Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange unknown malware infection - possible rootkit?


  • This topic is locked This topic is locked
2 replies to this topic

#1 John @ ComputaGeeks

John @ ComputaGeeks

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 09 November 2009 - 05:24 AM

Hi all,

This is my first post, so apologies if I make an error in posting information.

I have a Vista Home Premium laptop which appears to be infected with some kind of malware. The symptoms include:

- unable to install or run SuperAntiSpyware
- run Comboxfix to completion
- run the DDS script or RootRepeal utilities to completion
- there are a number of scheduled tasks in Task Scheduler but not sure if they are legitimate or not.

What appears to happen is that the machine runs normally for a few minutes, after logon, and then explorer type processes begin to hang. Anything open at the time will work, of sorts, ie Task Manager, etc.

When booting in Safe Mode the machine runs perfectly.

I have run MBAM through in Safe Mode and it removed a few items of Adware. It finds nothing else.

ComboFix won't run in Safe Mode and SAS will not install.

I have quite a bit of experience in removing viruses and the like but this one has stumped me.

Can anyone shed any light on where I might start looking to get rid of this nasty?

Thanks in advance
John

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,745 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:59 PM

Posted 09 November 2009 - 11:29 AM

Please download Rkill by Grinler and save it to your desktop.Link 2
Link 3
Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Now try performing a Quick Scan in normal mode with Malwarebytes Anti-Malware and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,745 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:59 PM

Posted 10 November 2009 - 08:35 AM

I have moved (split away) your DDS/HijackThis log to the HijackThis Logs and Malware Removal forum as they are not permitted in this forum and we cannot continue here. Please go here, click on the Options button in the upper right corner of that thread and choose Track this topic. Subscribe to that topic to ensure you are notified when a helper replies.

Now that your log is posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users