Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Definitely Infected


  • Please log in to reply
3 replies to this topic

#1 jschuster13

jschuster13

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 04 June 2009 - 08:26 AM

A few weeks ago, I started getting security alert pop-ups on my laptop from some "authentic looking" antivirus 2009 program, which I never installed.

My environment:
Dell Inspiron 6400
Windows XP Pro SP3
McAfee Security Center 9.3
Peoplepc is my ISP (I live in a rural area and use dial up. I tried a Sprint Broadband card for a few days, but I didn't have a strong enough signal, so I'm still using dial up.

I ignored the popup and ran McAfee virus scan, which found several items (DNSchanger!K, Fakealertxxx and others) and which I removed. Every so often after that, the antivirus alert stuff would keep popping up and I'd rerun the virus scan and remove whatever McAfee found. I also started researching viruses and malware information on the internet and figured I was infected with some nasty stuff.

Last week, my laptop would not boot up completely. It would go through the bios load and the Windows XP screen with the blue scanner bar at the bottom. Afterwards, it would go to a black screen with just the white cursor arrow. I would power down and reboot. Sometimes it would get to the blue MS Welcome screen and stop. Other times, it would get to the desk top and stop. Sometimes it would go back to the black screen with the white cursor arrow. And sometimes it would boot up completely. Booting up completely, the icons would be "painted" slowly on the desktop.

I then tried booting in Safe mode. It always seems to boot up OK in Safe mode, but the graphics don't allow me to see my entire McAfee screen and I can't scroll around to see the rest of the McAfee screen, so I'm limited as to what I can do with McAfee while in Safe mode. I have run DDS, HiJackThis, SUPERAntispyware, Malwarebytes and GMER and I appear to have some major issues.

Right now, it appears my two biggest detected problems that I can't seem to get rid of are "\WINDOWS\system32\drivers\str.sys" and "\WINDOWS\system32\uacinit.dll". Also, several "UACxxxxx" files are also identified in red by one of the free software detection programs (don't remember which one).

There also seems to be something which keeps attempting to connect to the internet as my IE connection window keeps popping up every so often. I have IE set to use the Sprint Broadband connection by default, which I no longer have, so it never does connect successfully to the internet (dumb luck????).

So, I am seeking assistance in developing a plan of attack to resolve my laptop issue(s). ANY help would be appreciated. Thanks in advance.

Jeff :thumbsup:

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:09:59 PM

Posted 04 June 2009 - 09:06 PM

It always seems to boot up OK in Safe mode, but the graphics don't allow me to see my entire McAfee screen

Increase your screen resolution in Display Properties

WINDOWS\system32\drivers\str.sys
\WINDOWS\system32\uacinit.dll

Unfortunately, you are dealing with virut. A very nasty virus
The best recommendation is to reformat and reinstall
It is also best not to save anything
Give this a read. It's from one of our senior HJT team members:
http://miekiemoes.blogspot.com/2009/02/vir...s-throwing.html
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 jschuster13

jschuster13
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:59 PM

Posted 08 June 2009 - 10:40 AM

Thanks, Mark. That's what I was afraid of, which brings up several questions . . .

1. Do you have any suggested links that detail the reformat and reinstall process for the layman? (I've never done this process before)

2. Is it OK to save ANY data (non-executeable) files before reformatting?

3. Do you have any suggested links that provide a good recommendation for anti-virus software? It appears McAfee hasn't done the job I thought it would do or maybe I expected too much from it.

4. Do you have any suggested links that provide a good recommendation for a "best practices" in preventing future infections. Other than complete "abstinence" from the internet, we've (wife, kids and I) been doing the obvious (don't open attachments, run regular scans for viruses while maintaining an up-to-date virus database, be careful about what you download and where you download from, etc, etc). We're not into illegal or immoral activities, so I'm not sure of the best way to keep my computer safe and from what I've seen in researching this virus stuff, internet abstinence might be the only way to stay virus free.

FYI, regarding the display characteristics in safe mode: When I change the display settings, they don't seem to take effect. The display remains the same and I can't view the entire McAfee screen.


Finally, thank you (and your legion of peers) for providing your tireless TIME and EFFORT in helping those of us less knowledgable about computers. I wish you many blessings!

Jeff

Edited by jschuster13, 08 June 2009 - 12:05 PM.


#4 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:09:59 PM

Posted 08 June 2009 - 06:41 PM

Is it OK to save ANY data (non-executeable) files before reformatting?

With virut, no you shouldn't save anything. You run the risk of reinfection

Do you have any suggested links that detail the reformat and reinstall process for the layman?

You have a Dell. It's pretty straight forward. You have 2 ways, using the recovery partition on the recovery CDs
http://support.dell.com/support/topics/glo...toggle=&dl=
Just click on the blue bar to select your operating system and the the + sign on the blue tabs and it will walk you through it
Manual reinstall:
http://support.dell.com/support/topics/glo...mp;docid=339949

Do you have any suggested links that provide a good recommendation for anti-virus software?

You can take a look in our Freeware Application thread:
http://www.bleepingcomputer.com/forums/topic3616.html
Or post your questions in our AntiVirus, Firewall and Privacy Products and Protection Methods forum:
http://www.bleepingcomputer.com/forums/f/25/antivirus-firewall-and-privacy-products-and-protection-methods/

Do you have any suggested links that provide a good recommendation for a "best practices" in preventing future infections.


http://www.bleepingcomputer.com/forums/t/75445/suggested-safe-practices/



[/list]Tips to protect yourself against malware and reduce the potential for re-infection:
• "Simple and easy ways to keep your computer safe".
• "How did I get infected?, With steps so it does not happen again!".
• "Hardening Windows Security - Part 1 & Part 2".
• "IE Recommended Minimal Security Settings" - "How to Secure Your Web Browser".

• Avoid gaming sites, underground web pages, pirated software, crack sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users