Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected anbd having troubles getting rid of it


  • Please log in to reply
2 replies to this topic

#1 col temp

col temp

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 23 September 2009 - 03:03 PM

Hi,

I see I'm not the only one here with this. Have been trying to remove and clean but not having any success. Also the infection seems to be something a bit different in how its hooked than others.

User reported very slow IE speeds and other issues. AVG doesn't pick up anything, other maklware scanner picked up and removed a few harmless odds and ends. Found tracks from the KDZLP.exe infection and cleaned that up. Was cleaning out everything else and found the windows\temp with the banking ripoff files:

$67wp.$, $$$dq3e, $$yt7.$$ and wsw2, plus a registry link and a prefect.lib dat file. :thumbsup:

I have run mbr.exe and shows boot records are ok but there is a hook to the broadcom network driver. Here's the text:

opened and read successful,
detected MBR rootkit hooks:
\Driver\iaStor -> 0x85bb11c0
NDIS : Broadcom Netlink ™ Fast Ethernet -> SendCompleteHandler --> 0x85beae20
Warning: Possible Rootkit infection
User and Kernel MBR OK
Use Recovery Console fixmbr to clean.

In safe mode w/o networking can delete the files. With networking they appear again showing the infection is still around. I installed the recovery console from Microsoft but when trying to boot into it I get a blue screen of death. My i386 files are not the correct version. Trying a boot from Windows.

I have tried to disable the network driver with limited success, and now the machine seems to not want to shutdown correctly. Usually have to do a hard boot crash (power switch!)

I already have the system restore turned off and removed the broadcom management software. Hijack this is loaded as well. Have downloaded

Running out of ideas to try to clean this thing off the laptop. having read thqt this is a key logger I don't want to do anything serious until I have it cleaned. BTW communicating on bleepiongcomputer on another machine!
Thanks for the help,
Paris

Edited by col temp, 23 September 2009 - 03:04 PM.


BC AdBot (Login to Remove)

 


#2 col temp

col temp
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:49 PM

Posted 23 September 2009 - 04:02 PM

Also have run malwarebyte's scanner. Doesn't pick up anything.

I have downloaded the scanner and tools suggested in prep for cleanign this up.

Thanks, Paris

#3 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:05:49 PM

Posted 24 September 2009 - 08:35 PM

Have you tried to run Hijack This yet, will it run?
Don't post the log here. just let me know if it scans
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users