Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very smart malware downloader


  • This topic is locked This topic is locked
2 replies to this topic

#1 elvarien

elvarien

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 07 September 2010 - 05:48 AM

TLDR below.


To explain my current situation i`l describe my actions so far which have lead to this point.
I`m including as much detail as I can which could mean though this post gets a bit lengthy. I`m sorry about the long read. I`l try to summarize at the end to give a clear picture.

I have always considered myself to be computer savvy. I`ve killed my fair share of spyware, malware and viral infections on various computers. My own has remained relatively free from infection. [ignoring the occasional snag I`ve been able to expunge quickly.] A half year give or take a few months though I met my match.

It started as I noticed the general slowdowns, CPU at 100%memory at about 90% after a simple boot. Did another boot this time with all the software that I normally have boot up automatically turned off and saw somewhat similar results.

Task manager showed me several processes I did not recognize nor trust. I proceeded to kill these and check via msconfig to see if anything odd tried to start at boot. I found several pieces of malware, disabled these and rebooted to check for differences.

I almost thought the infection had sentience as this had surely pissed it off. On boot I was greeted with several popups belonging to rogue anti virus suites. I killed those but was greeted with new processes. My first "battles" with this entity resulted in me trying to kill processes faster then it could spam them at me. After a while I learnt to recognize what the processes would do by order of appearance and names.

I began to apply tactics by killing the processes that would spawn more processes first and then leaving the least annoying ones alone as if I killed those it would restart the cycle until eventually it 'won' or we ended in a 'draw' by winning it would have locked task manager and other tools before i could stop it from doing so. With a tie we would simply have a crash bsod or something similar.

I finally reached a point where I could use my pc, slow but usable leaving 1 or two processes in the background which were doing god knows what though left me alone enough to search for the source of it all.

While searching I actually found the infection adapting to me as the av popups returned this time hiding under regular processes and applications instead of random number combinations. I found something hiding behind my tablet drivers for example.

A lot of internet searching lead me to others with similar war stories. I decided to just start over. My drive was split in 2 having my OS on C: and everything else on D: I made a folder with everything I wanted to keep and in that folder did a search for .exe .com .js and a few other frequently infected file types. Deleted all of those and followed up with a format of both drives keeping only the backup folder intact [music pictures work material Photoshop documents that sorta stuff]

That fresh install has remained clean for about half a year until 3 days ago.

I was hit with anti virus suite. The moment its first popup came up I hit ctrl bleep del, killed the process looked it up and removed it from my pc. Ran malware bytes which cleaned the remains and thought that was it. However explorer.exe keeps crashing every few seconds which is not something I read about in other posts by people with this piece of malware. Cat came out of the hat when this morning I saw unknown processes in the taskmanager again which reminded me of the episode half a year ago.

Now I HOPE that this is not the same thing but something completely different as for one why would it lie dormant for half a year.

[TL;DR]
I`ve been very reluctant to seek help. Stepping over my ego for a change as this is way beyond my skill.
So for those still patiently reading here`s a summary of my current situation

I run windows 7 64bit

am experiencing issues with a virus or piece of malware that I have not been able to identify as of yet. It downloads and updates itself and adds more malware the longer I let it stay around.

My explorer.exe on boot stays around for about a minute and then crashes every 3 seconds I currently leave it 'crashed' and run my programs via taskmanager.

I thought something was simply killing explorer.exe so I copied it renamed it and used regedit to set the new renamed file as my shell, it did not change the crashing.

I run malware bytes and just finished a scan after using Rkill wich shows my system as squeaky clean.
I am pretty sure that if I reboot now and do a new scan it will find bleep, remove it to do it again next boot.

And thats the basic gist of it.


Help, please ?

BC AdBot (Login to Remove)

 


#2 Driesiooo

Driesiooo

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 07 September 2010 - 06:13 AM

Hello.

I think it's best for your computer, to threat that infection. Just follow the steps on http://www.bleepingcomputer.com/forums/topic34773.html (Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help).

When post your (Hijackthis log +) DDS Log:
  • Do not post it at this topic or this forum but on http://www.bleepingcomputer.com/forums/forum22.html
  • Be patient, it's very busy at this forum.
  • A professional expert will view your logs and will help you with that problem.
  • Do not use tools (like ComoFix) without professional experience/helper.
Good luck.

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,958 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:17 PM

Posted 10 September 2010 - 02:56 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic345738.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users