Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A stealthy advesary [Reopened]


  • Please log in to reply
1 reply to this topic

#1 steeledr03

steeledr03

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Location:Scotland
  • Local time:05:09 AM

Posted 05 May 2009 - 10:45 AM

My equipment: Dell XPS M1330 laptop. Running Windows Vista HP. I was also running NAV but it had not been updating and I hadnt fixed it.

I have been struggling with infection for number of days the effects make the hardware perform as if it has intermittent defects. these are black screen with a white stripe. Machine runs hot the fan burning & turning like its trying to get liftoff. The startup screen regulary can be seen but with multiple blue stripes. if I manage to get to the windows splash screen, without getting "blacked out" the windows logon has an additional "splash" overlay and decolor of the screen. Generally performance is poor and slow. I know the second I got infected. I was running a flash movie and the screen changed after I clicked into the site. The mouse became like a grid with a box of lines. Then the screen went funny and the computer crashed. It let me start-up but the screen went black (with the stripe). I originally could attach a monitor and see windows when my laptop monitor did this. But after re-connecting to the net I can no longer see windows from my external monitor. The conditions changed!

I can use the BIOS setup and the Laptop diagnostics - nothing, no screen problems no symptoms. I have had this on the machine for over 24 hours no screen or runability issues

I can run Sppotmau recovery and have rescued my files. I had no good backup files due to using a disk encryption package (PGP)

I read some stuff on this and other site and ran Windows repair from my installation disk. I used the bootrec.exe function in the DOS command feature. I used Fixboot and fixmbr. After that I was able to restart and have no symptoms. machine back to normal. Fan on slow handling a good load, startup shutdowns no problem. then after about an hour or two all of a sudden the screen hue changes and the gridlines come on the mouse, after this the screen freezes and the laptop crashes. i have now redone this process three times and can get a few hours of good running. But something - the clock I dont know what kicks this thing back into life and after its crashed the machine once I am into the black startup screen again.

Since getting "infected" I have since started using PCtools Internet Sec & have an uptodate Ad-ware AE (not the dodgy one). I have run Windows Malicious Software prog, Malaware Bytes, Spybot. All show nothing. I know there is something! When I installed PCtools I went on the net to download updates. After it finshed screen went blank and when I was able to sign no again. I notices that my regedit and DOS Command were unblocked for access to net.

Manually looking through my reg and System32 I found some malware files Twunk, winhelp.exe but not much else.

I suspect an root virus. Any views would be welcomed. I have a HJT readout from Saturday which I will place on that part of the forum.

Any help would be welcome. I think I have something newish, or a new variant. Or I am just going crazy and my laptop needs a new owner!!!

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,805 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:09 AM

Posted 06 May 2009 - 06:02 PM

Topic reopened at poster's request and HJT topic deleted. ~ OB
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users