Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/Virut infection (i think)


  • This topic is locked This topic is locked
14 replies to this topic

#1 kangarina

kangarina

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 02 November 2009 - 12:19 PM

Hello,

My computer turns on normally but my desktop doesnt show up till about 1h 30 mins after or more so i have had to run everything through the "run" option in my task manager.

I have been through your preperation guide abd downloaded the DDS tool and t worked until the scan finished - no notepad windows appeared, only one window with instructions on what i should do. I have tried Hijackthis as an alternative but it runs halfway before closing.

It is a similar story with rootappeal, when i opened it a box came up saying : " Error - Invalid PE image found" but i clicked ok and ran the program anyway.
At first it ran smoothly but in the middle of the scan it just stopped and the window closed.

I have not been able to run any of these three programs again after the first time i have tried-

I am extremely Sorry that i havent been able to get a detalied report to help you with this!

I think most of my applications on C:\ ar corrupted, every antivirus or program i download gets cut off in the middle of thier running and doesnt work again and i have tons of unknown svchost.exe running when i check my processes in Task manager. ...

this is why i think i have a win32/virut infection but i am no expert (or anything in fact!)
Your help with this would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:03:39 PM

Posted 02 November 2009 - 02:58 PM

Welcome to BC
Let's see if we can produce some logs
Please try running this application first and then try the scans again


Please download Rkill by Grinler and save it to your desktop.Link 2
Link 3
Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Any time the computer restarts you will need to run the application again
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 voltronDefender

voltronDefender

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 02 November 2009 - 03:50 PM

Hi;

You can also check this link for additional info:


http://miekiemoes.blogspot.com/2009/02/vir...s-throwing.html


voltronDefender

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:39 PM

Posted 02 November 2009 - 04:07 PM

Another check for Virut is to search your drive for ctfmon.exe
Next upload the file(s) to Virus Total
Post their reply here,thanks.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 kangarina

kangarina
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 02 November 2009 - 04:24 PM

Thanks for your time and help with this;

the application you sent worked and the DDS tool worked too. Also my desktop appeared!

I still have a problem with getting you that log, though. A waring appears stating "Windows cannot find 'Notepad'.exe.....

--- Also i just checked and found that i have 2 processes called ctfmon.exe running

Edited by kangarina, 02 November 2009 - 04:31 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:39 PM

Posted 02 November 2009 - 06:22 PM

You can send them both to Virus Total. Post their reply to you here.
Is this an XP machine?

RKill worked. You can also run this and post a log.
MBAM (MalwareBytes):

NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 kangarina

kangarina
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 02 November 2009 - 07:25 PM

Yep, i use windows XP and thanks again

i downloaded and ran Malwarebytes, again i hit some problems:

When updating there was an error - "error code: 732 (0,0)"

Also when i tried to manually update it, my browser (mozilla firefox) gave me a message telling me it couldnt connect to the server (to the link you gave me)
when i tried it again on IE, it was pretty much the same story.

However, Malwarebytes still ran.

And suddenly stopped just after i pressed "Quick Scan" and i can't open the program again because my computer comes up with

"Windows cannot access the specified device, path or file. You may not have the appropriate permissions to acess the item"
I am the admin on this pc so should i be getting this message?

Edited by kangarina, 02 November 2009 - 07:27 PM.


#8 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:03:39 PM

Posted 02 November 2009 - 09:15 PM

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

----------------------------------

Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to High

Also try: right-click on rootrepeal.exe and rename it to tatertot.scr
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#9 kangarina

kangarina
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 02 November 2009 - 09:42 PM

I'm sorry, there still hasnt been any luck

It downloads, Gives me a message saying:" Error - Invalid PE image found"
runs and suddenly stops in the middle of the scan and closes.

And if i try to open it again, it closes and gives me the same message i get with the other programs you have advised me to use: "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to acess the item"

I followed the steps: "Settings - Options. Set the Disk Access slider to High" but it didnt make any difference.

Also when i renamed the file and attempted to open rootrepeal i got this message: "Could not find driver (0xc0000035)

#10 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:03:39 PM

Posted 03 November 2009 - 06:46 PM

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#11 kangarina

kangarina
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 04 November 2009 - 05:18 PM

Sorry for the late reply;

I couldnt get an OTl report, it just closed halfway again.

Would it be better if i just formatted my pc?

#12 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:03:39 PM

Posted 05 November 2009 - 05:23 PM

One more scan


Please download Win32kDiag.exe by AD and save it to your desktop.
alternate download 1
alternate download 2
  • This tool will create a diagnostic report
  • Double-click on Win32kDiag.exe to run and let it finish.
  • When it states Finished! Press any key to exit..., press any key on your keyboard to close the program.
  • A file called Win32kDiag.txt should be created on your Desktop.
  • Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.
--------------------------------------


:step : Go to Posted Image > Run..., then copy and paste this command into the open box: cmd
Click OK.
At the command prompt C:\>, copy and paste the following command and press Enter:
DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txt
A file called log.txt should be created on your Desktop.
Open that file and copy/paste the contents in your next reply.

Edited by garmanma, 05 November 2009 - 05:25 PM.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#13 kangarina

kangarina
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 08 November 2009 - 11:55 AM

My computer failed to boot repeatedly yesterday so had to format it. and now, thank god, it works fine.


I'm sorry for bothering you and thank you for your time and help with this!!

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:39 PM

Posted 08 November 2009 - 04:45 PM

You're most welcome from all of us,as new malware is getting stronger and harder to remove, please take a moment to read quietman7's excellent prevention tips in post 6 here
Click >>>> Tips to protect yourself against malware:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 kangarina

kangarina
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 09 November 2009 - 01:56 PM

Thanks again :D




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users