Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bad Infection


  • Please log in to reply
3 replies to this topic

#1 animemonster

animemonster

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:50 AM

Posted 09 September 2009 - 06:25 PM

Okay, my brother is an idiot, and has some sort of porn obsession (that I didn't want to know about).

He's got a downloader for Antivirus Pro 2010 on his desktop, Windows Police Pro is running around being an ass, Protection System just came up.

I tried to get Trend Mirco's anti-virus (which we have already bought and use on two other computers in the house), to install, but the viruses won't let it.

In the last few minutes a bunch of error reports have popped up for multiple viruses among them:

Chin09.Win
Net-Worm.Win32.Mytob.t
Net-Worm.Win32.DipNet.d (came up a second time)
Rootkit.Win32.Agent.pp
Virus.Win32.Hala.a
Virus.Win32.Gpcode.ak
another Win32 that I didn't catch the name of

On the desktop is the following message (floating above the background, but not in a dialogue box):

DANGER!!!
Your computer is INFECTED!
Attention!!!
Such infection


I was copying it from the screen when it vanished when the Rootkit one popped up.

Along with all these are errors for just about ever .dll file on the system (currently 23 are open with "desote" as the name in the taskbar).

I turned off the internet ability on the computer and most of it died.

I don't want to turn the internet back on, so any help I would appreciate if it were able to be copy to a CD from another computer and then activated by a CD in the one from the trouble. I'm on my computer (which isn't infected, thank god).

System specifics:

Compaq Presario with an AMD Mobile Sempron processor running Windows XP Service Pack 3.

Please help soon. Thank you.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:50 AM

Posted 09 September 2009 - 07:37 PM

You have a dangerous rootkit.
As there are some new variants of rootkits in the wild right now that will require custom scripts to remove the infection, the process must be completed by HJT team member.

Failure to follow the proper removal process can and will cause serious damage to a machine. Recovery of the machine may be difficult, if not impossible.

Now ... Download this Utility and save it to your Desktop.
Double-click the Utility to run it and and let it finish.
When it states Finished! Press any key to exit, press any key to close the program.
It will save a .txt file to your desktop automatically. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as part of the reply in the topic you will create below..

Next please go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post the Rootrepeal log and the above log.

Let me know how that went.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 animemonster

animemonster
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:50 AM

Posted 11 September 2009 - 08:34 PM

I was wondering if that program is alright to run in safe mode. I'm currently on my own (uninfected) computer watching it run on the infected one in safe mode. I couldn't get it to open in normal mode.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:50 AM

Posted 11 September 2009 - 09:45 PM

Yes that should be fine. But HJT/DDS will need normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users