Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer keep restarting and something keep using my upload bandwidth


  • This topic is locked This topic is locked
23 replies to this topic

#1 no more vundo please

no more vundo please

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 01 September 2009 - 09:43 AM

Hi guys,

I am having trouble with some malware i guess,
- Windows keep error and restart with 1 minutes count down
- i can not access task manager becuz it block me
- my internet bandwidth has been taken over and leave me very slow connection

I have follow prepartaion guide by
- run Malwarebyte anti malware it cleaned 600 malware in my PC, and 60 remaining in regedit
- back up
- open fire wall
- run DDS
- run Rootrepeal
- post topic along with logs


I try to understand instuction but its very complicated. Please let me know if i am skipping something.

Thank you very much for your time in advance.

:( :( :)
Arrak

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:15 AM

Posted 16 September 2009 - 06:10 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:15 AM

Posted 22 September 2009 - 05:59 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:15 AM

Posted 23 September 2009 - 01:10 PM

Reopened at topic starter's request. :(
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:15 AM

Posted 23 September 2009 - 06:25 PM

Hi...please follow my instructions in post 2 above.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 no more vundo please

no more vundo please
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 23 September 2009 - 10:06 PM

Hi,

I have DL and attach the DSS scan result. Great Thanks to you! :( :(

Attached Files



#7 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:15 PM

Posted 28 September 2009 - 07:20 AM

Hello,

My name is Syler and I will be helping you to solve your Malware issues.

One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.


First of all it appears you are using a cracked version of NOD32, you need to uninstall this and install a legal AV, if this is the case.
  • Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Two good antivirus programs free for non-commercial home use are Avast! and Antivir
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Next

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Please post back here with the following logs:
  • MBAM log
  • Gmer log
  • New DDS log
Thanks

unite.jpg


#8 no more vundo please

no more vundo please
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 29 September 2009 - 01:30 AM

Hi Syler,

Thank you for briging me this super shocking news.

I have another computer connect to this machine, i dont know if i format my note book will other machine on the same LAN will be infect?

Is it possible that you check the other machine with DSS for me? So i can reformatr both at the same time?

Aiwat for your reply

#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:15 PM

Posted 29 September 2009 - 08:05 AM

Hi NMVP,

It is possible that your other machine on the LAN could have picked up some of the infections, I would suggest that you isolate your other machine,
and scan it to check. If you want your other machines log checking you will need to open a new thread for it.

Let me know if your going to go ahead with formatting.

unite.jpg


#10 no more vundo please

no more vundo please
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 29 September 2009 - 09:50 PM

Hi Syler

Yes, im defenitely go ahead with the formatting.

Can we do this, i will run DSS scan on the other machine and sned you the file for you just to look at it. If its clean of this fatal backdoor trojan, then i can still leave LAN open and countinue my working.

If its infected, then i iwll discounnect and open new thread. I hate to disconnect LAN as it post difficulties to my work alot.

Just checking, if i use cobian back up, will it back up this trojan and spread it back once i reinstall the backup?

Thank you for your help in advance. :( :( :)

#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:15 PM

Posted 30 September 2009 - 06:48 AM

Sorry, you will have to deal with your other machine in another thread. It depends what you backup with cobain, but yes it is possible
that you could backup the trojan, so choose carefully what you are going to backup.

unite.jpg


#12 no more vundo please

no more vundo please
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 30 September 2009 - 09:45 AM

Hi Syler,

Hmm in that case i would like to try to clean it first before back up.

I have questions, when back up what kind of file type i need to pay attention to?
Which format of file type that trojan will be in? .BAT .EXE
Is it possible that back up known .EXE could be lead to future infection again?

Again, Thank you very much for your time Syler :(

#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:15 PM

Posted 30 September 2009 - 09:56 AM

The file extension doesn't matter unless you have a file infector like virut, which I haven't seen. you can back up anything which you have created
or you know is safe, just don't back up unknown items, or things you may have downloaded, if your not sure about them.

If you are going to go ahead with cleaning, please follow the instructions I posted earlier and posts back with the logs.

Cheers

Edited by syler, 30 September 2009 - 09:58 AM.

unite.jpg


#14 no more vundo please

no more vundo please
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 01 October 2009 - 12:49 AM

Hello Syler,

Here are the logs you requested. I have to ZIP everything becuz when i tried to upload .TXT the reply form just stop responding. Dont know why.

Anyway thank you!

Attached Files



#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:15 PM

Posted 01 October 2009 - 08:19 AM

Hi,

You have not installed a replacement AntiVirus, you still need to do this even if you are going to format, as this will help to stop the malware getting
back in whilst we are cleaning, please do this.

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users