Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC Antivirus 2010 infection


  • This topic is locked This topic is locked
11 replies to this topic

#1 wallerbf

wallerbf

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 18 August 2009 - 09:59 PM

I have a PC antivirus 2010 infection. My computer was pretty much paralyzed until I remove some of the excuteables creating the problems. Then none of my executables would lauch so I downloaded fixwen.inf and ran Malwarebytes and it removed almost 200 infections. There is still something on my computer because it keeps rebooting and I can not see my spare drive. I show the spare drive as a mobile device. I am have disconnected from the internet. I was able to run a HJackthis log, but I not able to get through a Root Repeal scan before a reboot. I will keep trying to run the Root Repeal. Also I can not run the DDS I get a Noth enough main memory to complete the sort error in the DDS window.

Any Help would be appreciated.

When I run Root Repeal it keeps stopping after it sees a series of SKYNETk(random characters).dat, .dll, .sys files.

Attached Files


Edited by The weatherman, 19 August 2009 - 10:14 AM.
Merged posts. Tw


BC AdBot (Login to Remove)

 


#2 wallerbf

wallerbf
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 25 August 2009 - 11:33 PM

From reading other post I have determined that I have the Skynet Virus. I have tried following other post, but they have not worked.

Any help would be appreciated.

#3 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:01:48 PM

Posted 30 August 2009 - 08:47 PM

Hello, wallerbf.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Please note that I am in the process of my training so it may take a while for me to get back to you, as each of my fixes need to be checked by a coach first.

We need to run RSIT
  • Download random's system information tool (RSIT) by random/random and save it to your desktop.
  • Double click on RSIT.exe.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
In your next reply, please include the following:
  • Log.txt
  • info.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#4 wallerbf

wallerbf
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 01 September 2009 - 08:12 PM

Hello, aommaster.
thanks for the help. I tried to access the file from your hyperlink and it appears to be broken. I even tried to search for the file and have not had much luck. Do you have another link that I could try.

Thanks,

wallerbf

#5 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:01:48 PM

Posted 01 September 2009 - 08:45 PM

Hi!

The application seems to download just fine. Please try again, and if you encounter the same problem, let me know :thumbup2:

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#6 wallerbf

wallerbf
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 01 September 2009 - 09:39 PM

Got it. I have Trend Micro systems, Internet Security Pro, installed on this computer and it was blocking the site. There was a link on the bottom of the page that was supposed to bring me to the site, but gave me the broken link. I trusted the page and was able to download.

Thanks,

Brian

#7 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:01:48 PM

Posted 01 September 2009 - 10:03 PM

Fantastic!

Please run the program, generate the logs for me. In addition to my above instructions, also do this:
Run a GMER scan
  • Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click the GMER program ******.exe. Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Leaving the settings at default, click Scan.
  • When the scan is complete, click Save and save the log onto your desktop.
So in your next reply, I'd like to see both the RSIT logs, and the GMER log.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#8 wallerbf

wallerbf
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 01 September 2009 - 10:04 PM

Here are the two files.


Thanks again,

wallerbf

Attached Files

  • Attached File  log.txt   55.77KB   2 downloads
  • Attached File  info.txt   26.79KB   2 downloads


#9 wallerbf

wallerbf
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 01 September 2009 - 10:36 PM

aommaster,
Here is the GMER.log file. I sent the other two files in the previous reply.

Thanks,

wallerbf

Attached Files



#10 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:01:48 PM

Posted 02 September 2009 - 10:36 AM

Hello, wallerbf.
Viewpoint Warning!

The logs also show Viewpoint Manager installed, Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

Viewpoint to Plunge Into Adware

I suggest you remove the program now. Go to Start > Control Panel > Add or Remove Programs. From within Add or Remove Programs uninstall the following if they exist:
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player



We need to download and run ComboFix (by sUBs)
  • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
    They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". For more details, please check this thread
  • Please download ComboFix from one of these locations:
    Link 1
    Link 2
    ** IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    The Recovery Console was successfully installed. Click 'Yes' to continue scanning for malware. Click 'No' to exit
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a new HijackThis log.
**A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
**This tool is not a toy and not for everyday use.
**ComboFix SHOULD NOT be used unless requested by a forum helper


In your next reply, please include the following:
  • ComboFix.txt
  • Fresh HijackThis Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#11 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:01:48 PM

Posted 05 September 2009 - 10:16 AM

Hello wallerbf
Are you still with us?

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 AM

Posted 07 September 2009 - 11:35 AM

Hello.

There had been no reply from the topic starter in 5 days. Due to inactivity, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users