Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I would post a log, but it won't let me. [Moved]


  • Please log in to reply
4 replies to this topic

#1 happycow0012

happycow0012

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 10 August 2009 - 03:23 AM

I've dealt with viruses in the past. I've dealt with plenty of viruses.

This one has stumped me.


I've tried malwarebytes, hijackthis, combofix, superantispyware, trojanremover, and spysweeper.

All these programs were disabled by the virus.

====================================================
malwarebytes installs okay, but after running a quick scan for about 5 seconds it exits, and then the files become corrupt and unmoveable/undeleteable, even after restart.

hijackthis does about half of a scan then exits out.

combofix gets to the point where all the green bars load, then it disappears and nothing else happens.

superantispyware is not allowed to be installed because of restrictions.
(even on the admin account in safemode)

trojanremover found and repaired some things, but now only scans up to 47 percent and then closes

spysweeper won't open but installs okay.
======================================================
I tried the usual cheap trick of changing the name of the program, but that didn't work.

I've tried all these programs in regular mode and safe mode on multiple accounts, including freshly made accounts, including the administrator account.

There is no evidence of malicious software such as Virus Removal 2009!! (or whatever)

I have also tried disabling startup applications and services in msconfig


Reformatting is not a redily available option.

Oh, and the internet is blocked, of course.


Suggestions?
Thanks


EDIT:

It looks like I have the same problem as this guy http://www.bleepingcomputer.com/forums/t/248235/hijackthis-and-mbam-disappear-when-scanning/

and I need to be moved as well..... sorry mods!

Edited by happycow0012, 10 August 2009 - 03:31 AM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,804 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:45 AM

Posted 10 August 2009 - 06:23 AM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:45 AM

Posted 10 August 2009 - 06:51 AM

I would suggest making a format/reload more readily available

Even the experts in the HJT forum are reccomending linux rescue boot cd's, I did a survey of those options yesterday, most are hoplessly out of date and glitchy to boot.

The best one I found is fairly new and has a current definition update available, however this infection is probably too new even for it.

I can't really see the purpose of this infection if it doesn't offer you a rogue software to buy, unless it's just after identity theft or simply trashing your computer.

http://www.f-secure.com/en_EMEA/security/s...e-cd/index.html
Chewy

No. Try not. Do... or do not. There is no try.

#4 happycow0012

happycow0012
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:45 AM

Posted 10 August 2009 - 10:37 AM

Has anyone ever had any success with scanning for viruses from a hdd in an enclosure?

#5 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:45 AM

Posted 10 August 2009 - 04:54 PM

Do you mean put the infected drive in an enclosure and scan with another computer(possible to infect the clean computer)
or scan from an external drive? That won't work.

There are boot cd's that can scan.
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users