Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chin09, Malware Defence -Nasty


  • This topic is locked This topic is locked
7 replies to this topic

#1 fitmom726

fitmom726

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 15 January 2010 - 10:34 PM

Hi,
I have what a few others I've read have but didn't see any responses to them. Got a bunch of pop ups, a bubble at the bottom saying I have the Chin09 virus. Keeps going to blue screen, won't let me run McAfee or Malewarebytes and system restores fail.
Tried all of this in safe mode too with no luck. I'm using Vista if that helps or matters.

Thanks! You guys have saved me before and I really appreciate it!!
~Robin

BC AdBot (Login to Remove)

 


#2 trev47

trev47

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 16 January 2010 - 12:46 AM

Try the guide at http://www.bleepingcomputer.com/virus-remo...malware-defense

#3 fitmom726

fitmom726
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 16 January 2010 - 08:29 AM

OK, here is what happened when I tried. 1st there is no proxy settings for Internet Explorer, so I went to download rkill and got lots of pop ups preventing me, locked IE in the process. So I downloaded it to a USB on my PC and then when I went to copy the file to my infected laptop got the error:
An unexpected error is preventing the operation. Make a note of this error code, which might be useful if you get additional help to resolve this problem:
Error 0x80070571: The disk structure is corrupted and unreadable.
Then I tried to run rkill from the USB instead of copying it to the desktop and got a buble at the bottom saying pretty much the same thing and to run Chkdsk. Should I do that?

#4 fitmom726

fitmom726
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 16 January 2010 - 09:16 AM

Ok, since I was able to run safe mode with networking, I was able to download and run the rkill, then I uninstalled my Malwarebytes that I had on there and followed all of the new directions through #15 and Malwarebytes is running now. Keeping fingers crossed.

#5 fitmom726

fitmom726
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 16 January 2010 - 10:20 AM

not good. After I ran MBAM, followed through with the removal, things went fast and I don't have everything written down, but I saw Rogue.Installer and Rootkit.TDSS
It looked like everything was deleted and good to go, but then when it rebooted got the blue screen and it shut down.

#6 trev47

trev47

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 16 January 2010 - 09:17 PM

Are you able to boot into safe mode or windows? You really should probably read the Preparation Guide For Use Before Using HijackThis and other Malware Removal Tools, Instructions for receiving help in cleaning your computer at http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

#7 fitmom726

fitmom726
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 17 January 2010 - 08:26 AM

Started following the instructions and I find that I cannot back up or even manually save anything. This includes the dds files.
I am running in safe mode with networking. While I was waiting for a response yesterday I also posted on malwarebytes.org forum, and was able to post the dds logs. I closed that message when I found out that posting on two message boards was a no-no. should I copy the log I posted yesterday onto a new message here?
I haven't done anything to the computer since I ran the logs yesterday. This is the first time it won't let me save.
That is the other issue, I have gotten a lot of messages saying the hard drive is corrupt. Is this something that can be fixed or am I going to have to replace it?
Thanks!

Nevermind, I rebooted and now I can save!

Edited by fitmom726, 17 January 2010 - 08:39 AM.


#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,012 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:09 PM

Posted 17 January 2010 - 11:56 AM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/287693/rootkittdss/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users