Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP x64 virus Win32\GEN


  • Please log in to reply
2 replies to this topic

#1 BM260

BM260

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 11 May 2010 - 12:33 AM

I seem to have found the answer to the problem i have been having for a Long time
My system stated to do strange things and the more i searched the more i discovered
The list of "Symptoms" are long,First i started to notice that When i closed a Window on my desktop,it was because i was going to open anther folder and my cursor would leave in its "Trail", a Small white box with the word Closed in it
I had "Duplicate" icons for programs in my Quick Launch
I had "Security" settings for folders in their Properties, WordPad docs that i had written,that could not be deleted
The "Securty" tab reveled 5 different users that had full rights that could Not be Taken away,and couldn't be deleted

Some of the usual Monitoring software i use (Coretemp,Evga Precision) Would fail to run at Startup,citing a "corruption" with a .DLL
I would re-install one program,and another program would do the same
I had TWO links to Firefox,i never put the second,so i deleted one ,The One marked Firefox (2),and i could not get on the internet after that
There was NO USER logged on to the Computer according to TASK MANAGER,and the ,refresh did nothing,No LOG OUT option either
I created another account THEN THERE WAS NO ADMINISTRATOR account,the new account could not be seen either
Control Panel Icon's did nothing when clicked on, No ICONS for Network and Internet connections
HiJackThis picked nothing up
Malwarebytes found nothing
Avast found nothing, until i opened up the "System Volume Information" folder in C:\
Three files were found and deleted,the only File with a name was USER32.exe,The other TWO were .DLL's A0000 somthing
When they were deleted,other folders with Files inside appeared in C:\
The RE-FORMATTING began,total 7 times on two different machines,the reason,? I used a Portable hard drive to transfer drivers and programs to each of the Computers,(later i found out it too was infected)But still no luck they still had multiple symptoms
I used a 3rd PC w XP x86 to use on the infected HDD's and it too became infected
I then found that the Vius\Worm was also in the "Recycle Bin" folder that is only visiable when you uncheck Hidden folder options in The" folder option\View",and then they were only visible in File Assassin, so
I took HD (A) and set it as a slave in PC B, and ran a 2 Pass episode with [COPYWIPE]
So far that seems to have been the solution,My latest install of XP x64 is stable and no sign of the Strange behavior or(Files\Folders)"magically appearing", and as soon as i get some more time, i am going to run the "Procedure" on the other two computers
Malwarebyte's FILE ASSASSIN was the only thing to actually see and delete the files in System Volume Information and Recycle Bin,but by then it was too late to save most of the files and programs that were destroyed,and probably there were other files\Folders that remained
At one point GMER identified a ROOTKIT\MALWARE But i could only see 1 .dll in the folder it guided me too,but GMER said there were two so I deleted it with File Assassin as windows would not delete it(being used by another Person\Program and the PC Did not boot after that.
Does anyone know if Windows actually Deletes an Existing [SYSTEM VOLUME INFORMATION\ RECYCLE BIN Folder on a Fresh Install??
seems to me it doesn't, I had "Settings" on certain programs that were not "Default" settings on FireFox after a Fresh Install

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:23 PM

Posted 11 May 2010 - 08:07 AM

<<Does anyone know if Windows actually Deletes an Existing [SYSTEM VOLUME INFORMATION\ RECYCLE BIN Folder on a Fresh Install??>>

Fresh install? If you mean "clean install" whereby existing partitions are deleted and a format ensues before XP is installed...the answer is "yes."

XP Clean Install, Stevens - http://www.michaelstevenstech.com/cleanxpinstall.html

Louis

#3 Chris PCS

Chris PCS

  • Banned
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:53 AM

Posted 14 May 2010 - 11:26 AM

Hi BM260,


I would suggest you to install Avast home freeware and also try Malware Bytes also. also run boot time scan thru Avast home.

Regards
Chris :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users