Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Infections in my PC [Moved]


  • This topic is locked This topic is locked
3 replies to this topic

#1 crazy8oooo

crazy8oooo

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 04 September 2009 - 12:31 PM

Two days ago I attempted to install a program on my PC. It did not respond, but instead locked up my computer for a minute or so. I knew I had just installed a virus, because I've seen that behavior before. Prior to installing, I had scanned the file with AVG (free version) and also Superantispyware and both programs said it was clean. However, after attempting the install and then locking up, AVG immediately detected 5 viruses. Upon attempting to remove them with AVG, my computer promptly rebooted without warning.

After the reboot, I ran an AVG scan. During the scan it was up to 140+ found infections but before the scan was completed it just closed out without warning. I then tried running Superantispyware and it ran for about 5 seconds and then shut down on its own. Upon trying to restart Superantispyware, it gave me an error, something about not being able to locate a file. In addition, the icon for the Superantispyware executable has been changed and is no longer able to run.

I rebooted into safe mode and reinstalled Superantispyware and attempted to run it. Same result; it again shut down after just a second or two and then started giving me the error again when trying to re-run it.

I also attempted to run Malwarebytes, but received the same response that I did with Superantispyware.

I then decided to access the system restore utility and try rolling back to the prior day, but I was given an error saying, "System restore has been turned off by group policy.To turn on system restore please contact your domain administrator." After researching on my other computer, I was finally able to delete a registry entry and gain access to the system restore, however, it said that I have no restore points. Apparently the infections have deleted all restore points.

Currently, I am able to boot into safe mode without an issue, however, the PC won't boot up regularly outside of safe mode. It goes through the motions of having me log in and then acts as though it's loading everything like a typical startup. The desktop icons and the toolbar appear for a moment, but then disappear. The PC then just shows a blank desktop screen with nothing on it. I'm unable to access anything by right clicking the desktop or even using windows shortcuts. I can, however, access the task manager via ctrl/alt/delete. I am able to boot up in regular mode using a Superantispyware utility called bootsafe (bootsafe.exe). It allows me to boot up with access to all of my drives and programs, gain internet access etc, but still won't allow me to run the previously mentioned utilities that failed.

Also worth mentioning is that I constantly receive tasktray popups warning me that my computer is at risk and to click the balloon popup to resolve the related issues. I am also receiving numerous popups in the middle of the computer screen warning me that my PC is infected. In addition, I get numerous error messages which popup randomly telling me that a specific file was unable to load and could not be found. (Those seem to be different files each time, but are generally files like 475.exe, 23.exe, etc...)

Lastly, I tried running RootRepeal, DDS, and HijackThis in order to post logs with this thread, but all programs shutdown within second of executing them. I've even tried reinstalling all mentioned programs under different names and running them as such, but no luck with that either.

Any help you can provide would be greatly appreciated. Thank you...

Edited by crazy8oooo, 04 September 2009 - 12:31 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,111 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:53 PM

Posted 04 September 2009 - 01:07 PM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum so we can help you create some a log.

Please try this:

1. Download Win32kDiag from any of the following locations and save it to your Desktop

http://ad13.geekstogo.com/Win32kDiag.exe

http://download.bleepingcomputer.com/rootr.../Win32kDiag.exe

2. Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
3. When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
4. Start a new topic in the HJT forum: http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/
Give a brief description of your problem and let them know you couldn't run RootRepeal or DDS.
5. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log in your post.

If you are unable to get this program to run, please post back here for further instructions.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#3 crazy8oooo

crazy8oooo
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 04 September 2009 - 01:45 PM

Thank you. I was able to run the utility you linked me to and have posted a new thread.

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,111 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:53 PM

Posted 04 September 2009 - 06:00 PM

Ah, good. I see your topic is here: http://www.bleepingcomputer.com/forums/t/255166/pc-has-multiple-infections/ and that your previous helper has already picked it up too.

I shall now close this topic to avoid confusion.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users