Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Stubborn virus activity


  • Please log in to reply
2 replies to this topic

#1 apriljapan

apriljapan

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 05 March 2010 - 07:03 PM

hi there,

i'm running windows XP home and ran into some trouble last night. avira suddenly announced i had some trojans, so i ran malwarebytes and it detected a bunch of rootkit nasties + more. so i cleaned them out and rebooted. but the computer ran very slowly and still had obvious problems and could not run malwarebytes again. i ran combofix and that didn't seem to do the trick either. my alarm bells started to ring when i began to get stop error screens, "DRIVER_IRQL_NOT_LESS_OR_EQUAL," when trying to run malwarebytes or open any combination of programs. freezes, crashes, etc.

so i tried a system restore and that seems to have fixed the blue screen of death problems and some of the performance issues. some programs are still running a bit slow and tentative - i'm running a malwarebytes full scan now and it has taken over 2 hrs to scan 55,000 files (no infections found yet) - but other programs seem to work fine.

however, my firefox and IE have been totally disabled. double clicking them from the desktop does nothing, no windows open. my connection is ok because i'm able to access email from outlook express just fine.

i followed the advice of another thread here and ran rkill.com, but it didn't report finding anything to terminate and firefox and IE still do not open (i haven't rebooted yet though, is that necesary?)

i don't see anything out of the ordinary running in my task manager, and nothing that doesn't seem to belong in my msconfig startups.

i did find a string of entries called "services" in my windows firewall list of exceptions that i'm almost certain don't belong. i uncheck them and delete the entries, but they always return on reboot.

still running this very slow malwarebytes scan which may take all day..... but please let me know what else i should be trying! thanks!


UPDATE: after several hours, the MBAM full scan did not finish, i got an abrupt blue screen of death, the same as before: "DRIVER_IRQL_NOT_LESS_OR_EQUAL." MBAM had until then found no infections. on reboot, the computer would not start: i got an hourglass on the screen with green bars animating behind it, sort of like in "the matrix." :thumbsup:

UPDATE: in safe mode, MBAM and superantispyware scan totally clean. i downloaded and ran "unhackme," which said it located and removed a rootkit on startup. but i am still having problems. IE and firefox still will not open. a series of "services" still appears in my windows firewall list of exceptions every time i reboot even after deleting them all. the computer's hard drive light flashes at all times, whether or not i am doing anything.

UPDATE: according to the BSOD's, the driver causing problems was NDSIS.SYS. so i replaced the windows32 version one with the one in my service pack files. but still have problems. still no IE or firefox, same issues as before. following instructions from other threads again, i ran combofix again, which detected an MBR rootkit. i ran "MBR.exe -f" as instructed but it did not appear to solve anything after rebooting. then, running GMER, the computer abruptly reset itself. i'm kind of at my limit here now, please can anyone help???

Edited by apriljapan, 06 March 2010 - 05:29 AM.


BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:20 AM

Posted 06 March 2010 - 03:04 PM

Hi,

With the information you have provided I believe that you will need help from the malware removal team. I would like you to start a new thread HERE and include a link to this thread. Please make sure that you read the information about getting started before you start your thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. Help is on the way!

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 apriljapan

apriljapan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 06 March 2010 - 09:10 PM

Thanks, I just opened the new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users