Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pretty badly infected...


  • This topic is locked This topic is locked
46 replies to this topic

#1 mattsbury

mattsbury

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester, UK
  • Local time:02:11 AM

Posted 22 January 2010 - 04:49 AM

Ok, firstly I would like to say to the problem solving wizards that help people out on here, you are truly modern day saints and I hope everyone really appreciates it.

I am not the most skilled when it comes to computery things, i know a little bit, but not nearly enough, and this problem is so bad that I cant think of anywhere else to come for help.

It all started about a month ago. The dreaded Malware defence thingy. I tried to uninstall it, as I didnt realise what it was at the time, only that I didnt want it, and it reappeared a few times. I Tried to install MBAM and first got rkill, but that didnt work as I just couldnt get MBAM to work. so my friend and I went at my computer with ccleaner, autorun eater, rkill and MBAM and somehow we got MBAM working but I dont know how...it found some trojans and stuff but I cant really, remember as I thought that was problem solved, this was only a couple of weeks ago.

I rebooted my netbook (yes its only a wee netbook) and thought all was well until it froze. Then after 10 seconds let off a beep and was still frozen. Had to remove the battery to re-start. So Malware defence was no longer there but instead it was freezing every time which was just as bad. Anyways I found that as soon as I switched the comp on, if I ran Rkill it would be fine, no popups or anything! So for the past 2 weeks or so I have been doing this. Until yesterday. I was getting IE Popups telling me it has 'encountered a problem and needs to close' which confused me because I only use Firefox. If I left it I would get maybe 3-4 of this same popup without doing anything on startup. When the 3rd or 4th of these comes up,the netbook will beep and crash as it did before, therefor I can do nothing in normal mode and have to use safe mode. MBAM will not open, and AVG won't let me scan. I presume Malware Defense is maybe hiding somewhere? I'm not sure. I found on processes, ending dwwin.exe would get rid of this IE popup. Google also tends to redict whenever I click on a search result as well...and it will never let me connect to bleepingcomputer! (i'm doing this from work atm)

Due to the fact that I havent been able to run ANY virus scan I have tried to install, I did the Windows Onecare Safety Scan last night in safe mode online and it found about 48 severe items and 8 severe issues. It deleted the majority of these however there were some it couldnt. It seemed I was able to run my PC in normal mode again after this and I ran the scan twice more and it ended up deleting a couple more until this morning, the same 2 can't be deleted.

The things it keeps finding and being unable to delete are :

virtool:win32/obfuscator.ev (says something about dll but I dont understand it)

trojan downloader:win32/obitel.gen!a (this seems to be located in windows, system32, userinit.exe - but I didnt wanna touch anything in case I messed it up)

I think thats about all the info I have, and I would really really appreciate some help on this one because I havent a clue what I can do.

Many Thanks

Matt

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:11 AM

Posted 22 January 2010 - 09:39 AM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

Please describe the issues you are experiencing with your computer.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 mattsbury

mattsbury
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester, UK
  • Local time:02:11 AM

Posted 22 January 2010 - 09:46 AM

ok to have a quick update, i went back on my netbook an hour ago, and tried to run in normal mode, the IE error popped up again, as soon as I logged on. To get rid of this popup I end the process dwwin.exe, but it continues to pop up and freezes the computer.

I then logged on to safe mode with networking and it doesnt pop up on safe mode, so I am running the OneCare scan again and left it as I had to go back to work so I know it won't solve the problem completely.

I really appreciate any help anyone can give me on this. All the other info is above.

Thanks in advance...

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:11 AM

Posted 22 January 2010 - 09:49 AM

Finally, were you able to install mbam?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 mattsbury

mattsbury
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester, UK
  • Local time:02:11 AM

Posted 22 January 2010 - 09:55 AM

No, I did have it and got it to run once, a few weeks ago after running RKill, but when my computer powered off, the infections came back, the computer would freeze instantly and RKill didnt seem to work properly, and stopped me from accessing MBAM. I can't uninstall it to reinstall it either. I tried renaming it and re-installing it from a usb stick but that didnt work either :-/ I can't actually do anything in normal mode any more without the IE popups coming up and freezing the computer.


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:11 AM

Posted 22 January 2010 - 10:07 AM

Did you try running MBAM in safe mode with networking?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 mattsbury

mattsbury
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester, UK
  • Local time:02:11 AM

Posted 22 January 2010 - 10:53 AM

yes, it won't run at all

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:11 AM

Posted 22 January 2010 - 10:59 AM

What happens when you try to run it?

Does it give you an error message, or does it just hang there?

Please try to rename c:\program files\Malwarebytes' Antimalware\mbam.exe to winlogon.exe (right click the file and select rename).

See if it runs that way.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 mattsbury

mattsbury
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester, UK
  • Local time:02:11 AM

Posted 22 January 2010 - 11:04 AM

If I try to run it, it doesnt do anything...if I try to install it then it stops about 70% of the way on 'extracting files'

I will rename it as you have advised when I am home and back on my netbook in around an hour or so. Many thanks for helping me with this =)

#10 mattsbury

mattsbury
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester, UK
  • Local time:02:11 AM

Posted 22 January 2010 - 11:34 AM

I should also add that because I'm not working again until Monday, and whatever is causing my problems won't let me connect to bleeping computer, I may not be able to get on here this weekend. I will try my best to get on though!

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:11 AM

Posted 22 January 2010 - 12:01 PM

Please do the following to attempt to get internet connection back:

Click start > run, type inetcpl.cpl and press enter.

Click the Connections tab.

Click the LAN Settings button.

Make sure Use a proxy server.... is UNchecked and click OK to apply the settings.

Let me know if you are able now to connect.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 mattsbury

mattsbury
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester, UK
  • Local time:02:11 AM

Posted 22 January 2010 - 12:19 PM

I can connect from home, its just the bleeping computer site seems to be blocked. If i search from Google for anything, for instance an Rkill download, then every other site will get redirected to marketing sites etc, but if i try to connect to bleepingcomputer, it comes up with page cannot be displayed. All other sites such as google, facebook, hotmail etc work fine.

Edited by mattsbury, 22 January 2010 - 12:20 PM.


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:11 AM

Posted 22 January 2010 - 01:00 PM

How exactly do you connect (wired, wireless, router, cable modem,....).

What windows version are you using?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 mattsbury

mattsbury
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester, UK
  • Local time:02:11 AM

Posted 22 January 2010 - 01:40 PM

Hi. I connect wirelessly.

I did as you said and renamed MBAM as winlogon.exe. This worked, and I ran a scan, found a few nasties and saved logs - before and after they were cleaned. Should I post any up?

I did this in safe mode with networking as I couldnt on normal, nor will it let me connect to this site on safe with networking. I restarted the laptop and went to log on normally...this froze when it was loading my settings so I switched off and tried again - got on on, no IE popups (yet) no freezing (yet) and I can get on here to post this...whats the next step please?

Oh and its Windows XP Home Version 2002 SP3

Thanks

Edited by mattsbury, 22 January 2010 - 01:43 PM.


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,207 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:11 AM

Posted 22 January 2010 - 01:46 PM

That sounds good so far smile.gif

Please post me the mbam log (start mbam, click Logs tab).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users