Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Your PC Protector


  • Please log in to reply
3 replies to this topic

#1 CosmicDog

CosmicDog

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 10 February 2010 - 05:42 PM

Your PC Protector popping up on xp sys, able to stop through taskmgr, pops back up later.
Slaved drive to a known-good/known-clean sys with up to date Norton 360, unplugged from net, ran scan, negative.
This AM, reinstalled in sys, booted, winload, YourPCP came right back up. Re-slaved and scanned with up to date Malwarebytes, 2 positives, but sys rebooted itself (!?!?).
Prompted to run chkdsk by icon in systray (trusted), ran from cmd prompt c:\chkdsk /f f:, several times, each finding seeminly different errors. Eventually got 3 concurrent "normal" runs.
Returned to win gui, tried to copy user's profile (or at least MyDocs), failed, 0 bytes, busy/write-protected/full/etc. (other profiles OK, accessible, copy-able)
Currently re-running malwarebytes on user's profile folder only...2 hits thus far...hopefully sys will not reboot or shut down before finishing/reporting/offering resolution.
Fast food, nicotein, and caffeine for lunch; trying to stay "up" if not "hopeful."
As far as I've seen today, only bleepingcomputer is on top of this with me...thank you (all)!

TT/CosmicDog

BC AdBot (Login to Remove)

 


#2 CosmicDog

CosmicDog
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 10 February 2010 - 06:04 PM

Upon reflection...
Was able to delete almost all of the processes, regvalues (except the two LEGACY_ADBUPD lines), files, and dirs (had to kill the processes that kept relaunching while I was regeditting and del-ing...much fun)
User profile folder, although showing 0 bytes and not allowing access, is showing 4600+ files as malwarebytes scan through it.
Further reflection...
Had a sys with similar 1.5 months ago but couldn't even get through to the desktop. Slaved, AV scanned, malware scanned, reinstall drive, booted with full success. Sys was on network.
Different sys (not at all involved with net here) had similar 3 weeks ago, but drive completely failed during work...like circuitry failure...big bummer...
Ahead of me, after this one, is another that occasionall has Driver Updater (or sim.).
Yes, I'm employed, but annoyed...
TT
CosmicDog

#3 CosmicDog

CosmicDog
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 10 February 2010 - 06:49 PM

1.5 hours into a MWBytes scan...and I've got 9400+ files so far in the users profile folder, mostly temp inet files. When this finishes and whether or not I can deal with the hits, I think I will be going cmd, cd to temp inet files, and doing del *.* /s to delete these and their folders...those two hits pro'ly included. While I'm the clown, I'll tell you what I've found...

TT
CosmicDog

#4 CosmicDog

CosmicDog
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 11 February 2010 - 02:10 PM

OK, I've moved on from search and destroy (the concept, not the app) to search and recovery: get as much data off of the infected/failing drive.
This virus/issue appears to have counted on NTFS security because:
1) I had it slaved in a FAT32 sys,
2) while many folders <like other profile folders> were accessible, the user-specific one was locked, then let me into *some* sub-folders after a few more AV and MWBytes scans, then let me into increasingly more subfolders, etc.
Two sig "hits" were Trojan.Downloader.Gen and Rootkit.TDSS, but others would also pop up with the addl scans.
The virus/issue may or may not be contributing to the drive failure; I have to run chkdsk /f sometimes to bring it back online.
I was able to pull the data and outlook.pst onto a usb drive, so I'm pretty happy about that.
My immediate next step has been to get up and running on a diff sys with the tranferred data.
My long term goal is to replace the hard drive (in case it really is physical in failure) and rebuild the op environment.

Industry note:
I didn't find any quick-and-easy fix from Symantec/Norton, McAfee, Kaspersky or similar/smaller. I ended up using tried-and-true hands-on experience, dogged focus as well as creative "what-if" thinking, and my new friend, Malwarebytes. I would definitely suggest having this in your toolbox. Oh, yeah, and bleepingcomputer.com!

TT
CosmicDog




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users