Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another Rogue..Where to Begin!?


  • Please log in to reply
4 replies to this topic

#1 sk37ch

sk37ch

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 11 February 2010 - 07:44 PM

Well in a nutshell I was browsing some gaming sites and now I'm infected with a rogue virus. This thing is a nightmare!

I cannot boot into safe mode or else I get a blue screen. I cannot access Regedit or Task Manager. I cannot update definitions on a Spyware Doctor download or else I get a blue screen. When I run Norton it says it has dealt with the virus, I am then able to access Regedit, still not Task Manager, but somehow I am still infected. If I reboot my machine the virus is still present.

I do not even know where to begin. Should I just head over to the log section and post a HJT log? I'm in some need of help.

Thanks

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:07 PM

Posted 11 February 2010 - 10:32 PM

Hello, does this Rogue have a Name? Is it asking you to by a product? If so which?
What operating system is running and which Antvirus?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 sk37ch

sk37ch
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 12 February 2010 - 12:12 PM

My computer boots and I get a popup that reads I have been infected with Worm.Win32.NetSky

My Norton says it is called CoreGuardAntivirus2009. It changed my wallpaper, has popups appear on the tray saying I have a virus, disabled my Task manager & Regedit. I am running Windows XP & am using Norton AV.

When I boot in Safe Mode I get a blue screen that reads...

PAGE FAULT IN NONPAGED AREA 0x00000050 (0xFFFFFFFF, 0x00000000, 0x8050194C, 0x00000000)

When I try to update my AV I get a blue screen that reads...

STOP 0x0000008E (0xC0000005, 0x84E1938C, 0x9CD89B58, 0x00000000)


UPDATE:

I ran SAS and cleaned what it found. Then, I Malwarebytes and cleaned what it found. I can now access Regedit & Task Manager find. I am still unable to boot into safe mode. I also am having problems printing. This lead me to assume my printer drivers were corrupted. I went to Device Manager and I got the following error...

mmc.exe - Entry Point Not Found

The procedure entry point ?PickIconDlg@@YGHPAUHWND__@@PAGIPAH@Z could not be located in the dynamic link library mmcbase.DLL.

I am guessing somehow this became corrupted during the removal process? This is rapidly becoming a huge headache. I'm on a network and I'm afraid I might infect the other computers. Heck..I'm even afraid to open my Outlook. Need help ASAP please. Thanks

Edited by sk37ch, 12 February 2010 - 01:25 PM.


#4 sk37ch

sk37ch
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 16 February 2010 - 08:11 AM

Any help?!

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:07 PM

Posted 16 February 2010 - 12:43 PM

Hello, please follow the instructions in the BC guide Remove Internet Security 2010 (Uninstall Guide)

When completed post the scan log and yell me how it's running.

The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users