Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection of unknown origin


  • This topic is locked This topic is locked
2 replies to this topic

#1 davee106

davee106

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 04 September 2009 - 11:54 AM

I have an infection of unknown origin. Problems just started to appear when I logged in this morning.
Attached are the requested reports from the Preparation guide. (attach.txt, DDS.tct and RootRepeal report.txt

My system was already equipped with AVG antivirus, Malwarebytes, and SpyBot Search and destroy.
However, this morning my computer was acting extremely sluggish so I started Malwarebytes. As was killed as soon as it started. I tired to start it again but is received the windows message stating that I do not have permission to run this program.
The same thing happened with Spybot and AVG.

I uninstalled Malwarebytes and reinstalled. Then I rebooted in safe mode and ran malwarebytes which found a bunch of problems that were quickly fixed.

I rebooted into windows (not safe mode) and installed Spybot S&D. After install it will not run Update. I manually update from safer-networking web site download. Spybot did not find any problems.

Then I try to reinstall AVG free 8.5 (build 409 - 8/7/2009) but I get and error during installation..
Error: Action failed for file avgwdsvc.exe: starting service....
Error 0x8007041d

Then I tried to install 30 day trial of Kaspersky but after installation the software will not run...
From Event Viewer:
EvenID: 7000
The Kaspersky Anti-Virus service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Currently my computer is running without Virus protection and I am trying to limit my time on the internet.

Please Help.
--Dave

Attached Files



BC AdBot (Login to Remove)

 


#2 davee106

davee106
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:06 AM

Posted 08 September 2009 - 01:35 PM

It's been 4 days since my original post and no one has replied.

I ran Trend Micro's Online House Call virus scan http://housecall.trendmicro.com/ and found that I had the PE_PATCHEP.A virus and it attached itself to 2 system files... explorer.exe and winlogon.exe

I was able to recovery those files by booting from the WinXP CD and starting the recovery console.
Everything is fixed now. AVG installs and runs properly. SpyBot S&D can do updates.
If I could only figure out how this Trojan got past my defenses in the first place then I could close that door also.

This problem is solved. Thanks to me!

#3 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 08 September 2009 - 05:34 PM

Thanlk you for letting us know davee106. :(

Please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large, as are other comparable sites that help others with malware issues. Athough our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, you wouldn't want someone to assist you who is not familiar with your issue and attempt to fix it, would you?

Regards,

The weatherman




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users