Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AntiMalware Doctor Virus - A whole new thing =S


  • Please log in to reply
9 replies to this topic

#1 Ambusher

Ambusher

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 10 August 2010 - 01:30 AM

Hi,

After searching around on the net for countless hours on another laptop about the Antimalware Doctor virus I came to this site. Well as you can see my laptop is infected with the virus and i read over the guide: http://www.bleepingcomputer.com/virus-remo...imalware-doctor

and did everything
at first Rkill worked and i started MBAM.
than 30 mins into the scan my screen goes all blue and it said something in white about how something and all i can remember is that "if this is the first time you see this screen restart you comp......if not (and there were a list of steps).

I did the whole Rkill + MBAM thing three times and all three times i got that msg.

Can i get help please, i was doing a project for my job and went to get a drink and came back and this happended in 5 mins.
I also forgot to backup this project from day one =( and i need the files asap for me to keep my job.

please help.


EDIT: on the blue screen it says

"A problem has been detected and windows has been shut down to prevent damage to you computer.

KERNEL_STACK_INPAGE_ERROR

if this is the first time you've seen this stop error screen,
restart your computer. If this screen appears again, follow these steps:

Check to make sure any new hardware of software is properly installed.
If this is a new installation, ask your hardware of software manufacturer
for any windows updates you might need.

If problems continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing.
If you need to use safe mode to remove or disable components, restart your computer, press F8 to select Advanced startup options, and then select safe mode.

Edited by Ambusher, 10 August 2010 - 11:43 AM.


BC AdBot (Login to Remove)

 


#2 Ambusher

Ambusher
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 10 August 2010 - 10:52 AM

personally I don't like to double post/bump a thread
but I have updated my post about my situation.

Thanks

#3 dark fader

dark fader

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 10 August 2010 - 11:08 AM

As no-one else is answering for now, I'll post what I initially do when I find myself infected.

Can you get the files off the machine with a USB memory stick? If you do, filter the thing through a Mac or a Linux box or something before you let it near another machine. Look for any autorun files.

I had a similar blue-screen problem when trying to remove the Antivirus Pro trojan. In the end I needed to go into safe mode, and then into the admin account to be able to run enough programs to clear the infection. I believe the blue-screen is a survival mechanism of the malware.

Try safe mode with networking (tap f8 just before the Windows logo appears on boot if you're XP). Redownload MBAM and update it before running it. You can also try Spybot Search and Destroy. Between them they clear up a lot of problems but they're not perfect.

#4 Ambusher

Ambusher
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 10 August 2010 - 11:14 AM

Thank you Dark Fader, but the malware wont let me connect to my wireless network.
Also how do i filter through linux i dont have a mac at home.
Also which i forgot to mention is that after installing MBAM i did not update it since i had no internet connect.
is that a reason for the problem?

Edited by Ambusher, 10 August 2010 - 11:15 AM.


#5 dark fader

dark fader

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 10 August 2010 - 12:23 PM

Thank you Dark Fader, but the malware wont let me connect to my wireless network.
Also how do i filter through linux i dont have a mac at home.
Also which i forgot to mention is that after installing MBAM i did not update it since i had no internet connect.
is that a reason for the problem?



If you're not able to update mbam you're unlikely to be able to remove the latest version of the malware. Your first task is to get connected, I suppose.

What happens if you connect to the network with a cable? You normally get one with your router and almost all computers have a redundant network port or two...

When you say you can't connect, do you know if all network activity is affected or just the internet connection? Your issue could be the hosts file, or the proxy settings in IE, or if you look a bit further down this forum I had a piece of malware effectively disable port 80 on my machine last night. (Blocks all normal internet pages, lets HTTPS pages through.)

Depending on what it's trying to do, it's unlikely that malware would intentionally disable all your network access - it needs it for reporting home, or allowing people to enter credit card details.

