Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake virus scanner infection;


  • This topic is locked This topic is locked
14 replies to this topic

#1 J2FcM

J2FcM

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 20 July 2010 - 04:22 PM

Hello,

I'll keep this simple,
after doing nothing specific or unusual last Saturday, I ended up with one of those pop up "youre infected must scan now!" PC Defender type viruses (I dont remember exact name)... VERY soon after, almost all programs ceased to work, giving me some bizzare error message.

I restart in safe mode, and run RKILL, then Malware; found 11 infections, removed them... figured ok, prolly not clean YET, but at least the computers workin.
Started playin on STEAM, and my friend said that my Ventrilo kept cutting out... so I try to restart...

Restart offers me the typical black screen "Start in Safe Mode", etc... etc... If I try that the screen fills up about 3/4 with system 32 files loading and freezes... if I start in Normal mode, or last known config, it just freezes.

Bios shows all 3 harddrives are there.
Booting with Windows CD didnt seem to work thus far (this is XP).

As of now, I'm very worried about losing the info on my HDs...specifically the HD with my OS... for it contains a lot of pictures that I have yet to back up...

Any advice on obtaining the files or what I could do to boot and scan\start removing infections?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:17 AM

Posted 20 July 2010 - 11:19 PM

I will ask for help on this.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:17 AM

Posted 20 July 2010 - 11:48 PM

Hi, J2FcM smile.gif

welcome.gif

Lets try working in the computer from an external source.

1. Download the Ultimate Boot CD for Windows

Follow the instructions in the following link to create a UBCD4WIN Recovery CD and let me know it successful.

http://www.ubcd4win.com/howto.htm

In order to boot from the CD, make sure the boot order is set to the CD_ROM first

I will provide you with further instructions once you are able to boot the computer with the Recovery CD.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:17 AM

Posted 21 July 2010 - 12:12 AM

Hello, I have moved this to Virus, Trojan, Spyware, and Malware Removal Logs where it will be completed.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 J2FcM

J2FcM
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 22 July 2010 - 01:16 PM

oye,

the builder when I attempt to start says

"Sorry, program requires administrator privelages"

Also, Im doin all this on Windows 7, for WinXP on my desktop. if that matters....

#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:17 AM

Posted 22 July 2010 - 02:59 PM

QUOTE(J2FcM @ Jul 22 2010, 02:16 PM) View Post
oye,

the builder when I attempt to start says

"Sorry, program requires administrator privelages"

Also, Im doin all this on Windows 7, for WinXP on my desktop. if that matters....

It shouldn't f you have Administrator Privileges. If you do, right click on the downloaded file and select "Run as an Administrator".

Let me know the outcome.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 J2FcM

J2FcM
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 22 July 2010 - 03:51 PM

Argh! well that worked, thank you.

But when creating the ISO I got errors.

Also, this is for SP1 and I mad adjustments in the plug ins for it... should I try that slip streaming for SP2?

attached log

#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:17 AM

Posted 22 July 2010 - 06:31 PM

I believe it calls for, but if it boots the computer, there may be no need to slipstream the CD.

1. Restart Your sick Computer Using the UBCD4Win Disc That You Have Created
  • Insert the UBCD4Win disc in to one of your CD/DVD drives.
  • Restart your computer.
    • The computer should choose to boot from the UBCD4Win CD automatically. If it doesn't and you are asked if you want to boot from CD, then choose that option.
  • If your PC is not booting from the CD, you need to change the boot order:
    • Restart your PC
    • As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
    • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
    • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
    • The tab should now show your current boot order.
      If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
    • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.
  • Your PC should now boot from your CD.
    Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.

  • In the window that pops up select Launch The Ultimate Boot CD For Windows and press Enter.
    • It may take a little longer for the Desktop to appear than it does when you start your computer normally. Just let the process run itself until the desktop appears.
  • Once the desktop appears, you will receive a message asking: Do you want to start Network support?
    • Click on NO
  • You should now have a desktop that looks like this:
Let me know if successful.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 J2FcM

J2FcM
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 22 July 2010 - 06:49 PM

Sorry if I was vague, the problem is my ISO isn't being created, it comes up with 2 errors on the log I attempted to attach, and says to fix them

Error: SetupDecompressOrCopyFile() "E:\I386\FLTMGR.SYS" to "C:\UBCD4Win\BartPE\I386\SYSTEM32\DRIVERS\FLTMGR.SYS" 2: The system cannot find the file specified.
DecompressOrCopy file "E:\I386\FLTLIB.DLL" to "C:\UBCD4Win\BartPE\I386\SYSTEM32\FLTLIB.DLL"
Error: SetupDecompressOrCopyFile() "E:\I386\FLTLIB.DLL" to "C:\UBCD4Win\BartPE\I386\SYSTEM32\FLTLIB.DLL" 2: The system cannot find the file specified.
DecompressOrCopy file "C:\UBCD4WIN\PLUGIN\DRIVERS\ACCESSGAIN\FILES\ACCGAIN.SYS" to "C:\UBCD4Win\BartPE\I386\SYSTEM32\DRIVERS\ACCGAIN.SYS"

Edited by J2FcM, 22 July 2010 - 06:53 PM.


#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:17 AM

Posted 22 July 2010 - 07:27 PM

That also happened to me. I was able to correct the error by selecting Burn to CD prior to building the CD



Insert the CD, then Build. It will automatically burned to the CD.

In my case the error was not repeated. Give it a try.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 J2FcM

J2FcM
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 22 July 2010 - 08:00 PM

Same dang error! Cannot build CD until those errors are fied......hmmm

#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:17 AM

Posted 22 July 2010 - 08:23 PM

Copy the XP CD files to a folder and Slipstream the CD. Here are some instructions:

http://www.helpwithwindows.com/WindowsXP/S...ice_Pack_3.html

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:17 AM

Posted 04 August 2010 - 09:52 PM

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:17 AM

Posted 11 August 2010 - 09:35 AM

Topic opened at the user's request.

Were you able to build the CD? What's the status?

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:17 AM

Posted 12 August 2010 - 11:17 PM

Sorry, but I can't keep this topic opened any longer. If you still have some issues with your computer, please open a new topic.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users