Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Alureon A and who knows what else


  • Please log in to reply
4 replies to this topic

#1 tobyjason

tobyjason

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 22 July 2010 - 09:11 PM

Help! My notebook (running XP SP3) had been running/starting much slower than it properly should for some time. In the last week it began frequently failing to startup. I didn't get the BSOD, but at a point shortly after my background desktop color would come up, my screen would freeze with a pattern of dots and/or dashes on it, looking like some super old school computer game's terrain graphics.

I would restart, sometimes a few times after repeating the problem, and eventually everything would seem to work, but I was annoyed and vaguely recalled there was something I could do to check for corrupt system files with the run line. I googled and found/remembered the whole sfc /scannow thing and tried it. But when I inserted my windows disc when prompted by SFC everything froze, then when I restarted my DVD drive was no longer detected. I ran cdgone (edits the registry back to basics for the cd drive) and it had no effect. I tried booting from a windows dvd and had enough problems that for a while I believed the drive itself was bad and not even being detected by the BIOS, but eventually I got that to work enough to believe the drive is fine. Getting Windows to start again, I uninstalled the IDE drivers in device manager and actually got XP to detect the DVD drive again. But when I clicked on the DVD Drive from explorer (intending to copy the i386 folder from the cd to my root directory so I could [hopefully] run SFC properly) I got a blank screen the color of my desktop background with a couple vertical lines in the middle.

I started poking around and found out that rootkits often corrupt something called atapi which I understand is needed for CD/DVD drive support.

I downloaded and ran the ESET online virus scan -- took a long time, found 1 thing that was some sort of toolbar (although I've never downloaded/been attacked by any stupid toolbars that I'm aware of).

I used another computer to put my i386 folder onto a portable usb drive and copied it to my bad notebook's harddrive so I could run SFC, which I did. It ran and finished but didn't output any sort of information as to whether there were problems found/fixed/etc.

I downloaded and ran Windows Malicious Software removal and the quick scan (I swear) said "11 files" infected or something about 11 problems and prompted my to run a full scan, after which it promised to reveal details. I did so. It found nothing further and the result was that it told me I had "Alureon A" and that it had been partially removed.

I'm hoping someone can walk me through what I need to do to get rid of whatever is left of it and to find/remove any other rootkits (or other viruses) using combofix or whatever else I should be using.

UPDATE: I tried to post this and found my browser couldn't connect to any sites. I restarted and got a black screen with odd (but pretty) bars of green and red. I restarted again and it was very slow but it's working enough (hopefully) to let me post this.

Edited by tobyjason, 22 July 2010 - 09:20 PM.


BC AdBot (Login to Remove)

 


#2 tobyjason

tobyjason
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 22 July 2010 - 11:09 PM

UPDATE: I went to delete my temp folder and had something called "iswtmp" not allow itself to be deleted and when I googled it all the links pointed to virus help websites (including this one!)

#3 tobyjason

tobyjason
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 23 July 2010 - 03:50 AM

I ran malwarebytes anti-malware and it found 1 thing (trojan downloader) in the registry for microsoft messenger (never use) and supposedly killed it.

I also ran tdsskiller -- it found nothing.

My CD/DVD drive still disappears constantly, seemingly at random, although I can make it reappear by doing a scan in device manager.

#4 tobyjason

tobyjason
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 23 July 2010 - 02:50 PM

Had a failed bootup today (black screen) and later had Windows crash to blank screen with a vertical row of dots when I tried to make the DVD drive show up in Device Manager (uninstall Secondary IDE, then rescan for hardware makes it show up).

My Zone Alarm just turned this up:
"Rootkit.Win32.TDSS.u was found in C:\System Volume Information\_restore{46256C8A-3132-4664-8E82-9103016EE091}\RP909\A0889302.sys on 7/23/2010 14:44:06"

It says treatment was successful and no further action is required.

SOMEBODY PLEASE HELP!

#5 tobyjason

tobyjason
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 26 July 2010 - 01:48 PM

Still waiting/hoping for a mod to help me run combofix (maybe) and clean up whatever is hidden here.

I am still having my computer fail to boot (black screen, usually) about every other start up. Still have my CD/DVD drive not show up.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users