Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

major infection problem, being blocked from everything


  • This topic is locked This topic is locked
3 replies to this topic

#1 ZT-repairseek

ZT-repairseek

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 17 March 2010 - 12:41 AM

my mother's laptop has been infected by a rogue/malware monstrocity that's systematically preventing anything from being done about it.
although I haven't gotten to trying safemode, I'm not feeling too hopeful here. the geniuses at HP didn't provide an OS disc to reinitialize things, either and I don't have a vista disc to reinstall that on it... I'm trying to keep it quarantined, it's disconnected from the household network, but I'm paranoid about bringing a flashdrive near it even, since who knows what this villainous infection might do. it kept running a fake windows security center and it's own "AVE.EXE" program, and systematically moved to prevent me from running anything to fight it off. is this sounding like a lost fight which requires taking it into a shop instead of trying to fix it myself? >.< suggestions appreciated greatly.

update: safemode's not helping either. while fewer things are denying me, important stuff is still going "that doesn't exist" and "what do I open this with?" at me.
(clarification: if I try to run various things through the "run" box, I get the "file doesn't exist" errors, while trying to run the same things after going to them in windows explorer recieves the "what do I use to open this?" type stuff.

update2: wonder of wonders, system restore from outside the normal kernel worked. of course, now I've found there's some trojan.hiloti lurking in there. currently siccing MBAM and Avast on it, with a side of SuperAntispyware, but if it doesn't go away from that, there will be HJT logs and such in the appropriate forum.

Edited by ZT-repairseek, 17 March 2010 - 04:00 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:03 AM

Posted 17 March 2010 - 07:31 AM

Scanning with Malwarebytes Anti-Malware in safe or normal mode will work but removal functions are not as powerful in safe mode. Why? MBAM is designed to be at full power when malware is running so safe mode is not necessary when using it. In fact, MBAM loses some effectiveness for detection & removal when used in safe mode because the program includes a special driver which does not work in safe mode. Further, scanning in safe mode prevents some types of malware from running so it may be missed during the detection process. Additionally, there are various types of malware infections which target the safeboot keyset so booting into safe mode is not always possible. For optimal removal, normal mode is recommended so it does not limit the abilities of MBAM. Doing a safe mode scan should only be done when a regular mode scan fails or you cannot boot up normally. If that is the case, after completing a safe mode scan, reboot normally and try rescanning again.

Some types of malware will target Malwarebytes Anti-Malware and other security tools to keep them from running properly. If that's the case, please refer to the suggestions provided in For those having trouble running Malwarebytes Anti-Malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 ZT-repairseek

ZT-repairseek
  • Topic Starter

  • Members
  • 177 posts
  • OFFLINE
  •  
  • Local time:09:03 AM

Posted 17 March 2010 - 12:00 PM

it was fairly moot wether safemode was used or not; the malware had the same impact in either mode. it becomes clear to me that safe mode is no longer helpful in fighting malware, if it's being gotten around like that. regardless, I am perfectly aware that most of the favorite tools around here have become designed to work from normal mode.

at any rate, things -look- more or less cleared, but I'm going to post the usual pile of logs in the appropriate section anyway. there may be things I'm not seeing.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:03 AM

Posted 17 March 2010 - 12:36 PM

Safe Mode is a troubleshooting mode designed to start Windows with minimal drivers and running processes to diagnose problems with your computer. This means some of the programs that normally run when Windows starts will not run.

Why use safe mode? The Windows operating system protects files when they are being accessed by an application or a program. Malware writers create programs that can insert itself and hide in these protected areas when the files are being used. Using "Safe Mode" reduces the number of modules requesting files to only essentials which make your computer functional. This in turn reduces the number of hiding places for malware, making it easier to find and delete the offending files when performing scans with anti-virus and anti-malware tools. In most cases, performing your scans in safe mode speeds up the scanning process.

Why not use safe mode? An exception are anti-rootkit scanners (ARKs) and similar tools that use special drivers required for the scanning and removal process. These tools are designed to work in normal mode because the drivers will not load in safe mode which lessens the scan's effectiveness. Further, scanning in safe mode prevents some types of malware from running so it may be missed during the detection process. Additionally, there are various types of malware infections which target the safeboot keyset so booting into safe mode is not always possible.

Note: If the malware is not related to a running process (i.e. malicious .dll) it probably will not make a difference performing a scan in normal or safe mode. If the scanner you're using does not include definitions for the malware, then they may not detect or remove it regardless of what mode is used.

Your log is posted here.

Now that your log is posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Response Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Response Team should be the only members that you take advice from, until they have verified your log as clean.

To avoid confusion, I am closing this topic until you are cleared by the Malware Response Team. If you still need assistance after your log has been reviewed and you have been cleared, please PM me or another moderator and we will re-open this topic.

Good luck with your log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users