Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Really Tough Virus/trojan/?idk?


  • Please log in to reply
3 replies to this topic

#1 El Llama Lord

El Llama Lord

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 25 November 2005 - 02:56 AM

I downloaded something stupid and then I got a bunch of spyware virus stuff.
I took care of that stuff.
The only notable one was something like spysheriff.

So I got rid of that. But then the background wouldn't change from the one it set it at.
Then I downloaded this one registry key, and deleted everything in my prefetch folder like some guide said.
Of course now it would get stuck at the log-on screen where it says "windows is loading" (after the moving bars and stuff but right before you can chose which name to log onto)

Then I did a repair reinstalation of windows. It booted up the first time.
Next time, it would stop at the same loading screen.
I rebooted a couple times and still nothing.
Again I did another repair reinstaltion of windows, and rebuilt the prefetch folder according to some guide.

Still the same boot up problems.
So I repaired windows again.
Now I notice that winlogon.exe takes up a lot of CPU and using processexplorer I was able to tell that it keeps on connecting to various russian smtp servers.
I guess my computer is a zombie machine now.

So I boot into BartPE, use several antivirus and adware programs and nothing, its all clean.

I reinstall windows again.
I use housecall from trendmicro and it finds several unrelated viruses (in files, not being run or anything)
After it removes the stuff, I reboot and it gets stuck at the same screen.

And I'm pretty lost right now. At first I didn't think it was a virus problem but then winlogon.exe was connecting to various russian websites so now I think that is the problem. And I can't boot into windows unless I do a repair install of it again.

BC AdBot (Login to Remove)

 


#2 stidyup

stidyup

  • Members
  • 641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:31 PM

Posted 25 November 2005 - 03:06 AM

Can you get into safe mode?

Rootkit Revealer it may be worth running this on your PC. RootKitty may also help especially as you have used BartPE. If you do have a rootkit then your going to have to nuke your PC and do a clean install. However if you can get a hijackthis log posted one of the experts there may be able to help you.

From BartPE which antivirus scanners did you run?

If you think you are infected submit a hijackthis log to the HJT Forum.

How to submit a hijackthis log

Download Hijackthis

Try running the following from safe mode (Getting to safe-mode) Sysclean you'll also need the virus template file from here lpt***.zip remember to extract the contents of the zip file into the same folder as Sysclean.com

or

DrWeb CureIT

or

KASFX which is powered by the Kaspersky AV engine, you will need internet access to update it. If you haven't got net access in safe mode, update it before you use it.

If your good with the command line also try Sophos Command Line scanner this command will scan all of your hdd's SAV32CLI.EXE -F -di -remove -dn -mbr -all -zip -p=avscanlog.txt and give you a log file to review afterwards.

Also try installing and running A2 Free and Ewido

I'd also run Spybot(Spybot Tutorial) and Adaware

If your using Win2K/XP run adaware/spybot from "safe mode with command prompt" If your using Win9x just run it from safe mode the command line options aren't needed..

At the C:\ prompt type the following:-

cd\
C:\progra~1\spybot~1\spybotsd.exe /autocheck /autofix
cd\
C:\progra~1\lavasoft\ad-awa~1\ad-aware.exe

#3 El Llama Lord

El Llama Lord
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 25 November 2005 - 03:22 AM

I haven't been able to get into safemode, it still gets stuck at the same screen.
Under BartPE I ran NOD32 (with several month old definitions), Adaware(new definitions), and avast! Virus Cleaner Free.

I'll try and check for a rootkit from BartPE right now and try some other stuff.

Thanks for the quick response.

#4 stidyup

stidyup

  • Members
  • 641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:31 PM

Posted 25 November 2005 - 08:21 AM

I'd suggest running bartpe again but with updated AV scanners.

UBCD4Win is based on Barts PE and has several AV scanners included.

How to update the Virus Scanners in ubcd4win.

Bug Fixes for V2.55

Search 911 forum for AV Scanners this site has many AV scanner plugins listed many which are freeware if you prefer to add the scanners yourself to BartPE.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users