Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Freezes at Startup; Stubborn Viruses


  • Please log in to reply
4 replies to this topic

#1 sidorak95

sidorak95

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 AM

Posted 26 February 2010 - 10:30 PM

I installed Superantispyware free, Ad-Aware free, and Comodo firewall free yesterday. When I booted up my computer today, it froze almost immediately at startup. I restarted it, and it froze again. After it froze for the 4th or 5th time, i started in safe mode and scanned with Malwarebytes. It detected one thing, and removed it. I restarted again, still no go. I removed Comodo and Ad-aware, but it still froze. I couldn't uninstall Superantispyware because the uninstaller wouldn't run in safe mode. I like to think of myself of quite advanced at computers, but this is driving me nuts. I tried system restore, nothing happened. I've restarted this computer around 30-40 times by now. I tried last working configuration, and it worked! I immediately uninstalled, Superantispyware, and I don't know if it worked because I'm afraid the last known good configuration won't work next time. Does anyone know how I can fix this? thanks. I do remember Windows automatically installed some updates the day before I installed Comodo, etc..

Here's the log:
Malwarebytes' Anti-Malware 1.44
Database version: 3695
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

2/26/2010 8:05:15 PM
mbam-log-2010-02-26 (20-05-15).txt

Scan type: Quick Scan
Objects scanned: 115609
Time elapsed: 1 hour(s), 19 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I know it's outdated, so I'm updating it and running another scan right now.

BC AdBot (Login to Remove)

 


#2 sidorak95

sidorak95
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 AM

Posted 27 February 2010 - 07:24 PM

Recently, my computer refused to start up, so I scanned a full scan w/ Malwarebytes. It detected:
Trojan.Fakealert x5
Trojan.Patched x2
Trojan.Downloader x2
Worm.Piloyd

The locations were:
C:\WINDOWS\system32\termsrv.dll
C:\WINDOWS\system32\setup.bmp
C:\WINDOWS\system32\appmgmts.dll
C:\WINDOWS\system32\d3dramp.dll
C:\WINDOWS\system32\xmlprov.dll
C:\WINDOWS\system32\sfcfiles.dll

Unfortunately, it froze while removing them, so they weren't removed and I have no logs. I ran another full scan, this was the log. Rockxp is just a keyfinder.
Malwarebytes' Anti-Malware 1.44
Database version: 3799
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/27/2010 1:53:12 PM
mbam-log-2010-02-27 (13-53-12).txt

Scan type: Full Scan (C:\|)
Objects scanned: 252982
Time elapsed: 1 hour(s), 24 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Allen\My Documents\FDrive Backup\Tools\RockXP.exe (Hacktool.PasswordDump) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0AB0C6F8-9532-488D-A605-FF6B2CF827B6}\RP232\A0161872.dll (Adware.NetPumper) -> Quarantined and deleted successfully.

It didn't find the earlier listed malware, so I ran it again. This time it detected 6 pieces of malware, but I couldn't tell what they were because Windows glitched up, and half the text on the screen went away. I did note the locations however, which were:
C:\WINDOWS\system32\setup.bmp
C:\WINDOWS\system32\appmgmts.dll
C:\WINDOWS\system32\dllcache\beep.sys
C:\WINDOWS\system32\drivers\beep.sys
C:\WINDOWS\system32\d3dramp.dll
C:\WINDOWS\system32\sfcfiles.dll

Again, it froze while removing them.
I ran the avast cleaner, nothing was detected.
2/27/2010, 4:32:19
Memory scanning started...
No virus body found in memory.
Memory scanning finished (3.8s).


----------
Files scanning started...
C:\Documents and Settings\All Users\Application Data\Adobe\Photoshop Elements\7.0\Slideshow Graphics\scrapbook\stamp_scrapbook_tag001.png... file could not be scanned!
C:\Documents and Settings\All Users\Application Data\Adobe\Photoshop Elements\7.0\Slideshow Graphics\scrapbook\stamp_scrapbook_tag002.png... file could not be scanned!
C:\Documents and Settings\All Users\Application Data\Adobe\Photoshop Elements\7.0\Slideshow Graphics\scrapbook\stamp_scrapbook_tag003.png... file could not be scanned!
C:\Documents and Settings\All Users\Application Data\Adobe\Photoshop Elements\7.0\Slideshow Graphics\scrapbook\stamp_scrapbook_tag004.png... file could not be scanned!
C:\WINDOWS\system32\CatRoot2\edb.log... file could not be scanned!
C:\WINDOWS\system32\CatRoot2\tmp.edb... file could not be scanned!
No virus body found.
Files scanning finished (131846 files, 0 infected, 3461.0s).
Drives scanned: C:
----------

When I did get it to boot up in normal mode once, it worked for around 20 minutes, then explorer.exe went away, the text glitch occurred, and the following popped up.
The application(explorer.exe) failed to initialize properly. Click OK to terminate the process.
I did open task manager quickly when Windows booted up, and services.exe caught my eye. The CPU was 75. and it was using 478,060k memory. It slowly went down.

Any tips?

#3 sidorak95

sidorak95
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 AM

Posted 02 March 2010 - 07:23 PM

Sorry to bump this, but it's been around 4 days and no answer yet.

#4 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 02 March 2010 - 08:31 PM

Hello :thumbsup:

Just to let you know, this site has a rule:
only trained members of the following groups: Malware Response Team, Malware Study Hall Senior, Moderators or Administrators are allowed to help people with logs.
source: http://www.bleepingcomputer.com/forums/t/126946/a-reminder-to-our-members-regarding-malware-logs/

Do be patient, because the official staff members have lots of people to help.
When a topic has many replies, it looks like someone is already helping you.
If we don't change the direction we are going,
We are likely to end up where we are headed.

#5 sidorak95

sidorak95
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 AM

Posted 05 March 2010 - 08:01 PM

Update:
I did a Hijackthis scan, and everything seemed fine apart from one entry:
O20 - AppInit_DLLs:
Could this be related? I ran a quick scan w/ Malwarebytes, nothing came up.
EDIT: Screenshot
Posted Image

Edited by sidorak95, 05 March 2010 - 08:08 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users