Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't locate virus


  • Please log in to reply
7 replies to this topic

#1 leerowlands

leerowlands

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 08 April 2009 - 04:02 PM

OS: windows vista ultimate, sp1.

Mcafee antivirus and firewall.

Hi guys
A couple of days ago I clicked through what seemed to be a real link to a codec update for windows media player and got a Trojan that went on to both my C:\ and D:\ drive. Mcafee found them and quarantined them, I then removed them, they were Generic!atr.
Since then windows update no longer works. I get error code 80244019.
Adaware would not update. I have since uninstalled it.
Mcafee wont update now and finds nothing when it scans.
My browser homepage has changed from google UK to google USA.
When clicking on page links I often end up on an unrelated page having watched about five or six different addresses go through the address bar.
I have downloaded mbam but it wont start, even in safe mode.
I have downloaded Threatfire and run a scan, it found nothing. About 30 mins after installing Threatfire I got a blue screen and windows shut down for no apparent reason.
I downloaded and ran the most recent version of Stinger and it found nothing.

Iím stumped and need some help now, can anyone offer some advice please?

Many thanks in advance,
Lee

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:06 AM

Posted 08 April 2009 - 04:12 PM

Hello,perhaps we can get an MBAm log thru one of these.

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it.

Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first
***
Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..


***
Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys.
***
Open up command prompt, type in following commands:
XP >> click the Start menu at the lower-left of your computer's desktop and select "Run". Type cmd into the Run box and click "OK".
Vista >> click the Start menu at the lower-left of your computer's desktop and Type cmd in the search box.

regsvr32 mbamext.dll
regsvr32 ssubtmr6.dll
regsvr32 vbalsgrid6.ocx
regsvr32 zlib.dll

****

If you cannot use the Internet,you will need access to another computer that has a connection.
From there save mbam-setup.exe to a flash,usb,jump drive or CD. Now transfer it to the infected machine, then install and run the program.
If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.

Manually Downloading Updates:
Manually download them from HERE and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 leerowlands

leerowlands
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 10 April 2009 - 08:29 PM

Many thanks for your reply. I've tried all you have suggested but with limited success, apart from the manual update installation nothing else has worked.

When I tried changing the name I kept getting a window opening telling me that that malwarebytes had stopped working and the windows had closed the program.

When I tried to use the commend prompt I got a window telling me that the module had failed to load.

I have got MBAM installed on my system, I just can't get it to work.

Are there any other options?

Many thanks
Lee

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:06 AM

Posted 10 April 2009 - 09:20 PM

Ok,Lee I have one more for MBAm. If thta works run it and if it doesn't try SAS below.
If possible run both.

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 leerowlands

leerowlands
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 10 April 2009 - 10:20 PM

Thanks again for your reply.
I couldn't download the SAS on the infected machine directly and had to use a memory stick to transfer it. I got a blue screen and a reboot half way through the instalation but completed it after that.
Unfortunately it's the same as mbam now, it's installed on the infected machine but I keep getting the same window opening up telling me that it has stopped working and that windows has closed the program :thumbsup:

I think I need a hmmer to kill this virus.....

Will I need to format the drive to remove the problem now?

All the best
Lee

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:06 AM

Posted 10 April 2009 - 10:30 PM

It appears you are seriously infected. Two options submit an HJT log and that will take you about a week. Or Reformat and reinstall. I''l supply both canned replies I have written for this situation.

We need to run HJT/DDS.
Please follow this guide. go and do steps 6 and 7 ,, Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log.

Let me know if it went OK.



Not an unwise decision to make. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action but I cannot make that decision for you.

Reformatting a hard disk deletes all data. If you decide to reformat, you can back up all your important documents, data files and photos. The safest practice is not to backup any autorun.ini or .exe files because they may be infected. Some types of malware may disguise itself by adding and hiding its extension to the existing extension of files so be sure you take a close look at the full name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive.

The best proceedure is a low level format. This completely wipes the drive. Then reinstall the OS.
Use the free version of Active@ KillDisk.
Or Darik's Boot And Nuke

The best sources of Information on this are
Reformatting Windows XP
Michael Stevens Tech

Of course also feel free to ask anything on this in the XP forum. They'd be glad to help.
==============================
2 guidelines/rules when backing up

1) Backup all your important data files, pictures, music, work etc... and save it onto an external hard-drive. These files usually include .doc, .txt, .mp3, .jpg etc...
2) Do not backup any executables files or any window files. These include .exe's, .scr, .com, .pif etc... as they may contain traces of malware. Also, .html or .htm files that are webpages should also be avoided.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 leerowlands

leerowlands
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 10 April 2009 - 11:09 PM

Thanks again for all your help.
The infected machine is still covered with a Dell warranty. I'll have a think about the reformating but also contact Dell to see what they come up with. If I go down the HJT route I'll post the name of the virus once I'm all fixed.

All the best

Lee

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:06 AM

Posted 11 April 2009 - 08:56 AM

Ok, you're welcome . The info when available will be appreciated.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users