Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

started with worm.win32.netsky, now can't even boot up


  • Please log in to reply
20 replies to this topic

#1 hubla41

hubla41

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Brookfield, IL
  • Local time:06:13 AM

Posted 06 January 2010 - 10:00 PM

This started around the 1st or 2nd of Jan. on my laptop running vista. I clicked on a subject line in an online email from Bank of America (my bank). I did not open any attachments. Life has been hell since then. I got popups saying I had Internet Security 2010 click to run a scan. I didn't since I don't have that program. I guess it didn't matter. It showed I had worm.win32.netsky . I'm been coming here since then trying to clear it up. I got it cleared (I hope) on my laptop with a chat from microsoft and Windows Defender. I also downloaded Malwarbaytes from here and full scans come up clear. McAfee didn't catch any of this. I think I will uninstall it and put a better defense when I get through this mess.
Here's the major problem:
My desktop is also infected. It runs on Xp professional (at least sp2) I use a wireless router for 6 compters in the house.
I was getting all the same popups asking to scan and showing the same worm.win32.netsky alerts.
Since reading posts here, I have downloaded and ran:
rkill not sure if it worked
ATF cleaner -wouldn't work
I went to tools and deleted history, passwords, etc
I tried system restore, I get a message that says it has been turned off by group policy. Contact your domain administrator.
I downloaded malwarebytes and after a few attempts thought it cleared everything but symptoms came back
my log files are saved on the desktop (which I can't get to now)..tried again, after uninstalling and saving as zztoys.exe
wouldn't work
I downloaded dr web
got a message that says -system administrator has set policies to prevent this installation.
I kept getting messages while on the internet that Internet Explorer has encounted a problem. Please tell micorsoft about this problem; send error report
if I clicked on that, explorer closed. So I started ignoring it and continued using the web pages.
after rebooting one time I got a message saying windows cannot find 'null'
after several attempt of rebooting due to freezing I went into safe mode and was able to work around the pop ups and run rkill, ATF never worked, just froze, ran malwarebytes and thought I was good after the next reboot, but it continued to freeze and wouldn't connect.
One time the mouse wouldn't work, rebooted again
I downloaded spyware doctor from pctools.com and got the following messages:
Trojan.lop_cin 8 infections
spyware.bonziBuddy 1 infection
application.tracking cookies 2 inf.
rogueAntiSpyware.internet security 2010 2 inf.
rogueAntispyware. advancedantivirus 6 infections
trojan.fakealert 2 infections
trojan.busky 7 infections
trojan.cws 9 infections

then i had a tab at the bottom that said - SWP2009 Demo which was another pop up with a fake scanner:
antivirus live dectecting:
win/wadnock
best search
win32/nuquel.e
edgetech
disable key

I would have to reboot and go to safemode with networking to use the net until that stopped connecting.
Now when I try to reboot, I only go as far as a cursor.
Where do I go from here?
I think I have the XP cd, not a boot cd.
I would like to at least back up some of my excel, doc and pics...After that, I don't care, reformatting is what I would like to do.
I'm almost ready to throw it out the window.

Also, is my laptop really save to do my banking, paypal, etc?

BC AdBot (Login to Remove)

 


#2 hubla41

hubla41
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Brookfield, IL
  • Local time:06:13 AM

Posted 10 January 2010 - 02:38 AM

Am I posted in the wrong place? I'm still waiting to hear from someone. I haven't turned on the computer yet, just been reading other posts and getting more confused. Should I continue to wait or try something else?

I really need to get my files out for the business.

Thanks in advance.

#3 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:10:13 PM

Posted 10 January 2010 - 08:32 AM

I really need to get my files out for the business.

Welcome to BC hubla41 :thumbsup:

Unfortunately it seems your post slipped by unanswered: Sorry about that.

Let me just focus on the high priority issue at hand for the moment - accessing and recovering your personal files. Please use the following guide to assist with this task:

Use Ubuntu Live CD to Backup Files from Your Dead Windows Computer

Backup your personal files to an external USB hard drive, or another hard drive of some sort, or CD/DVD or flashdrive (a flashdrive should be "disinfected" beforehand though .... and I forget what to use ... let me know if you are going to do this).

Note: Files with the following extensions should not be backed up:
  • .exe
  • .scr
  • .htm
  • .html
  • .xml
  • .zip
  • .rar
  • .asp
  • .php

To see the file extensions:
  • Show hidden and system files and folders by doing the following:
  • Launch Windows Explorer by opening "My Computer". On the menu bar, go to
  • Tools > Folder Options > and click on the "View" tab
  • Using the scroll bar at the side of the dialog box, find and check-mark "Show hidden files and folders", UNcheck "Hide protected operating system files (Recommended)", and also UNcheck "Hide extensions for known file types".
  • Click "Apply to All Folders", click "Apply" and click "OK".

The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml ) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executable files inside them as some types of malware can penetrate and infect .exe files within compressed files too. Other types of malware may even disguise itself by adding and hiding its extension to the existing extension of file(s) so be sure you look closely at the full file name. Then make sure you scan the backed up data with your anti-virus prior to copying it back to your hard drive.

Again, do not back up any data with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

Source: quietman7 http://www.bleepingcomputer.com/forums/ind...t&p=1390964

Let us know how you are getting on.

Perhaps it might be best to cover each of your computers in its own thread, and in this regard, may I suggest you start a new topic in this same forum for your Vista laptop. Explain what has happened, and what you have done and what issues you are concerned about. You will no doubt be asked to run a series of scans to check your system.

