Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with something. can't access sites. post got ignored


  • Please log in to reply
5 replies to this topic

#1 hazelblue

hazelblue

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 25 September 2009 - 11:50 AM

I understand being new to the site, but instead of reading through my posts about the fact I can't access antivirus sites or Microsoft, and that every anti-virus I've tried has either crippled my system, or has yet to catch whatever it is that's blocking me from accessing such sites, you people move my post in the least likely place I would possibly get a response from.
I've been dealing with this garbage because an innocent little email attachment for the past 18 hours.

Since Hijack this has found nothing. Spybot fixes the entries (only to have them reappear on restart), and Malware bytes doesn't find anything,
I'm at my wits end. I don't know whether to do a clean reinstall, a repair installation, or switch operating systems.
I've lost about two days worth of work dealing with this garbage. Some help would be appreciated. Or is this post going to get moved AGAIN?!?!?

Edited by hazelblue, 25 September 2009 - 01:43 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:13 AM

Posted 25 September 2009 - 02:43 PM

well maybe it will .. The instructions in the forum CLEARLY state HJT logs MUST be posted in the proper forum. You didn't and it was moved for your advantage.
Maybe you can follow these.. your tone is admirable for someone seeking free help from a volunteer willing to give you their time.

I saw about 16 questionable entries in your lHJT log. But I suspect you may have a rootkit.
We Need to check for Rootkits with RootRepeal[*]Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
[*]Open Posted Image on your desktop.
[*]Click the Posted Image tab.
[*]Click the Posted Image button.
[*]Check all seven boxes: Posted Image
[*]Push Ok
[*]Check the box for your main system drive (Usually C:), and press Ok.
[*]Allow RootRepeal to run a scan of your system. This may take some time.
[*]Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
[/list
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 hazelblue

hazelblue
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 25 September 2009 - 04:42 PM

Thank you for your response.
Please pardon the initial response.
I ran the RootReveal and followed the instruction you gave to me and am including the report.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/25 14:23
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB38D4000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xB85E6000 Size: 8192 File Visible: No Signed: -
Status: -

Name: giveio.sys
Image Path: giveio.sys
Address: 0xB8671000 Size: 1664 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB20AC000 Size: 49152 File Visible: No Signed: -
Status: -

Name: speedfan.sys
Image Path: speedfan.sys
Address: 0xB85AC000 Size: 5248 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\system32\drivers\wpsdrvnt.sys" at address 0xb8471c60

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "C:\WINDOWS\system32\drivers\wpsdrvnt.sys" at address 0xb84718f0

#: 249 Function Name: NtShutdownSystem
Status: Hooked by "C:\WINDOWS\system32\drivers\wpsdrvnt.sys" at address 0xb8471e80

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\wpsdrvnt.sys" at address 0xb8471e20

==EOF==

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:13 AM

Posted 25 September 2009 - 08:08 PM

Please rerun it and in step 6 select only Files.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 hazelblue

hazelblue
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 28 September 2009 - 08:22 AM

I ended up doing a clean reinstall. After using Kaspersky, I found out a majority of files I had were infected.
So far, so good.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:13 AM

Posted 28 September 2009 - 11:28 AM

Not an unwise decision to make. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action.
Thanks for letting us know.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users