Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Malware Legacy


  • This topic is locked This topic is locked
3 replies to this topic

#1 Cojock

Cojock

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 11 November 2010 - 07:00 AM

Hi

I have a Sony Vaio running Windows Vista, and I use Firefox.

I somehow got infected simultaneously by the Security Toolkit and Quick Defragmenter malware, and after a couple of passes by MAM antimalware (I got it wrong the first time, and used the Bleeping Computer advice the second time, which did the trick, so kudos)
I got rid of the malware, I think.

But I am left with a pretty nasty legacy.

All of the protections the bug created for itself are still there, so for instance I can only access Windows explorer in 'safe' mode and I still get the following warning coming up when I try to open programmes.

"Windows detected a hard disk problem

Scanning for hard drive errors.....Hard drive scan helps to detect yada yada"

I can open them after about three tries, or right clicking and coming in as an admin for firefox.

The worst problem is that the little bastard crashes my system approximately every 20 minutes or so
irrespective of what I am doing as follows....

First Message:

"You are running every low disk space on Local Disk (C:)"

Then instantly

Second message:

"Windows - No Disk Exception Processing Message 0x 0000013

Parameters 0x000007FEFE037240 0x00000000004 0x000007FEFE037240 0x000007FEFE037240 "

Then instantly

Third Message

Windows Delayed Write Filed (note - not 'Failed')

Windows was unable to save all of the data for the file \Systems32\496A8300. The data has been lost.
This error may may be caused by a failure of your computer hardware.

Then instantly

Fourth Message

"Windows - no Disk

Exception processing message 0x0000013

Parameters 0x759A023C 0x84C3CAA4

0x759A023C 0x759A023C

Same messages every time.


Then after a minute's grace or so I get this message

"A critical error has occurred while indexing data stored on hard drive"

and the machine then reboots, while letting me save what I am working on, if I'm quick.

Finally, upon re-booting this message appears, which starts the whole cycle again.

"Warning The system has been restored after a critical error. Data integrity and hard drive integrity verification required,"

I presume from reading your site that the malware has left something behind in the rootkit, but I have no idea how I might deal with this issue, and would be grateful for your help in sorting it out, and also re-establishing the functions which were disabled by the malware eg defragmentation (although I was able to defragment using C: defrag and I have loads 90 Gb of space on the drive) no remote access and so on.

Best Regards

Chris

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:38 PM

Posted 11 November 2010 - 08:35 PM

Hello it actually appears to me there is also other malwares on here. We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Cojock

Cojock
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 12 November 2010 - 07:42 AM

Hi

I managed to run DDS and posted the results in the other section as you suggested.

GMER wouldn't run in Safe mode, and takes longer to scan than the bug allows normal operation before it reboots.

Best Regards

Chris

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:38 PM

Posted 12 November 2010 - 11:43 AM

Thanks Chris. Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users