Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop freezes after removal of malware (like Antivirus 2009)


  • This topic is locked This topic is locked
2 replies to this topic

#1 Rayban

Rayban

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 29 December 2009 - 02:25 PM

Hello all,

I started having the problem after trying to remove malware by using mbam. Mbam recognized the items and deleted it. I had to redownload mbam, rename it, all other virus/malware utils would not start. System Recovery failed also (tried Kelly's Korner registry link). However, after the reboot I still have no access to the virusscanners and the system still is affected.

When I start in normal boot, everything will freeze within a few minutes, also safemode with networking isn't stable, I can only use Firefox and some programs but not for too long (i had to do root repeal in safemode with prompt). I ran mbam again and panda online virusscanner, it does not give any hits on any malware.

I added the requested logfiles, but unfortunately i do not have he old mbam log of what it deleted (got tired of all the txt popups so i once turned logs off, i am so regretting it now). Since the scans with mbam and Panda virusscanner do not give any hits, i am clueless what to do next.

Can you tell me how to fix it? Please shine your divine light on me :(

*bows humbly*

Attached Files


Edited by Rayban, 29 December 2009 - 06:37 PM.


BC AdBot (Login to Remove)

 


#2 Rayban

Rayban
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 29 December 2009 - 06:29 PM

Guess I know what is bothering me now..

I saw a lot of H8SRT remarks in the logs of Root Repeal and after some browsing and checking I noticed a solution to download TDSSKiller and after that run mbam. So I tried to run TDSS in safe mode. It cannot get access to KLMD, error 2 and the results are 0 across the board..

The story continues..

http://www.bleepingcomputer.com/forums/t/281515/h8srt-rootkit/

===========
[Edit after moderator post in blue] Oh, sorry, the addition with the H8SRT remark was not meant as a bump at all, my bad.

I just wanted you to know what I have been doing thusfar. After a normal reboot, TDSSKiller worked and removed the .sys-file of the H8SRT trojan. I rebooted into safemode (without networking) and did a full scan with mbam. No result. However, my laptop is working in normal boot. I ran a quick scan with mbam and omg, it detected the (20 hits for H8SRT) leftover files.. Files removed, and I can move around normally. The previous link really helped!

PROBLEM HAS BEEN FIXED.
===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Orange Blossom ~ forum moderator

Attached Files


Edited by Rayban, 30 December 2009 - 02:06 AM.


#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:10:10 AM

Posted 08 January 2010 - 10:13 PM

Thanks for letting us know you have fixed your PC problem.

---------------------------------------------------------------------

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users