Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware or Trojan Removal


  • This topic is locked This topic is locked
8 replies to this topic

#1 Penndro

Penndro

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 01 November 2009 - 12:31 PM

I am not able to use the primary drive on my computer (C:/my documents and Settings/blitz sports). This folder contains all my important files and applications. I reinstalled Windows XP and got a D: drive which has almost zero memory available so when I try to install applications it can't because my available memory is critically low.

Also I can not run Malware Bytes updates or Windows Security Essentials Update gives me this error: 0x08600807. Many issues when trying to run or download virus removal programs.

Please help.

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:12:02 PM

Posted 07 November 2009 - 10:20 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 Penndro

Penndro
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 08 November 2009 - 11:18 AM

I definately still need the help. Have been waiting patiently.
I notice that when I reboot the computer there are 3 options:

Windows Recovery Console
Windows XP
Windows XP

If I choose the 3rd option for Windows XP it always defaults back to the 2nd windows XP option.

Also, I now have a D: drive and my C:Drive. However all the applications that I had on my C:drive are not available any more and the main folder C:/Documents and Programs:/Blitz Sports won't let me access all of my personal folders contained in there. Which is all my primary files when I was working from the C:drive.

My system clock keeps getting changed after I update it. NONE of the virus programs can find anything (I even installed Microsoft Security Essentials and it finds nothing).

Issue with D:drive is that it has less than 2GB space so anytime I try to download files it says no system resources.





















I am not able to use the primary drive on my computer (C:/my documents and Settings/blitz sports). This folder contains all my important files and applications. I reinstalled Windows XP and got a D: drive which has almost zero memory available so when I try to install applications it can't because my available memory is critically low.

Also I can not run Malware Bytes updates or Windows Security Essentials Update gives me this error: 0x08600807. Many issues when trying to run or download virus removal programs.

Please help.

Attached Files



#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:02 PM

Posted 08 November 2009 - 07:01 PM

Hi Penndro,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Have you tried to download and run Combofix? There is evidence of Combofix files on the log. If you have then please let me know as I will need to see any logs of runs. The first log can be pasted but attach any others. If you haven't run Combofix then let me know that too.

This is a strange one as nothing is showing on the logs, no rootkit activity and nothing else.

As to the access problems we might be able to sort that out. The tools we are using below are quite small in size so you should be able to download them.


Please run Gmer (if you can)

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

Let me know if you are not able to run Gmer.


Now please run Junction, which shows altered permissions on system files

We need to scan the system with this special tool:
  • Please download and save:
Junction.zip

  • Unzip it and place Junction.exe in the Windows directory (C:\Windows).
  • Go to Start => Run... => Copy and paste the following command in the Run box and click OK:
cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A command window opens starting to scan the system. Wait until a log file opens. Copy and paste the log in your next reply.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#5 Penndro

Penndro
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 08 November 2009 - 08:53 PM

Hi M0le,

Thanks for your help.

I did run Combofix and a vundofix based on some threads I found on this site. It was not successful because I still have issues with my computer.

Attached Files



#6 Penndro

Penndro
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 08 November 2009 - 10:16 PM

My Computer shut itself down while it was running the GMER application.

When is run the code: cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

The log file comes up blank and the DOS windows box has the following comment:

'junction' is not recognized as an internal or external operable program or batch file.

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:02 PM

Posted 09 November 2009 - 05:17 PM

Okay, that's not a good sign.

Try and run this file

Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
Posted Image
m0le is a proud member of UNITE

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:02 PM

Posted 13 November 2009 - 10:46 PM

Hi,

I have not had a reply from you for 5 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:02 PM

Posted 15 November 2009 - 07:02 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users