Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Total .EXE Infection


  • Please log in to reply
7 replies to this topic

#1 TheKeeper

TheKeeper

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 18 May 2010 - 11:13 AM

Okay I randomly had my whole computer infected with a giant virus and possibly more. The first thing that's going on is that I constantly have the demo version of this anti-virus software telling me im infected with 34 different viruses, but it won't do anything cuz its just a retarded demo. i have to like purchase the full version n stuff and im not doing that. I have McAffe, but thats like the first thing the virus(es) went after. Basically the huge thing is that NO .EXE files will open. Not just antivirus ones. Like even just games or animation or even notepad. I mean literally EVERYTHING. Now every five seconds a popup comes up telling me some random file will not open (like run3.dll or something like that) because it is infected. That same popup happens whenever I try to open any .EXE. When I restart the computer, I can open McAffe in the toolbar if I'm fast enough and I click it the second I see my desktop when I restart. But then I can just scan stuff and it won't find anything. Plus the whole time it keeps saying "mcfinder, or mcshell" won't open cuz its infected. I know those are mcAffe files cuz i can open the program files and see the files and stuff. But I'm assuming that McAffe is trying to detect or stop them but it won't do anything cuz it's uber infected. Now since every single .EXE file is infected on the whole computer, I don't know if every thing IS infected or is there just some root program that is infected that allows me to open everything else. I don't know.
Summary: -every .EXE file is pwned by infection and will not open at all
- i only have one full antivirus software: mcAffe which is infected too
- the only thing that seems uneffected is the antivirus software demo that can only scan unless i buy it
- I REALLY dont want to reformat. Please for the love of god help me. Thank you.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:21 PM

Posted 18 May 2010 - 02:11 PM

Hello, this sounds like it may be security Tool.
Let's see if we can make some headway with this.

Please follow our Removal Guide here Remove Security Tool and SecurityTool

You will move to the Automated Removal Instructions
Please follow ALL the steps.

After you completed that, post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 TheKeeper

TheKeeper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 18 May 2010 - 06:06 PM

Thanks boopme, I havn't followed the istrusctions yet, but I would also like to mention that I installed mbam on a USB from a different computer(im using a diff computer right now because my internet is blocked my message saying this site is harmful to your system...and its google.) and when I tried opening it immediatley, it said that was infected too and won't open. same popup message from everything else. Im just saying this before I try your method because every .EXE is affected no matter what. I don't know if that means I need to something else or what. I just REALLY REALLY don't want to format. But thank you so much for answering, I might try your security tool even though nothing opens. Oh thats another thing...my control panel won't open either. It says something else is infected too. This is really retarded. People are dicks, seriously.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:21 PM

Posted 18 May 2010 - 09:51 PM

Sorry for the delay.. Much of the ne malwares display thes fake warnings.. Ignore them .. Don't even close or click on them if possible and run the tools.

Live Security Suite has detected harmful software in your system. We strongly recommended you to register Live Security Suite to remove these threats immediately.

Spyware activity alert!
Spyware.BrowserDeath activity detected. This kind of spyware is attempts to steal passwords from Internet Explorer, Mozilla Firefox, Opera and other programs, including logins and passwords from online banking sessions, eBay, PayPal, etc.

Privacy Violation alert!
Live Security Suite (or another name)detected a Privacy Violation. A program is secretly sending your private data to an untrusted internet host. Click here to block this activity by removing the threat (Recommended).

System files modification alert!
Some critical system files of your computer were modified by malicious program. It may cause system instability and data loss. Click here to block unauthorized modification by removing threats (Recommended).

Intercepting programs that may compromise your privacy and harm your system have been detected on your PC. Click here to remove it immediately with Live Security Suite.

Your PC is still infected with dangerous viruses. It is strongly recommended to activate antivirus protection to prevent data loss and to avoid the theft of your credit card details. Click here to activate protection.

Tracking cookies that steal your passwords, accounts and credit card information have been detected in your system. Click here to remove them immediately with Live Security Suite.

Malicious spyware that can harm your system has been detected on your PC. Click here to remove this riskware immediately with Live Security Suite.

Self restoring Trojan


Just like the fake scan results, all of these security warnings are fake and are being show to scare you into purchasing the program.

Note steps 2 and 111 in the Guide I posted.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 TheKeeper

TheKeeper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 19 May 2010 - 10:41 AM

Okay I should prally read what you give me and follow through with stuff before I make another stupid comment. I did try the method yesterday, but it didn't work. Yet I think I had different files or something so I will try again. Though I would like to say that when I ran the rkill, it didn't do anything except be a blank screen for a couple seconds and go away. Which I am assuming was what it was supposed to do. I let the warning message stay up so it could bypass the malware and all that too BTW. Yet when I tried to go onto the next step, the malware was still there...like no change.
But I'll just listen to you and try the instructions again with the most likley correct files and I'll tell you if it still doesn't work. I would also like to say that I sincerly thank you for helping me with this.

Edited by TheKeeper, 19 May 2010 - 10:42 AM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:21 PM

Posted 19 May 2010 - 10:46 AM

This is a tough one to remove.. if things still won;t work then we should try with DDS.

We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 TheKeeper

TheKeeper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 20 May 2010 - 10:50 AM

It's OK I got it. It's gone now. I opened up rkill right when my comp's desktop showed up before the malware had a chance to boot up. It worked like it was supposed to, and I was able to install malware and remove the damn thing. 41 infections. Uh, I'll post the scan results next time, I don't have them on me right now. But thanks so much for helping me boopme, you rock. I'll post them next reply if you need them.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:21 PM

Posted 20 May 2010 - 11:01 AM

Great !! Yes please post it.. As misery loves company also ...
Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users