Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP Home Edition brutally infected!!!


  • Please log in to reply
11 replies to this topic

#1 alex10

alex10

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 17 August 2009 - 11:45 AM

My Dell Inspirion 1200 has recently been infected. I first noticed when I would search google the screen would go blank and just show letters, I can't remember exactly what they were, but it was something to the effect of "qwx-caa". Anyway, this weekend my computer took a turn for the worse and the wallpaper says your computer is infected with spyware and this program "total security" keeps starting up and messing my computer up. I never downloaded it and thru research have discovered that is spyware/virus. I tried following the steps posted on this site, but it requires me to run the process manager program which I downloaded from micorsoft. The hitch though is that this virus won't allow me to run any other program except Internet Explorer. A bubble pops up saying "file is infected and cannot run". I've tried starting windows in safe mode and it won't allow that either. I can't run "task manager" or anything. I cannot find a way to stop this from when I start my computer. I don't know what a "hi-jack log" is so I can't post it unless someone tells me how to access it. I'm clueless on what to do. Please help! I've downloaded the following programs to help eliminate the problem, but cannot get any of them to run/install on my computer: Avenger, Process Explorer, Malwarebytes' Anti-Malware and Firefox browser. What do I do? I have not posted this on any other sites so you're my only help. Thank you in advance.

Alex

BC AdBot (Login to Remove)

 


#2 trollocks

trollocks

  • Members
  • 369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:04:52 AM

Posted 17 August 2009 - 11:58 AM

have you tried renaming the mbam files

http://www.bleepingcomputer.com/forums/t/247781/started-as-a-google-redirect-issue-now-cant-access-internet-at-all/ see post 2 for instuctions how

#3 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:52 PM

Posted 17 August 2009 - 12:50 PM

Also, please try another fix.

let's try Fatdcuk's fix.

Please navigate to the MBAM folder located in the Program Files directory.

Locate MBAM.exe and rename it to winlogon.exe

Once renamed double click on the file to open MBAM and select Quick Scan

At the end of the scan click Remove Selected and then reboot.


Post the scan log. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Computer Pro

#4 pablo49

pablo49

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern california
  • Local time:08:52 PM

Posted 17 August 2009 - 01:24 PM

From my experience running a repair shop it is getting harder and harder to clean malware out of Windows from within a running Windows environment, even one running in safe mode. If you know the AV-blocking-processes the malware is running, you can use a utility like Process Explorer or AutoRuns to kill these processes. Once stopped, assuming you have identified all the processes, the AV may run and clean the system.
I have started using a bootable AV CD to tackle the malware in a non-running state. I use the UBCD4Win on occasion when I need multiple utilities. To tackle malware only I especially like BitDefender Antivirus Scanner for Unices (http://download.bitdefender.com/rescue_cd/). The scanner runs on top of Knoppix and includes a file manager, Firefox browser and real time signature updates. The default quarantine and log file location is in RAM, but you have the ability to write these files to an external drive. Very handy should you accidentally delete a system file.

#5 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:52 PM

Posted 17 August 2009 - 01:27 PM

Please try the fix first, and then we will resort to other ways if needed.
Computer Pro

#6 alex10

alex10
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 17 August 2009 - 03:11 PM

Computer Pro, thanks for your help. I cannot change the file name in the Program Directory to winlogon.exe as I don't have MBAM installed yet. Unless you want me to change the "mbam-setup.exe" file name to "winlogon.exe". Should I try that?

I also tried changing the mbam-setup.exe per trollocks link. Downloaded MBAM as zztoy.exe and then renamed it to zztoy.bat and no luck. I double-click and nothing really happens except a bubble pops up down in the right corner which says cannot activiate that file.

Should I try a boot-disc?

#7 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:52 PM

Posted 17 August 2009 - 05:26 PM

Please try to rename it to winlogon.exe. And then if that doesnt work, lets run RootRepeal:

Please install RootRepeal

Go HERE, and download RootRepeal.zip to your Desktop.
Tutorial with images ,if needed >> L@@K
Unzip that to your Desktop and then click RootRepeal.exe to open the scanner.

*Open the folder and double-click on RootRepeal.exe to launch it. If using Vista, right-click and Run as Administrator...
* Click on the FILES tab, then click the Scan button.
* In the Select Drives, dialog Please select drives to scan: select all drives showing, then click OK.
* When the scan has completed, a list of files will be generated in the RootRepeal window.
* Click on the Save Report button and save it as rootrepeal.txt to your desktop or the same location where you ran the tool from.
* Open rootrepeal.txt in Notepad and copy/paste its contents in your next reply.
* Exit RootRepeal and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to High


Note 2: If RootRepeal cannot complete a scan and results in a crash report, try repeating the scan in "Safe Mode".
Computer Pro

#8 alex10

alex10
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 18 August 2009 - 09:04 AM

Computer Pro, I just downloaded the root repeal file and unzipped it. And, as suspected couldn't install that file either. To reiterate, I cannot open, install, run any programs. Nor can I start my computer in safe mode. Basically, I can search the web limitedly and use windows explorer. I cannot run task manager, any programs, etc.

Should I try and create a boot disc or something like that? Or load a MBAM setup onto a CD and see if that would work? What's next? Thanks.

#9 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:52 PM

Posted 18 August 2009 - 10:22 AM

Yes, try the boot disk
Computer Pro

#10 alex10

alex10
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 02 September 2009 - 12:01 PM

Just following up as my computer is now running better than ever. I ended up taking some advice from another member who instructed me to load my computer using the Bit Defender boot disk. That cleared enough of my malware to allow me to install the other programs that are recommended by the Computer Pro on this thread. Once I did that I cleaned up my computer and it is now running perfectly. I had quite a few trojans running on the computer....kind of scary. Thanks everyone for your help.

#11 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:52 PM

Posted 02 September 2009 - 05:31 PM

Which scans did you run after the boot disk?
Computer Pro

#12 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,806 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:52 PM

Posted 04 September 2009 - 11:15 AM

@ dali718,

I have split off your posts which you can now find here: http://www.bleepingcomputer.com/forums/t/255131/windows-xp-home-edition-brutally-infected-total-security-virus/ It's not a good idea to post for assistance for removing an infection in someone else's topic as things can get muddled for everyone involved.

@ alex10,

It appears as though your issues are resolved. If that isn't the case, please let us know.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users