

This site says not to post combofix log without being told to, so I explained the situation before so.
Can I post it to get some answers?

BC AdBot (Login to Remove)

 


#2 Guest_Jay-P VIP_*

Guest_Jay-P VIP_*

  • Guests
  • OFFLINE
  •  

Posted 04 April 2009 - 01:02 PM

:thumbsup: to Bleeping Computer.

Please do not make any further changes to your computer, run any more removal tools, or do any type of system tool such as System Restore. Please wait for an authorized helper to help!

Note: in the future, please do not run combofix without the expressed written consent from a qualified helper. Combofix is rather dangerous, and can render your computer inoperable.

Thank you!

#3 Infitima

Infitima
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 04 April 2009 - 03:32 PM

:thumbsup: to Bleeping Computer.

Please do not make any further changes to your computer, run any more removal tools, or do any type of system tool such as System Restore. Please wait for an authorized helper to help!

Note: in the future, please do not run combofix without the expressed written consent from a qualified helper. Combofix is rather dangerous, and can render your computer inoperable.

Thank you!



But I know what I was doing.....And still do.
I just don't recognize THIS particular virus. I used it perfectly well knowing what I was doing, and it fixed it.
So uh...yeah. I'd just like the log analyzed to know what virus it was.

#4 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:10:50 AM

Posted 04 April 2009 - 03:32 PM

Unfortunately the author of the tool does not want information on how Combofix works on public forums.

The only public information that is available can be found at this guide:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#5 Infitima

Infitima
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 04 April 2009 - 03:35 PM

Unfortunately the author of the tool does not want information on how Combofix works on public forums.

The only public information that is available can be found at this guide:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix




And that guide gave forums to go to to get the log analyzed. I read it!
I just want to know what freakin' virus it is! Is that hard to ask?
If so, forget it.

#6 Guest_Jay-P VIP_*

Guest_Jay-P VIP_*

  • Guests
  • OFFLINE
  •  

Posted 04 April 2009 - 03:45 PM

Please calm down.

Please navigate to HERE, read the Preparation Guide and start a new topic requesting help.

#7 Infitima

Infitima
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 04 April 2009 - 03:52 PM

Please calm down.

Please navigate to HERE, read the Preparation Guide and start a new topic requesting help.



I saw it.
How does that help? It says Don't post a ComboFix log without being asked to.
The whole reason for this topic. Was to basically ask. "Can I post the log and get answers?????"

#8 Infitima

Infitima
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 04 April 2009 - 04:25 PM

Also, I can't prepare a new topic. Because the virus is gone, no more virus, no more errors. Can't screenshot what's not there when I already cleared the event log.
All that's left of it is the CF log.
So just forget it.
The computers fixed.
I guess I don't need to know what virus it was.

#9 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:50 AM

Posted 04 April 2009 - 04:28 PM

Please calm down.

Please navigate to HERE, read the Preparation Guide and start a new topic requesting help.



I saw it.
How does that help? It says Don't post a ComboFix log without being asked to.
The whole reason for this topic. Was to basically ask. "Can I post the log and get answers?????"



Since you are doing everything yourself, do a search for those files that CF removed in the HJT forum and google.
Chewy

No. Try not. Do... or do not. There is no try.

#10 Infitima

Infitima
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 04 April 2009 - 04:29 PM

Please calm down.

Please navigate to HERE, read the Preparation Guide and start a new topic requesting help.



I saw it.
How does that help? It says Don't post a ComboFix log without being asked to.
The whole reason for this topic. Was to basically ask. "Can I post the log and get answers?????"



Since you are doing everything yourself, do a search for those files that CF removed in the HJT forum and google.



I did, I didn't see them. Google found nothing.
UAC. something.

#11 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:50 AM

Posted 04 April 2009 - 04:49 PM

That's a rootkit that is state of the art, the core file is Uacxxxxxx.sys

Here are some doityourself advanced links

http://www.malwarebytes.org/forums/index.php?showforum=39

The pertinent issue is CF by itself is not a wide spectrum general use scanner, coupled with advanced analysis tools and a highly skilled trained helper it's an excellent front end to scripting.

You'll have to join a school and work your butt off for months to get the lessons.

Next week, next month, next year, CF could be gone, but other tools will be here.

Your task would be easier if you would apply the oz of prevention. Many infections are practically incurable, including the UAC variants.

Edited by DaChew, 04 April 2009 - 04:50 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#12 Infitima

Infitima
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 04 April 2009 - 04:57 PM

That's a rootkit that is state of the art, the core file is Uacxxxxxx.sys

Here are some doityourself advanced links

http://www.malwarebytes.org/forums/index.php?showforum=39

The pertinent issue is CF by itself is not a wide spectrum general use scanner, coupled with advanced analysis tools and a highly skilled trained helper it's an excellent front end to scripting.

You'll have to join a school and work your butt off for months to get the lessons.

Next week, next month, next year, CF could be gone, but other tools will be here.

Your task would be easier if you would apply the oz of prevention. Many infections are practically incurable, including the UAC variants.


I wasn't familliar with rootkits. So I didn't recognize it.
Now I get what it was. However CF did get rid of it, so I think the computer is cleaned from everything. None of the previous issues are happening.

#13 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:50 AM

Posted 04 April 2009 - 05:41 PM

Whenever I am treating an infection, I disconnect the infected computer from the internet, I then load a folder with tools and all available updates, transfer to an immunized usb drive and then throw the book at the infection.

After a few years you start to get a feel for how malware functions, the important part is to never assume you are clean until you have checked and rechecked.
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users