Here's instructions on fixing the hosts file:

http://support.microsoft.com/kb/972034

And removing any proxy settings:

http://www.library.kent.edu/page/14299

Look for my post below for instructions on how to reset the TCP/IP settings, if they don't work.

Have you tried safe mode?

As for filtering your USB key through a Mac, I just meant that you should try to find one (belonging to a friend or something) and use it to clean off any extra files the trojan might have added. Putting it straight in to another machine may be foolhardy.

#6 Ambusher

Ambusher
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 10 August 2010 - 02:25 PM

"As for filtering your USB key through a Mac, I just meant that you should try to find one (belonging to a friend or something) and use it to clean off any extra files the trojan might have added. Putting it straight in to another machine may be foolhardy."

do u mean the infected files?

Also i use chrome as my default web browser and now i can not open chrome anymore it give me a window that says it crashed or something and to send or not send a report.

EDIT/ ADDON (IMPORTANT) :

If i run rkill.com it kills the malware but what if, I can kill the malware with rkill.com and turn of my wireless receiver like the hardware on/off switch for my wireless so there is no internet (the wireless slider on the side of my laptop) . Can the malware still share my information? cause i have this MAJOR project to finish and than I can reformat my computer to get rid of this malware.

Edited by Ambusher, 10 August 2010 - 02:29 PM.


#7 dark fader

dark fader

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 10 August 2010 - 04:41 PM

'do u mean the infected files? '

I mean files which could spread the infection to a new machine. It's probably unlikely that they'd bother, but if it has control of your machine then a removable drive is a perfectly cromulent way to propagate the program.

An 'autorun' file is a big warning sign.

'Also i use chrome as my default web browser and now i can not open chrome anymore it give me a window that says it crashed or something and to send or not send a report.'

Do you have Firefox or Internet Explorer handy?

'Can the malware still share my information?'

Not with the wireless interface turned off it can't, unless you tether your phone or have a modem connected or connect it via network cable to your router or otherwise connect to your computer to the web. If you don't trust the drivers, turn off your router.

The problem is that the malware will make life very difficult for you to just use your machine...

#8 Ambusher

Ambusher
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:24 PM

Posted 10 August 2010 - 05:53 PM

ok this is how it is soo far,

so at the moment I have one three USB all my files including the .exe files of Adobe After Effects and Premier Pro. Anyways beyond that. so i placed both the exe files on the USBs and I want to transfer it to my other laptop which is clean to install them. I scanned the files with AVG and F-secure and nothing poped up. Is that safe enough? or do I scan with MBAM too?

Also

"The problem is that the malware will make life very difficult for you to just use your machine... "

at the moment I used rkill.com file to terminate AntiMalware Doctor , does that keep the malware at bay for me to do work? I just dont want it to spread/ send back information to the host.

Also just a thought even after shutting it with rkill.com does the malware still damage my machine? like still collect info and what not?

Edited by Ambusher, 10 August 2010 - 07:04 PM.


#9 dark fader

dark fader

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 10 August 2010 - 06:09 PM

The torrents are likely to be the source of the original infection, or could be the source of a new one. If you own these programs, find your registration keys in your email history and download the legit versions from the official sites.

Or, if it's just for this project, download the trials until you can get time to fix your machine properly.


"at the moment I used rkill.com file to terminate AntiMalware Doctor , does that keep the malware at bay for me to do work? I just dont want it to spread/ send back information to the host.

Also just a thought even after shutting it with rkill.com does the malware still damage my machine? like still collect info and what not? "

I don't know. Presumably something's still around which re-installs it on re-boot. That could well be a passive file, but do you trust it?

#10 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,805 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:24 PM

Posted 10 August 2010 - 06:27 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at Step 6.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Orange Blossom :thumbsup:

p.s. As for rkill, you can read about it here: http://www.bleepingcomputer.com/forums/t/308364/rkill-what-it-does-and-what-it-doesnt-a-brief-introduction-to-the-program/

Edited by Orange Blossom, 10 August 2010 - 06:29 PM.

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users