Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Infected with Extremely Dangerous Malware


  • Please log in to reply
2 replies to this topic

#1 Yobi

Yobi

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:52 AM

Posted 29 August 2009 - 05:21 PM

EDIT:
1-Thanks for moving the topic, I wasn't sure if I had posted in the right forum.
2-I resolved the issue, for now at least. I located the file that loaded the malware (for me it was eventlog.dll, in the system32 folder) installed "Avenger" and typed in the appropriate script to locate it (pretty much just the path to the file). I was then able to run combofix, making sure to save it as combo-fix while it downloaded. I'm running malwarebytes as I type this, and the scan has not been terminated as of yet, so hopefully that's a good sign.



I recently downloaded what I now know is a virus/malware/trojan, etc, that displays the problems that the site admin posted on the home page similar to Antispy Protector 2009/Rootkit.

I'm only able to log into safe mode withe networking enabled, because when I boot up in normal mode, 9 times out of 10 an error pops up saying my system is restarting, and then my computer freezes after the 1 minute count-down displayed on the error.

I cannot run any antivirus/malware programs, and, get this, I can't run HJT or Rootrepeal either, as soon as I start them up, or start running a scan, the program is terminated. Believe me, I've tried (At least to the extent of my ability).

Based on the information on the home page about Antispy Protector '09/Rootkit, I found the program's loading point was the eventlog.dll file in my system32 folder. The problem is, I cannot delete, move, or even rename the file, because it says it is being used by another person or program.

Help! I can't reformat this computer, because not only do I lack the windows disks, but I have important files on this comp!
:thumbsup:

Edited by Yobi, 29 August 2009 - 11:26 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:52 AM

Posted 29 August 2009 - 11:14 PM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:01:52 AM

Posted 29 August 2009 - 11:55 PM

Hello Yobi and :thumbsup: to BleepingComputer.

I would like you to delete the copy of RootRepeal you have already downloaded, and then follow the below instructions exactly as given.

Please install RootRepeal
Note: Vista users ,, right click on desktop icon and select "Run as Administrator."Disconnect from the Internet or physically unplug your Internet cable connection.
Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
Temporarily disable your anti-virus and real-time anti-spyware protection.
After starting the scan, do not use the computer until the scan has completed.
When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • Extract RootRepeal.exe from the zip archive.
  • Open Posted Image on your desktop.
  • Click the "Drivers" tab, and then click the Posted Image button.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
~Blade


In your next reply, please include the following:
RootRepeal log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users