Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nasty virus evades several programs, blocks Safe Mode


  • Please log in to reply
1 reply to this topic

#1 JorgeR88

JorgeR88

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 26 January 2010 - 12:53 AM

Greetings, and thanks for helping.

I am running Windows XP SP2 and my PC has fallen under the cold, icy grip of an evil virus, so am posting from a laptop. I believe the problem may have originated as some sort of malware/adware and gotten worse. Here's the background info:

-Before these problems originated, I was running AVG Free and Ad-Aware.

-I have no idea what happened -- I usually browse pretty safely and avoid shady websites offering enlargement of my...uh...anyway, I don't open email attachments from bad sources, and never download .exes from untrusted websites.

-The first problem I noticed was Firefox (I don't even use IE) opening tabs with pages full of advertisements, despite a popup blocker. I got sick of this pretty fast and ran AVG. That got a few things but the problem persisted.

-Ditto with Ad-Aware. I would always get a bunch of bad cookies, maybe a trojan, but never anything really severe.

-Then things got worse. AVG's email scanner has been forcibly disabled (!!).

-I try to boot into safe mode and run AVG again. Safe Mode will not run. It crashes on loadup (it hangs up on a driver called SPTD.sys, but renaming that driver causes it to hang up on another one). The driver hangs, then it blue screens really fast (cannot read error code) and restarts.

-Normal mode works fine.

-In the meanwhile I installed Malwarebytes' Anti-Malware, Spybot Search & Destroy, and the (paid!) version of Spyware Doctor, all to no avail. Their scans always get a bunch of bad cookies, maybe a registry error, and the occasional trojan, but no virus except for one.

-Spyware Doctor nailed a virus called Virus.DOS.RogueAntiVirus, as well as some Chinese spyware, but the problems persist.

-AVG nailed a .dll trying to infect Spyware Doctor.

-Even after waiting about a week and updating virus definitions, no program has completely cleared my computer.
---

Current Status:

The PC is useable but slow. My antivirus programs themselves are infected. Chrome will not load pages, Firefox crashes and will generally not run, and IE works best but tries to open tabs to evil Chinese websites (Spyware Doctor heroically blocks them). No virus scan has gotten to the root of the problem and nailed all of the malware. I'm looking to at least make lemonade out of this (trying to snag a copy of Windows 7 cheap to upgrade to) but I'd rather not have to format, though I guess if it's that or nothing I will.

I have two hard drives in a RAID. Most of my data is on C:, but I've moved the essential data I want to back up (if I have to format) on E: and F:. Is there a possiblity that the virus could be lurking on E: and F: and come back to haunt me even if I format C:?

---

So, would you like me to post some antivirus logs? Or should I delete, rename, and run the same antivirus programs I have? I'll be checking back later, so just post with whatever actions I need to take to get you information.

Not even joking, I'm seriously considering (once the PC is safe to put financial info to) buying whoever can solve this a beer. $5 USD, Paypal or mailed.

Edited by JorgeR88, 26 January 2010 - 12:54 AM.


BC AdBot (Login to Remove)

 


#2 JorgeR88

JorgeR88
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 27 January 2010 - 09:32 AM

Malwarebytes' Anti-Malware 1.44
Database version: 3645
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

1/27/2010 9:31:36 AM
mbam-log-2010-01-27 (09-31-36).txt

Scan type: Quick Scan
Objects scanned: 116919
Time elapsed: 5 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

----

It appears I'm screwed. Currently backing up data for a format.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users