Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


REALLY URGENT - Rootkit/malware infection on my (only) computer that I've doing my homework... PLEASE HELP

  • This topic is locked This topic is locked
2 replies to this topic

#1 darkred


  • Members
  • 6 posts
  • Local time:09:05 AM

Posted 13 April 2010 - 09:29 PM

I;m really sorry for this but I'm facing a HUGE problem this time:
my computer got infected a few hours ago by some kind of rootkit/malware
and the problem is that I can't do my homework for the university that I'm attending lessons (and it's deadline is on Sunday)
and I don't have any other pc to work with..... sad.gif sad.gif
So, for the love of God PLEASE HELP ME.....

I've got XP SP3 fully updated.
I've experiencing random/continous hanging on almost all programs ,
rightclicking on any file takes about 10 sec to show
or sometimes there's even an empty menu...
and when starting programs (even. a command prompt or notepad), it takes 3-5 sec to start...

I tried to run dds.scr but it goes on showing :::::: but never ending...
I also tried Combofix (downloading and saving it as comfix.exe)
and it finds these three files
in C:\DOCUME~1\user\LOCALS~1\temp
(dir from a command prompt)

14/04/2010 04:25 200.704 bytes 78296E40.nbp
14/04/2010 04:25 337.408 bytes 78296E41.nbp
14/04/2010 04:25 160.768 bytes 78296E42.nbp
tries to delete them,
but stays forever in 'Don't start any program until combofix log is created' stage
so the log is never created.

If I rightclick on each of these files I get these descriptions on the Version tab:

1st file 78296E40.nbp (196 kb): Editor de código HTML para Windows 32bits
2nd file 78296E41.nbp (330 kb): Editor de código HTML para Windows 32bits
3rd file 78296E432.nbp (157 KB): rlFunctions Plug-In for NeoBook for Windows

I can't delete these files even with Unlocker.
I can howver delete them when in safe mode
BUT when I reboot again normally these 3 files get recreated with some similar naming/numbering and always having the .nbp extension////
It's obvious that I've got malware

I alslo tried to run gmer but it hangs showing just a white empty window without even title...

What I can only show is a log from Hijackthis 2.03 beta
and an Autoruns log.
(I've also ran Unhackme, Malwarebytes Anti-Malware, Superantispyware & scanning with Kaspersky internet security 2010 but they find notthing.... )

Please help me - I'm desperate.....

PS. I've tried running OTC to cleanup Combofix, rebooting and running it again up to 5 times already,
but it always only finds these 3 files above, and can't really delete them...

Attached Files

Edited by darkred, 14 April 2010 - 02:06 AM.

BC AdBot (Login to Remove)


#2 darkred

  • Topic Starter

  • Members
  • 6 posts
  • Local time:09:05 AM

Posted 14 April 2010 - 04:06 AM

Luckily I tried countless things and I managed to remove whatever was doing this,
but can't be precise of what exactlly was.

Oh, and I noticed with the search function of Process Explorer
that these 3 files above where created upon each load of this file NumCapsScroll Indicator 7.0
so I can't explain it - maybe these files had nothing to do with my problem...

Anyway, case closed thumbup.gif

Edited by darkred, 14 April 2010 - 04:13 AM.

#3 teacup61


    Bleepin' Texan!

  • Malware Response Team
  • 17,075 posts
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:05 AM

Posted 16 April 2010 - 10:59 AM

Thanks for letting us know. smile.gif

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image

Error reading poptart in Drive A: Delete kids y/n?

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users