Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Know machine is infected, beyond my expertise


  • Please log in to reply
4 replies to this topic

#1 bluntsister

bluntsister

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 12 January 2010 - 11:30 AM

Hello bleeping computer staff, I have encountered an especially ugly infection on one of our office
Computers and I donít know where to go from here. I would really rather not have to go to wipe and
Reinstall since that has itís own issues. Here goes:
System info: Windows XP SP3, IE6.0.2900.5512.xpsp_sp3

Current conditions: infected and unable to get to the internet, all system restore files are useless, tried booting to last know configuration and there was no change.

Copied to CD from a clean computer and ran SAS and it found:
Adware. Vundo/Variant-Netfilter
Smss32.exe
Rogue.InternetSecurity2010
Worm.Agobot-WCWinLogon32.exe
Though I could not do updates from the infected machine since there is no internet access.
After removal of these items by SAS had a Logon/Logoff loop occurring, used the process from thinkinginpixels to recover from it but still infected and no internet access.

Copied to CD from a clean computer and ran mbam and again could not update the definitions and
Received the following: Error Code: 732(12029,0) when trying to update.
Mbam found:
Trojan.FakeAlert
AntivirusDisable
NoActiveDesktop
NoChangingWallpaper
DisableTaskmgr

There are logs from mbam and SAS but I am afraid to risk copying anything from that computer
to my own.I believe the user of this computer downloaded FREE wallpaper thus causing this nastiness. Sigh.

Thought I would ask for help before my head explodes. Any guidance would be appreciated.
bluntsister

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:56 PM

Posted 12 January 2010 - 03:44 PM

Hello,just checking.. That since this is an office PC that the IT dept or boss wont come jumping on you for working on it.

Try this MBAM 732 error
1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. Mbam clean
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here. http://www.malwarebytes.org/mbam-download.php
Note: You will need to reactivate the program using the license you were sent.
Note: If using Free version, ignore the part about putting in your license key and activating.
Launch the program and set the Protection and Registration.
Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that MBAM is in the task tray and run a Quick Scan and post that log.


OR RKill.... then MBAM

Please download Rkill by Grinler and save it to your desktop.Link 2
Link 3
Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
You will need to run the application again if rebooting the computer occurs along the way.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 bluntsister

bluntsister
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 12 January 2010 - 08:11 PM

Hello boopme, boss would appreciate your concern, she asked me to do this. We are a very small company.

I do have a question, I cannot get to the internet from the infected machine - can I download to CD and run from CD?

#4 bluntsister

bluntsister
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 13 January 2010 - 03:29 PM

Hello boopme,

We have decided to call in an IT consultant to resolve this issue. I appreciate the help,
I have other responsibilities that are suffering and cannot continue trying to troubleshoot
this machine.

Thanks again,
bluntsister

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:56 PM

Posted 13 January 2010 - 04:18 PM

hello,sorry was out of town. Yes you can di o that if you haven't taken it elsewhere.
If you have thanks for stopping by.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users