Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus problem


  • Please log in to reply
2 replies to this topic

#1 philkarlin

philkarlin

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 20 August 2005 - 02:14 PM

hi,
I've spent a week trying to figure this out. I have a machine running XP pro, Bit Defender Anti-virus, hardware firewall, windows update and virus defs on auto and up to date (as of ~ august 10). I have all the symptoms of the MSBlast worm, but I can't find it on the system. I have run my regular anti-virus, the Symantec MSBlast removal tool, MacAfee Stinger removal tool, Microsoft MSBlast removal tool.
I have searched the system32 folder for suspicious files.
I have looked for any alternate names I could find, including teekids.exe, mslaugh.exe, enbiei.exe.
I have checked that the lsass.exe running in processes starts with an L and not an I.
I have installed Zone Alarm free.
I have disconnected my ethernet cable.

Specific symptoms include
the "The System is shutting down...NT Authority/system" message,
copy and paste are disabled. drag & drop are disabled.
system is very slow to boot.
Network connections are unavailable (not there at all).

If it's a virus, what is it? could it be something else?

BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:12:45 AM

Posted 20 August 2005 - 03:48 PM

I suggest you post a HijackThis log for examination.
A member of the HijackThis Team will show you, step by step, how to disinfect your computer.

Read How to post a HijackThis Log.
Please read, and follow, all directions carefully.

Then, run a log, and post it in the HJT forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 philkarlin

philkarlin
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:45 AM

Posted 20 August 2005 - 08:34 PM

I'd like to, but the sick machine has no network connection, and no ability to copy or paste. an attempt to write the log file to CD was unsuccessful. I was able to print a hard copy of the log file, which I'd be happy to fax or scan and post/attach as an image if you would like. Let me know.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users