Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I don't own my computer anymore?


  • Please log in to reply
4 replies to this topic

#1 E10

E10

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Location:Orlando, Fl.
  • Local time:11:07 AM

Posted 16 November 2009 - 03:37 PM

HP Pavillion custom - Vista Home Premium SP1, used to be Norton 2009, 10G ram, AMD Phenom 4 core/eMachine WinXPSP3, Norton, AMD 3100/emachine T????: NOT net worked/sharing, net access through NetGear WPN824v3: All current definitions and firmware except last machine.
This starts week #4 of fighting something that has has my computer in a network within itself with "root" claiming to be the Domain Controller and thus limiting my abilities as Admin. About 4 weeks back I got nailed with the W32.Virut.CF nasty and the problems haven't stopped. I've gone as far as changing modems, unplugging and resetting the router before each use, taking all computers except this off line, taking out the CMOS battery/ram//all cards/cpu/trying restore/trying the restore desks and wiping the drive all to no avail. If I delete anything it's restored within minutes, sometimes seconds. I resorted to doing a del *.* on C which left me with a few directories protected by root. I'm not familiar with shells, encryption techniques, schemas, group policies (global & local), objects, permissions, ASP NET, Python, all of the secret pipeline protocols that are established in stealth mode or editing the registry based on what should or should not be there. IE has been redirected rendering it useless and I can't seem to install anything as it's changed installers or hidden it in root. At the suggestion of a friend, I am booting from an EeeBuntu Linux disk which is using a ramdrive or I would have no access at all. After doing the simple del *.* and reviewing, I found my system is locked under something called MEDIA and then to a root that has no name and on the restore drive I see the files Hal-Lock, Hal ?? (a text file) and ipod = which seems to be a self extracting package . I know some of this is Linux based and it's been a great learning experience, but I need to get the machines corrected, sealed with a security program that works and back on line. Any help is appreciated! :thumbsup:

Edited by E10, 16 November 2009 - 03:43 PM.


BC AdBot (Login to Remove)

 


#2 Aus Smithy

Aus Smithy

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane QLD Australia
  • Local time:01:07 AM

Posted 17 November 2009 - 01:17 AM

I presume you have read this:
http://www.symantec.com/connect/blogs/w32v...llateral-damage
and tried the recommended way to clear the nasty but it isn't working.
This sounds bad enough to justify taking all computers offline and doing a disk format and OS reinstall on each - big job but it may be your only way out. Reset any modems etc before linking computers back in. You'll have to be very disciplined and regimented in doing this. Good Luck!

#3 E10

E10
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Location:Orlando, Fl.
  • Local time:11:07 AM

Posted 17 November 2009 - 09:40 AM

Thank You Aus Smithy. Yes , I have read that file a few weeks ago and it has changed since then. In reading it again I've picked up a few more gems of knowledge. To answer your other questions, please see my original statement, and that's what is so bothersome: I've already used the original image discs, tried fdisk/mbr and am now looking for a copy of the old DOS program called "Slate". Using this little EeePC Ubuntu disk, I can hit the net and download the removal tool (which I see has changed) but on the first 10 tries it didn't work and when I try to run or reload Norton it stops it with a fake message that "there's not enough room to make pagefile.sys). In reading the write up I can say there are many more changes to the registry than the few mentioned there. This thing has definitely morphed into a monster that will block anything I do that is successful the first time around. Since I can only override it with this Linux disk and the 3 main fin files I see left on the restore drive are LINUX, I'm wondering if the solution lies in using Linux to unlock the Hal-Lock and inode/packed file IPOD. I was able to d/j the new patch, a memory cleaner and HJT (renamed to HJT.COM) and I will try these. Again, thanks for the info Aus.

#4 Aus Smithy

Aus Smithy

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane QLD Australia
  • Local time:01:07 AM

Posted 18 November 2009 - 03:13 AM

It seemed to me that each time you try to clean a PC you are being reinfected by something you have networked that is carrying the virus so my suggestion was to remove each item from the network, clean it out and reinstall OS and don't put it back until everything on the network is clean. It certainly seems to be a particularly nasy infection. Maybe it would be best tomove to the Security Forum for more professional assistance.

#5 Aus Smithy

Aus Smithy

  • Members
  • 160 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brisbane QLD Australia
  • Local time:01:07 AM

Posted 18 November 2009 - 03:47 AM

Sorry I missed the fact that you are already in the Security Forum. You need to get a Security Pro's attention.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users