Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

NEWBIE....HELP!!!!


  • This topic is locked This topic is locked
42 replies to this topic

#1 Bob2009

Bob2009

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 07 August 2009 - 08:44 PM

Ok, I am new to the virus/spyware thing...never had a problem- Well, today I have a big one. All of a sudden things went out of control on my PC...the only thing I can figure is that I accidentally clicked a banner advertisement and all of a sudden windows kept opening right and left. I shut down, but when I restarted, I had some sound file playing that I didn't recognize. Now it says taskmanager is infected so I can't even tell what is going on. I am running McAfee and now it won't even open (says it's infected) and now I keep getting all kinds of warning messages from windows that it has detected spyware. I have just pressed "continue unprotected" because I don't even trust that the messages I'm getting are truly from windows. My screen now has a "Security warning" on the desktop and says that I have a big spyware infection. I was running malware but it must have gotten infected because it wouldn't work. I uninstalled it and now when I try to reinstall, it says it's infected. I really need help....

BC AdBot (Login to Remove)

 


#2 Bob2009

Bob2009
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 07 August 2009 - 08:49 PM

Also, forgot to mention....I now see "system security" as a new program added to my programs list. I can't delete it because it won't let me open "add/remove programs". I also can't run hijack this, etc. because it says I am infected. Should I pull my internet connection and try to do some diagnostics in safe mode? I am at a loss.

#3 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:20 AM

Posted 07 August 2009 - 09:13 PM

This is a real nasty

http://www.malwarebytes.org/forums/index.php?showtopic=17583

Let's start with Process explorer and the renaming
Chewy

No. Try not. Do... or do not. There is no try.

#4 Bob2009

Bob2009
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 07 August 2009 - 09:25 PM

I saw the rename thing...I tried renaming it everything under the sun....unfortunately, it still won't run.

#5 Bob2009

Bob2009
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 07 August 2009 - 09:33 PM

for some reason system security is not running in safe mode so it doesn't show up on the list of processes to kill. I will try to reboot in normal mode and see if I can get it to show up there.

#6 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:20 AM

Posted 07 August 2009 - 09:33 PM

Did you try renaming process explorer before you save it to the desktop

Please be specific about what you have tried

Did you read that whole link I posted?
Chewy

No. Try not. Do... or do not. There is no try.

#7 Bob2009

Bob2009
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 07 August 2009 - 09:43 PM

Yes, I'm sorry.... I did read the whole link. I was able to restart in normal mode, then I ran the exe file that was suggested, killed the system security process and started malware. I am running the scan now and will report back as soon as it is finished.

#8 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:20 AM

Posted 07 August 2009 - 09:46 PM

:thumbsup:

It is complicated
Chewy

No. Try not. Do... or do not. There is no try.

#9 Bob2009

Bob2009
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 07 August 2009 - 09:50 PM

during the malware scan, "windows antivirus pro" keeps loading....I keep killing it, it keeps showing up... this is nasty....

#10 Bob2009

Bob2009
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 07 August 2009 - 10:19 PM

Ok, Malware finished, it detected like 50 items. I told it to fix the problems, it said there were about 4-5 it couldn't fix and indicated they would be fixed on reboot. When I try to reboot, it hangs at the "welcome" screen. The only way I can get back in is in safe mode. Based on what I see under the installed programs on the start bar, it removed the spyware (i think) but now it won't start in normal mode.....any thoughts?

What a nasty infection this is.....

#11 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:20 AM

Posted 07 August 2009 - 10:23 PM

Try last known good configuration
Chewy

No. Try not. Do... or do not. There is no try.

#12 Bob2009

Bob2009
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 07 August 2009 - 10:25 PM

Oh, and now when I try to click "add remove programs" it says "system32\rundll32.exe not found"....am I completely screwed?

#13 Bob2009

Bob2009
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 07 August 2009 - 10:27 PM

I try to do "system restore" and it wants me to select a program to run it with from the pick list. I have a feeling this is really bad. Is there anything else I can do?

#14 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:20 AM

Posted 07 August 2009 - 10:45 PM

http://www.bleepingcomputer.com/forums/ind...st&p=943085

Give these a try and report back
Chewy

No. Try not. Do... or do not. There is no try.

#15 Bob2009

Bob2009
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:20 AM

Posted 07 August 2009 - 10:53 PM

Ok, so I tried to use last known good configuration....it starts to boot, goes to the welcome screen, then gives me the following message:

The exceptioun breakpoint
A breakpoint has been reached
(0x80000003) occured in the application at location 0x00406eef

click on ok to terminate the program
click on cancel to deug the program.

I click on ok, the message goes away. I am allowed in under normal mode, but I still can't access add/remove programs or go back to an earlier date through system restore. Did malwarebytes scan somehow destroy some portions of windows? I am really out of my league on this one and could use some help....

I was replying just as you were, I will try them and see what happens.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users