Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus of all Viruses?


  • Please log in to reply
1 reply to this topic

#1 angellopezmusic

angellopezmusic

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 25 October 2010 - 07:49 PM

Maybe NOT?

I have recently came across a virus I have never experienced before.
First of all I'd like to introduce myself, Angel, 20 year old music producer with a decent amount of knowledge in Windows.

Just about 2 weeks ago I started receiving the "Generic Host Win32 Services" error. Days after I first encountered that issue I was suddenly attacked via Mozilla by a virus. A virus that has been unidentifiable since. I approached the situation as any would, stop process, msconfig, remove from boot, and run anti virus/spyware software.

When I took the basic steps in virus removal, I noticed all my anti virus software was disabled. I did manage to start up SUPERANTISPYWARE and noticed the Virus wasn't only one Trojan, it was several of them, and other types of worms.

Since then I did a factory reset with my machine. I own an Open Labs Neko workstation that runs Windows XP which comes with Service Pack 2 (I did update to SP3)

I ran AVAST and picked up on the IPRIP Trojan which I believe I got rid of it via REGEDIT.

To get to the point, I believe I am a victim of a RootKit? Something I had never heard of, UNFORTUNATELY.
What ever this thing is, it has managed to try and open up infected url's via my web browser. Since the installation of AVAST that has stopped, thankfully. But I still see it tries to access the internet and direct me to infected web sites. It has also disabled the updates for microsoft which I have to do to see if any of those security patches will take care of this bogus thing!

Any help will help, I tried running HIJACKTHIS and there is nothing suspicious but all the 6 SVCHOST.EXE files. The only thing telling me there is something definitely wrong is the Security Task Manager which indicates a few suspicious things.

Again a million thanks to who ever can help me!

Angel

Edited by hamluis, 25 October 2010 - 08:02 PM.
Moved from XP forum to Am I Infected ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:05 PM

Posted 29 October 2010 - 10:59 AM

Hello,

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users