Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Malware/virus infection


  • Please log in to reply
17 replies to this topic

#1 TheIrishAmerican

TheIrishAmerican

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 19 May 2009 - 10:11 AM

I'm not exactly sure what the problem could be. All of a sudden, my system started acting abnormal, maybe 4 or 5 days ago. I have Norton 360 on here and run Malwarebyte's at least once a week. Mainly only tracking cokies and the like. but system is still different. Any help in this matter is much appreciated. Attached, you'll find the requested DDS logfiles..

Thanks again in advance,

Steve

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:27 AM

Posted 31 May 2009 - 09:59 AM

Hello TheIrishAmerican

Welcome to Welcome to BleepingComputer :thumbup2:
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 TheIrishAmerican

TheIrishAmerican
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 13 June 2009 - 04:20 PM

Sorry for the delay in responding. Attached, please find the requested scans.

Attached Files



#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:27 AM

Posted 13 June 2009 - 04:36 PM

Hi your logs are clean of malware but I see this in one of your logs:
Error - 6/7/2009 3:17:53 PM | Computer Name = PADRAIG_MCARDLE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.
 
Error - 6/7/2009 3:17:53 PM | Computer Name = PADRAIG_MCARDLE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.
 
Error - 6/7/2009 3:17:53 PM | Computer Name = PADRAIG_MCARDLE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.
This means that possibly that drive has some bad sectors on it.
======================================
I will run a scan to check for possible rootkit activity just to be sure you are clean of those as well.

Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 TheIrishAmerican

TheIrishAmerican
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 13 June 2009 - 08:37 PM

I do apologize but when I ran the requested scan, I didn't check the boxes beside LOP Check and Purity Check. Shall I run the scan again making sure to check all as requested..? Not sure if it would make a difference in thte results or not. Otherwisw, I will download and run this latest requested scan...

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:27 AM

Posted 14 June 2009 - 08:09 AM

No I have seen the first scan results this is another type of scanner I would like you to run.
Please proceed with my second set of instructions and post the rootkit scan log.
Thanks. :thumbup2:
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 TheIrishAmerican

TheIrishAmerican
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 15 June 2009 - 09:40 PM

I have attempted to run the requested scan 3 different times. After running for about 3 hours or so, it comes up with an error message saying the log file cannot be saved due to failure of hard disk. The data has been lost. And the computer then freezes completely. What can I do...???

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:27 AM

Posted 15 June 2009 - 10:05 PM

Ok don't worry with that one.

Let's try this one:
  • Click Here to download catchme.exe.
  • Save it to your desktop.
  • Double click on catchme then click on scan.
  • it will save a log file to your desktop.
  • Please post it here in your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 TheIrishAmerican

TheIrishAmerican
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 16 June 2009 - 11:20 AM

Here is the results of the catchme scan. One thing i forgot to mention in the beginning of all this was that even my 'chkdsk' never could finish it's scan. even with the 'f' parameter.

Attached Files



#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:27 AM

Posted 16 June 2009 - 12:49 PM

Ok your logs are all clean of malware.
What is the hard drive that is D: ?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 TheIrishAmerican

TheIrishAmerican
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 16 June 2009 - 11:22 PM

D is just the recovery partition...... Good to hear no malware. Any suggestions on:

Error - 6/7/2009 3:17:53 PM | Computer Name = PADRAIG_MCARDLE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 6/7/2009 3:17:53 PM | Computer Name = PADRAIG_MCARDLE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 6/7/2009 3:17:53 PM | Computer Name = PADRAIG_MCARDLE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.


Considering that chkdsk seems to have a problem also, what else would you suggest..??

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:27 AM

Posted 17 June 2009 - 07:14 AM

If it indeed has a bad block then it could mean also that your original hdrive is also on it's way out.
Usually the 2 partions are located on the same drive.

I would try to run a hard drive test on the machine.
Do you know the manufacturer of the hard drive?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 TheIrishAmerican

TheIrishAmerican
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 17 June 2009 - 08:41 AM

the manufacturer is Western Digital....

#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:27 AM

Posted 17 June 2009 - 01:16 PM

Go to this location:
http://support.wdc.com/product/download.asp?wdc_lang=en
Enter in the model number of your drive (you can find it on the actual hard drive itself it will start with WD)
then it will tell you the available downloads that they have for your product.

Then follow the instructions for creating the .iso data lifeguard cd.
Then boot from the cd and run a diagnostic check on your system.

You can find information on how to do that here:
http://wdc.custhelp.com/cgi-bin/wdc.cfg/ph...amp;p_topview=1
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#15 TheIrishAmerican

TheIrishAmerican
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:27 AM

Posted 19 June 2009 - 06:21 PM

The diagnostic scan came up with no errors. over the last 2 days when my system is starting up, from the taskbar i get an error message from Skype that a particular file is corrupt, please run chkdsk utility. Same message whenever i open Windows Media Player. If there are no errors, what causes that..?? This is confusing and frustrating...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users