Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Seem to have a seriouslyinfected machine


  • This topic is locked This topic is locked
4 replies to this topic

#1 davidjex3

davidjex3

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 26 December 2010 - 01:10 PM

I posted on here a few weeks ago and I never received a reply...lots of views, but no replies. I have attempted to compelte all of the prepatory steps but unfortunatley, DDS, nor GMER will run on my PC...they hang indefinately. I was able to download the aforementioned, along with RSIT, but only RSIT would run. Accordingly, I have attached the HijackThis log file. I am able to run Defogger.

I have been trying things on my own for a couple of weeks now and I am desperately in need of help. I'm not sure why no one has replied, even if just to say, the machine is too messed up and you should just reformat it. If someone would please offer some guidance, I would greatly appreciate it.

Thank you,
davidjex3

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:15 PM

Posted 26 December 2010 - 07:00 PM

Good evening. :)

Having taken a quick peek, I see two issues that are of concern:

1) The PC only has Service Pack 2 installed - that's one behind what is available. Given that the machine isn't fully up to date, it is at greater risk of infection due to holes that Microsoft will have identified and released patches for but which you don't have. That isn't good, but it isn't terminal, unlike number 2.
2) I see no firewall or anti-virus present - Microsoft AntiSpyware is the closest security you have, and it isn't sufficient.

My usual response to this situation is something along the lines of:

Given the lack of basic security programs onboard the best suggestion I can offer is to back up any important files and then reformat and reinstall Windows.
It is going to be impossible to guarantee a clean computer at the end of the removal process, which makes it something of a non-starter in the first place. The possibility that legitimate files may have been infected or corrupted by the malware present on your PC, and also that security settings may have been lowered making your computer more liable to infection in the future, means that starting over is the easiest and most reliable solution to your problems.
You also need to be aware of the risk of identity theft if you have accessed bank accounts with this computer or shopped online. Keylogging software could have recorded details of these actions and a lack of an effective firewall means that there is nothing to stop this information being sent home. If this does apply to you, i'd monitor your accounts and perhaps consider getting credit/debit cards, passwords etc... changed - obviously not using this PC!
Should you want them, I can provide links to free software, both firewall and AV, that will help keep your PC malware-free in the future, but you shouldn't count on them to clean your machine as it is now.

So long, and thanks for all the fish.

 

 


#3 davidjex3

davidjex3
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 26 December 2010 - 10:38 PM

Thank you for your response, Noviciate. I appreciate your time and guidance. Just to provide you with an update, I recently was able to install TrendMirco Titanium Maxiumum Security since my original post. I recognize that this will not cleanse the machine, but would that successful install help in the cleaning process? I did run a full system scan as well as a full scan using TM Housecall. The scans did uncover some infected files, but the issues stil persist. Again, not sure if this helps.

Seperately, I was able to run a new HJT Scan today (post TrendMicro install) and I have attached it here. Would you kindly let me know if the situation looks any better since installing the aforementioned anti-virus software? I am holding out hope that I will not have to reformat the pc as I have an exensive amount of data and software that would be lost in the process.

Again, I appreciate any and all of your insight.

Attached Files

  • Attached File  log.txt   6.86KB   2 downloads


#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:15 PM

Posted 27 December 2010 - 02:48 PM

Good evening. :)

Imagine that somebody had broken into your house. While you could look around the house to ensure that the criminal was no longer present, unless you lifted the floorboards and checked under there, you couldn't say for certain that there wasn't somebody hidden under them, unlikely though that may be! Likewise the loft, the cupboards, under the bed.....
Maybe the criminal left a window open to make it easier to get back in later. Perhaps they took the spare set of house keys and could just walk back in at any time.

The only way to be certain is to look everywhere, check every door and window and change every lock - a pain, but worth it for the peace of mind.

The log that you posted doesn't show every file and setting that exists on your PC, nor will any log, and so it is clear I cannot say that you system is clean. It would require a check of every file and setting to ensure that nothing was amiss. The only way to be certain is to reformat and reinstall - this to is a pain, but it is the only certain way to know that your PC is clean.

Any anti-virus is better than none, but no scanner is perfect. Could the one you have chosen detect all malicious files and settings and correct them? Perhaps, and then again, perhaps not! You have to decide whether you are happy to trust in the security of your PC without wiping it and starting afresh. Personally I wouldn't hesitate to do so, and have done so on occasion, simply because the peace of mind is worth more than the aggravation of the whole process. However, it is your PC, your peace of mind, and your time that we are talking about and I can do no more than tell you what I would do if I was in your position.

So long, and thanks for all the fish.

 

 


#5 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:15 PM

Posted 30 December 2010 - 06:36 PM

As this issue appears to have been concluded, this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users