Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help, recurrent infection beyond my skill level to remove...


  • Please log in to reply
1 reply to this topic

#1 stevennlv

stevennlv

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 28 February 2011 - 03:55 AM

Hi everyone, I'm Steven and I thought I had a clue untill I hit this one.

I have an Acer Aspire One Netbook with XP SP3. I built it to replace my old XP tower when the power supply died and took the motherboard with it. (Lightening strike on a power line, melted the surge protector.)

I'm an enduser / hobbiest. I read a lot on the net, but have no formal training of any kind. I have a very highly customized set up with a lot of layers of protection. But, it's not doing me any good.

I have a full retail copy of XP SP2 from years ago. The first thing I did was wipe all of the Acer stuff off of the drive and set up a clean copy of XP. This setup has been running fine until recently. My only active real time AV / FW system is the full suite from PC Tools. But, I do have lots of others as backup scanners / HKs like SuperAnti, Spybot S&D, Root Repeal, Malware Bytes and more. I also have every service turned off that can be and I've changed a lot of system settings with TweakXP. I've set up custom rules for all of my IE zones (IE8). I have my swap file encrypted with BC Wipe. I have all my personal info (taxes, ect) encrypted with AxCrypt. I have a very complicated password scheme and so on on so forth. For the most part, I've shut down pretty much evrything in Windows that can be to make my system as tight as possible. For instance, I don't use system restore, instead I use the free sector by sector back up tool from EASUS. In other words I've done everything that I've read that you're "supposed" to do to make your system fast and secure.

Except for one: Like a big dummy I haven't run a back up in about a year. I have an old, old clean state copy I could back up to, but I'd loose a bunch of stuff I want to keep. So I burned all that to DVDs, wiped my drive clean and started over. And now the ^%%$##$%^^ infection is back again. And yes, of course, I waited until I was fully configured / protected / updated before I put my data back on here. And I scanned all of the disks before I copied them to my drive. They all came up clean. But I'm infected again. (As a side note: internet is included with the rent, and I can't prove it but I think their network is dirty.)

I have done everything I can think of to kill this infection, but it just won't die. So far I have removed the Mervon.A worm from my system about 6 times and the Trojan.Generic twice from my system.

And all of my tools tell me that I'm now clean (YET AGAIN!!!). But I know that I'm not because settings keep getting changed in my system and my AV. And, folders that I can normally access are now locked, like C:\Docs and Settings\User\Local Settings. And I have strange folders and zip files that keep coming back (Folder = APPS\2.0, Zip = IDP.zip and UDP.zip. The UDP one is full of IP addies). I also have strange .tmp and .xml files cropping up that I can't delete, or that recreate themselves. Plus I have a ton of unknown hardware in my Device Manager now. Approximately 2 dozen items. Under the details tabs they all start the same Root\Legacy\ a bunch of different stuff. But all of my hardware is actually working fine. And all of the last parts of the enrtries look more like services than hardware?

Also, at this point I'm really starting to doubt my skill level; so maybe that back up is not as clean as I'd like to think? What if I had this crap then and didn't know it?

So can one of the Guru-Gods of computing please save my butt? I need this stupid thing to work lickety-split so that I can do some training stuff for work before they fire me for not getting it done and balance my check book / pay my bills without some 12 year old in Bulgaria getting my social and prefferably without loosing the years worth of persoanl data which I was too stoooopid to back up.

Many, many thanks,
Steven.

BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,702 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:04:03 AM

Posted 04 March 2011 - 05:12 PM

Hello.

The sort of problem you're describing is one that's probably going to require a more detailed analysis to fix.

Please follow the instructions in This Guide starting at Step 6.

Once the proper logs are created, then make a NEW TOPIC and post it HERE Please include a description of your computer issues and what you have done to try to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users