Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm at a loss...


  • Please log in to reply
5 replies to this topic

#1 techextreme

techextreme

    Bleepin Tech


  • Members
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:08:25 PM

Posted 09 June 2009 - 08:41 PM

I've been working on a computer for 2 days now and am at a loss as to what has infected this thing.

I started off trying the normal utilities, Malwarebytes, SuperAntiSpyware, and Combofix. But I was met with some resistance. None of these would install. Watching the processes as I tried running the installers, I would see them start, hit 99% CPU and then die off. I'm not sure where I read it, but I renamed the MBAM-Setup.exe to mbamsetup.exe and was able to get malwarebytes to install. Unfortunately, all attempts at updating malwarebytes have failed. It continuously says to check the internet connection.

Now, I know it's connected to the internet and actively sending copious amounts of spam mail as my Endian Firewall was catching all of it and rejecting it back. 22,000 e-mails in 10 minutes.

I then booted with UBCD4WIN and loaded up SuperAntiSpyware from within it and got it up to date and scanned. I found multiple instances of Vundo and RogueScan. I removed all of them and once again rebooted to normal Windows XP Home. Again I was unable to install or run ANY anti-spyware/malware software. Again I watched the process list and they would start, hit 99% CPU and die. I was able to kill off and delete "wscsvc32.exe" and stop it from popping the annoying multiple "you're infected" messages.

I tried running combofix as I have multiple times on multiple other machines and again, the process would start, hit 99% and die. I renamed combofix.exe to combo-fix.exe and it would now open and start running. I could see multiple parts of combofix running in the processes list and was finally met with a small box in the middle of the desktop with a "question mark balloon" and an "OK" button.

No matter what I do, I can not get combofix to run properly on this machine let alone any other removal products.

As I'm at a loss as the title states, I'm asking....

Has anyone run into this before???

Thanks,

Techextreme
Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

BC AdBot (Login to Remove)

 


#2 Kozuka7

Kozuka7

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 10 June 2009 - 09:11 AM

I have the same problem, except i cannot even get on the internet with that computer, and the worst part is i just reinstalled windows because of it and that didnt get rid of it...Someone plz help us! also i tryed SD-Fix and it didnt touch it

Edited by Kozuka7, 10 June 2009 - 09:12 AM.


#3 techextreme

techextreme

    Bleepin Tech

  • Topic Starter

  • Members
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:08:25 PM

Posted 10 June 2009 - 10:20 AM

Well, after three days of digging, I finally found the problem and have come to the conclusion that I will have to Wipe the system and reinstall. After reading this post http://www.bleepingcomputer.com/forums/lof...hp/t226957.html and also finding what the machine was actually infected with, I think it's safe to say it's not worth the amount of time to clean when it's going to be reinfected almost immediately after cleaning.

I also read somewhere that people have found that even formatting and reinstalling the operating system will not always cure this. It has been found that the WIN32/Virut.nbp virus will sit resident in the boot sector and reinfect the newly installed operating system.

Wish I could be of more help but thought this info might help someone who is also experiencing the same problems.

Thanks for all the reads.

Techextreme
Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

#4 Kozuka7

Kozuka7

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:25 PM

Posted 10 June 2009 - 03:01 PM

well actually i think i may have gotten rid of the virus...it may perhaps come back but for now its gone, i reran SD-Fix and after that i was able to run Malware Bytes which got rid of the "Security" popup, so far after 4 reboots it has not shown any signs of coming back, only thing I have to figure out now is how to get it to connect to the internet and not just stay at Acquiring Network Address...

#5 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:08:25 PM

Posted 10 June 2009 - 06:22 PM

When I format an infected machine I usually wipe the drive with a utility like Killdisk:

http://www.killdisk.com/
Free version does one pass of O's
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#6 techextreme

techextreme

    Bleepin Tech

  • Topic Starter

  • Members
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:08:25 PM

Posted 10 June 2009 - 06:38 PM

I'll have to keep killdisk in mind. Never heard of it before.

I've always used DBAN
http://www.dban.org/

Thanks,

Techextreme
Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users