Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus XP 2010


  • This topic is locked This topic is locked
14 replies to this topic

#1 MsJackie

MsJackie

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 12 February 2010 - 05:11 PM

Hello

I'm really hoping you can help as I'm going out of my mind with panic and fury. For the past couple of days, my laptop has been infected with the 'Antivirus XP 2010'. I have Norton Internet Security which claims to pick up these things but somehow this got thru. I am reeeeeally not techie in any way so for me this is all very much wading thru treacle! Today I followed your 'Automated Removal Instructions for Security Antivirus using MBAM'. I downloaded the rkill which seemed to do the first part of the job - anytime I run it, any virus pop-ups on the screen at the time immediately disappear. When I try to run MBAM though, the virus scanning screens pop up in its place (so it seems to attach itself to the MBAM?) telling me that IT is running a scan to clear my computer out, so clearly the rkill isn't getting it out completely.

I'm really worried as I'm one of those people techies roll their eyes about: never ever printed off or saved any of my documents (inc ALL the photos I've ever taken with my digi cam) anywhere other than in My Documents. Needless to say, once I'm out of this madness I'm off to buy a separate hard drive.

Can anyone help... PLEASE!!!!

Thanks

Jackie

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:35 PM

Posted 12 February 2010 - 05:24 PM

Hello! smile.gif
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT




  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.



=============

The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 MsJackie

MsJackie
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 12 February 2010 - 06:45 PM

Hi Sam!

Thanks for your quick response. I'm soooo hoping you are able to help.

That said, not a good start so far, unfortunately. Did as you said and the thing looked as if it was about to run, but it immediately crashed. Tried it 3 times and it crashed each time (ie, started running the thing, then came up with 'Not responding' and then just crashed). Panicking even more now...

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:35 PM

Posted 14 February 2010 - 08:22 AM

Are you able to start your computer in safe mode?
http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

If so, try running OTL from there.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 MsJackie

MsJackie
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 15 February 2010 - 12:21 PM

Thanks for that Sam. I'll definitely give that a go and will let you know how I get on. This is probably a dunce question (I already said I wasn't techie-minded!), but what's OTL?





#6 MsJackie

MsJackie
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 15 February 2010 - 12:41 PM

Durrrrrr - just saw what OTL was! Ignore me - too much going on at once!

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:35 PM

Posted 15 February 2010 - 04:46 PM

I understand. smile.gif

Any luck running it in safe mode?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 MsJackie

MsJackie
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 15 February 2010 - 06:50 PM

Hi Sam

Now on mobile as laptop barely functioning now. Tried safe mode as you suggested. Started ok - but couldnt paste list into OTL. Barred from that for some reason - wouldnt let me copy, paste or print. After a while of trying stopped recognising the progtammes OTL, GMER and even the desktop link to my BT broadband service - hence my now contacting you via my phone. Also tried downloading info to my key. Started ok - ran Gmer file and started showing huge list of stuff. All of a sudden it crashed and when i tried it again later nothing on the key would open.

I'm going out of my mind with worry about whats happening to my pc and in partic my doc. I have a huge file of photos I'm particularly worried about - is there anything I can do in the meantime to get them out safely? My heart would truly break if I lost them all. Aside from that, is there anything else you think I could try for getting this thing out of my pc?

#9 MsJackie

MsJackie
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 15 February 2010 - 06:58 PM

I should also mention that i tried a file i have on my desktop called rkill - can't remember if I got it from bleeping comps. When I first got the virus and i ran rkill it would show all the things it had killed. Now my pc's worse than ever yet when I run rkill now it doesn't find anything.

Thx

Jackie

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:35 PM

Posted 16 February 2010 - 10:32 AM

Ok, let's cover a few things. First, do you have OTL saved onto your desktop? If not, make sure you move it to your desktop.
Then open the program, don't paste anything into the custom scan box this time. Just leave it empty. Click Quick Scan and see if it creates a log.

If it still doesn't work for you, let's try something else.


Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • A second report, Attach.txt will open next.
  • Save both reports to your desktop.

Please copy and paste both logs into your next reply.


Don't try to run Gmer again.



Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 MsJackie

MsJackie
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 16 February 2010 - 06:30 PM

God you'e like some sort of guardian angel to me at the minute. Ok i'm gonna try these things and i'll let you know how I get on......

Btw, can't even get onto i/net from pc asof last night so i'll have to save onto another key tomorrow and try to attack from there.

#12 MsJackie

MsJackie
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 16 February 2010 - 06:35 PM

Quick thing: how do I disable script as you've advised?

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:35 PM

Posted 17 February 2010 - 11:50 AM

That would be your antivirus program. Here's some info that you can reference if you need to.
http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 MsJackie

MsJackie
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:01:35 PM

Posted 21 February 2010 - 08:27 PM

Hi Sam

Sorry for the lack of communication. Both laptop and mobile out - fortunately the mobile's problems weren't viral.

Re the laptop, in the end nothig at all would work so all my dox were saved and the OS reinstalled. This has actually thrown up new problems, but at least no virus...

I am extremely grateful for all your support and patience though.
Many thanks

Jackie

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:35 PM

Posted 22 February 2010 - 08:32 AM

Thank you for following up with me. smile.gif


Now that your malware problem appears to be resolved, this topic will be closed.
If you need this topic reopened, please contact a member of the Malware Response Team and we will reopen it for you.
Include the address of this topic in your request.


Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users