Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan killed regedit, task manager and more


  • Please log in to reply
2 replies to this topic

#1 uktab

uktab

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 11 December 2009 - 02:19 PM

I'm usually ok getting rid of trojans, viruses etc. and yesterday I got a laptop running for someone I know, with help from ERD 5.0, that wouldn't boot, and had 0k free space. Once the laptop was booting up, I downloaded ccleaner, using my own laptop, onto a usb drive, plugged it into the other laptop, and ran the setup. The idea was to free up some space on the C: drive. Ccleaner setup ran for about 5 seconds then closed down before it was installed.

I tried to download it after making some space on the now-working laptop, but I got a message saying "Use internet explorer you dope".

I put the usb \ pen drive into my (normally) bullet proof laptop, where Bitdefender always 'sees' the drive and says"Usb drive detected. Do you want to scan for viruses" or something similar. The message didn't appear, and the Bitdefender icon went grey.

After some googling, running Bitdefender Online Scan, Superantispyware and MalwareBytes Antimalware, it turned out I'd picked up 'killer.exe' plus 'funny ust scandal virus.avi.exe' plus 'win32.sality.og' plus 'worm.io.35163' plus 'trojan.autorun.nd' plus 'executes c:\smss.exe'

Bitdefender managed to upload them to their lab but not heard back yet.

The 2 antimalware progs found them but rebooted before I had a chance to check what Startup Monitor was telling me. I'm guessing that they needed permission to delete what they'd found on bootup, but the reboot kicked in before I could read the mesage

The problems I currently have are :

Task manager is disabled

Regedit is disabled

Command prompt won't find any programs (ie DEL) so I can't manually delete the malware found by my protection software

Bitdefender is disabled

The bitdefender help and forum websites seem to be blocked as they won't load

Bitdefender online scan, which is usually available as part of Firefox, is disabled

All Firefox add-ons (No script etc) are disabled

If I run ccleaner, something shuts it off after about 5 seconds, but I can run anti-malware software which is strange

I get a blue screen if I try to boot into Safe Mode, and the laptop instantly reboots just after

I ran ComboFix which deleted autorun.inf and some other unwanted bits, but I still have all the above problems

My cd drive isn't working, so I can't boot from cd

If I click on a link to a website in a Google search I get redirected to printer sites (Epson, Hp etc)

I'd appreciate any help, and I'm quite geeky so will understand any instructions thrown at me

Xp home 2002 sp3

Thanks ;)

Edited by uktab, 11 December 2009 - 02:46 PM.


BC AdBot (Login to Remove)

 


#2 uktab

uktab
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 13 December 2009 - 06:33 AM

Is there anyone who knows how to fix these please ? ? ?

I also get Firefox redirections like the post below, and the bsod if I start in Safe mode. I ran superantispyware and mbam but they get shut down just before they remove the malware :thumbsup:

I also tried to view hidden files and folders but whatevers on my pc won't let me 'apply' so it reverts to hidden.

Plus my C: drive has an unsual icon now : A windows symbol on top of a blue \ grey hard drive.

I know this site is busy with previous requests, so while I'm waiting I tried to goto trendmicro's online scanner and pctools for the same reason, but both seem to be blocked by something as Firefox doesn't load the pages.

Edited by uktab, 13 December 2009 - 04:28 PM.


#3 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:06:42 AM

Posted 14 December 2009 - 09:16 PM

Download and run rkill. you may have to run it multiple times
Then run your scan tools See if that helps


We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users