Then you can post back in this thread with matters pertaining to your Desktop computer ... and hopefully we won't get too confused.

Thanks
'Alien
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#4 hubla41

hubla41
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Brookfield, IL
  • Local time:06:13 AM

Posted 10 January 2010 - 04:46 PM

Thank you so much.... I was afraid to plug in my external hard drive because I read they are easily infected. Do you suggest cd's or flash over the hard drive?
I have not plugged it in for a while (which is why I don't have recent backups)

#5 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:10:13 PM

Posted 10 January 2010 - 04:59 PM

Thank you so much.... I was afraid to plug in my external hard drive because I read they are easily infected. Do you suggest cd's or flash over the hard drive?
I have not plugged it in for a while (which is why I don't have recent backups)

Use the external USB hard drive, unless it is convenient (you don't have a lot of data?) to use CD/DVDs.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#6 hubla41

hubla41
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Brookfield, IL
  • Local time:06:13 AM

Posted 10 January 2010 - 06:49 PM

Ubuntu is 6hrs to download?
I already had Imbburn downloaded. Still waiting for the download.
It will probably be late tonight or tomorrow afternoon when I get back to you.
I work early morning shift.

Thanks again
From everything I've been reading all week at this site, you guys are the best!

#7 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:10:13 PM

Posted 10 January 2010 - 06:59 PM

Thanks again
From everything I've been reading all week at this site, you guys are the best!

No worries.

BleepingComputer forums is good: There is no doubt about that. I think it's THE BEST too, and that is why I am here, trying to contribute in my small way and struggling to do the best that I can to live up to the high overall standard set by the helpers. It is also true that some of the helpers here "are the best!".

Good luck: I'll be here when you get back.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#8 hubla41

hubla41
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Brookfield, IL
  • Local time:06:13 AM

Posted 10 January 2010 - 08:03 PM

Explorer stopped the download, said it timed out. I'll start it over, it's 7pm.
Just thought I'd let you know.

#9 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:10:13 PM

Posted 10 January 2010 - 08:17 PM

Explorer stopped the download, said it timed out. I'll start it over, it's 7pm.
Just thought I'd let you know.

Ubuntu is a 700MB download .... not a problem for most people with fast and good internet connections.

Let me know if you are having trouble, and we can organise something much smaller for you to download. The main reason for using Ubuntu is the excellent guide that was written for it! We can do the same job with other LiveCDs that are smaller in size to download.

Do you have an XP installation CD, and if so, what Service Pack level?
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#10 hubla41

hubla41
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Brookfield, IL
  • Local time:06:13 AM

Posted 11 January 2010 - 12:59 AM

The download finished, the second attempt to burn it to a CD was successful.
It's midnight, I get up at 4:30am, so I'll check in tomorrow afternoon.
Thanks

#11 hubla41

hubla41
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Brookfield, IL
  • Local time:06:13 AM

Posted 12 January 2010 - 12:25 AM

Sorry I couldn't get to the computer sooner. I've tried several times to boot with the Unbuntu. I get as far as the Ubuntu main screen where it says "try Ubuntu without any change to your computer". I press that and nothing happens. I hear the drive working, then a box comes up with a red header that says I/O error, Error reading boot CD. Reboot. I clicked the Reboot button a few times, but that's as far as it goes.
Next step....

#12 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:10:13 PM

Posted 12 January 2010 - 12:31 AM

the Ubuntu main screen where it says "try Ubuntu without any change to your computer". I press that and nothing happens.

That indicates a problem.

Please try this ...
At the main screen of Ubuntu select "Check CD for defects" and see what happens.

It appears there is a problem with something .... the CD, the CD reader, the image that you downloaded .... ?
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#13 hubla41

hubla41
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Brookfield, IL
  • Local time:06:13 AM

Posted 12 January 2010 - 12:37 AM

When the CD finished, it was confirmed with a 'successful" box. It's reading the cd since the Ubuntu main screen shows, it didn't read it from the USB DVD/CD drive I used first. I'm attempting to do what you said now. I get a language list that appears first which stays on the screen a long time. Even though I "enter" on the default English, it stays a while before the Ubuntu screen comes up.

#14 hubla41

hubla41
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Brookfield, IL
  • Local time:06:13 AM

Posted 12 January 2010 - 12:43 AM

I selected Check disc for defects, after a good wait, the same box appeared. Error reading boot CD.
I can try to download a new one when I go to bed....unless you have another idea.

#15 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:10:13 PM

Posted 12 January 2010 - 12:54 AM

I selected Check disc for defects, after a good wait, the same box appeared. Error reading boot CD.
I can try to download a new one when I go to bed....unless you have another idea.

Do not download a fresh copy just yet.

First Download and install
WinMD5Sum
http://www.nullriver.com/downloads/Install-winMd5Sum.exe

Now, check that your download is good using WinMD5Sum.
Start > Programs > WinMD5Sum
A small dialog box will open, and at the top you will see "File Name", and beside the data entry box (field) you will see a small button with 3 tiny dots on it. Click on that button and then browse to the .ISO file that you downloaded for the Ubuntu setup and click "OK". WinMD5Sum will now calculate the MD5 value for that file. Now, copy and paste the MD5 value provided for this file at the Ubuntu website

Edit: UbuntuHashes

into the "Compare" field, and then click on "Compare". You will see a message. The values will either be the same .... or not. Hopefully the MD5 values will match, and you can move on to the next step.

Burn another CD. This time with the write speed changed from Maximum down to about 4 x

Edited by AustrAlien, 12 January 2010 - 01:09 AM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users