Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Assistant Virus or something else? Stuck!!!


  • This topic is locked This topic is locked
3 replies to this topic

#1 weaselmtl

weaselmtl

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 14 February 2010 - 09:14 PM

Hi,

This forum is great and I have used many of the suggestions prior to posting. I had (or may still have) the Help Assistant virus. I ran mbr.exe -f as well as fixmbr from the Windows XP recovery console. I deleted the Help Assistant account and I am confident that the duplication of my files into the Help Assistant user folder is no longer occurring.

What I am concerned about though is the results the mbr.exe command provide:
device: opened successfully
user: MBR read successfully
user & kernel MBR OK
malicious code @ sector 0x012A18713 !
PE file found in sector at 0x012A18729 !

This indicates to me that my MBR is ok, but there is still something malicious going on. Is my interpretation correct? What can I do to remove the malicious leftovers? Malwarebytes and NAV detect nothing.

Many thanks!

Edited by Orange Blossom, 14 February 2010 - 09:30 PM.
Move to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,491 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:48 PM

Posted 14 February 2010 - 10:50 PM

Hello looks like there is rootkit activity.. This needs to be removed safely with supervision.

You will need to Download and Run DDS which will create a Pseudo HJT Report as part of its log..
If for some reason you cannot perform a step, move on to the next.
Please follow this guide. go and do steps 6 thru 8 ,, Preparation Guide For Use Before Using Hijackthis. Then go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post that complete log. Also include a copy of your post here.

Let me know if it went OK.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 weaselmtl

weaselmtl
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 15 February 2010 - 02:48 PM

Thank you.

I have followed the instructions and posted a message in the section you indicated. See here - http://www.bleepingcomputer.com/forums/t/296007/help-assistant-virus-rootkit-activity/

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,491 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:48 PM

Posted 15 February 2010 - 04:46 PM

OK,good post. It may be a couple of days as we are backlogged,but you willl be answered.
Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users