Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MAJOR malware/trojan attack, really in need of help


  • Please log in to reply
1 reply to this topic

#1 theycallme_drifter

theycallme_drifter

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 03 April 2010 - 06:44 PM

Ok, first off I just wanted to say hi, im new to the forums. I've been directed to go here by a couple of friends who said that this is the place to get help for an issue like this one.

It started yesterday, I got home from work and I was looking at all my daily blogs, when I got with with 3 (yes, THREE) different false-alert viruses or trojans or whatever. Having gone through this not but a month ago (different site), I shut off my PC and restarted in safe mode. Ran rkill and did a full virus scan using both malwarebytes and my McAfee virus software which was just purchased 2 months ago. Both programs turned up a number of contaminated files, all of which I deleted.

But thats where everything took a turn for the worse. I restarted my computer, logged into my account, and everything was going normal. Then it just kind of stopped and froze, nothing would happen but I could still move the mouse. I restarted again, but I walked away for a little bit. When I came back and tried to log in, it had froze on the welcome screen and this time the mouse would not move.

So I restarted again in "Safe Mode" and everything booted up like normal, but I got a message from McAfee that my computer was not protected. EVERYTHING in McAfee is deactivated, and when I click on "fix problems," all it says is that "one or more problems could not be repaired" and nothing would turn back on.

I tried to use system restore, but I got a message stating that it had been disabled by my network admin (this is the only computer on the network, and I am the admin). I tried everything I could, but I could not get it to run.

I researched the problem, and was told that the malware may have blocked it from being used in my registry. I attempted to follow the instructions I found, only to find out that my registry has also been locked out. When I try to run regedit, an error messages comes up saying that "Registry editing has been disabled by your computer administrator."

Again, I researched this problem and found a way around it using a freeware Registry editor. Following even more instructions I found, I used the registry editor to delete the "disableregistrytools" file that was found in HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\System, but as soon as I would delete the file, it would reappear. Finally, I figured out of I deleted the file and ran regedit.exe right after I delete the file, the registry editor would start. But as soon as I closed it again, it would come up with an error message. (I also tried changing the value to 0, again with no luck).

Looking for more information, I was also told there was a file that would keep the System Restore from running. Digging into the registry (again, using the freeware registry explorer), I found the DisableSR file I was told of. First, I tried to delete the file. Again, it came back as soon as I deleted it. I then tried to change the value to 0, and again, no luck.

Back to more research. I found a forum with a person who was having the exact same problem I was. His problem was fixed by using a file called "regtools.vbs" I downloaded the file, but when I opened it, it came up as a text document and did nothing. I tried the other file recommended called Fixswen, and again it just came up as a text document and did nothing. I found out that Fixswen is part of a program from McAfee called "Stinger." I downloaded and ran the program as instructed in the user guide. It came up with multiple files which it then deleted. But right after it would hit all those files, it would shut down. It does the same thing every time I try to run it. But every time I run it, it starts at a different spot, and it comes up with different files.

So now im at the end of my rope here. I've done all that I could find, and nothing has worked yet. I'm not a computer expert, but I dont have the money to take it to get it repaired by a professional. System is completely stable and running normally in safe mode right now, minus the lack of virus protection and all the things being locked.

I would REALLY prefer not to reformat my computer (as recommended on another forum) as I have numerous pictures and files on here that are not replaceable, and that I cant move onto a CD or my USB harddrive (none of my USB accessories are functioning. Anytime I plug something in, it just says that the hardware has not been installed properly and my not function, and thats it).

I'm running windows XP Home Edition SP3. Computer is a custom made Dell, bought off of craigslist (so no factory support). I have a Dell OS install CD from my last computer, which I have used to reformat this computer in the past.

Any help would be greatly appreciated. I wouldnt even know how to thank you if we can get this fixed. I will try anything recommended, and I will post any other details you need (well, if you can tell me how to get the details if I dont know how).

Thanks to anyone that responds.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:18 PM

Posted 04 April 2010 - 12:51 AM

I would like to get a DDS log to post. If you can do this.
We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9 and not here,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.


If not try this then DDS. Avira AntiVir Rescue System
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users