Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Various problems all started at once (sound disabled, security center warnings, network issue)


  • This topic is locked This topic is locked
4 replies to this topic

#1 vivisect

vivisect

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 25 March 2011 - 05:30 PM

I am having some pretty strange problems that really seemed to come out of no where.

Around 12:30 today the following things happened:

1. My sound stopped working. There did not seem to be any reason why. Thought maybe it was a hardware error, so I restarted.
2. After the restart I noticed that not only did my sound not come back, but now my network connection icon in the task tray had an X through it like it is not connecting.
3. Getting suspicious, I attempt to update Microsoft Security Essentials. It won't update.
4. For some reason I decide to go into the Control Panel and see if I can see any weird hardware problems there. I immediately notice that I cannot click/open many things. I cannot click any of the options under System and Security, such as Find and Fix Problems, as well as others.
5. I open the event viewer. There are over 3,000 errors for "Distributed COM" which say:

The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{89115307-8248-448F-ADA0-F3F3718A9B2A}
 and APPID 
Unavailable
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

6. I open Firefox and I get a strange prompt. My browser is set to go the firefox google page, but it gives me a 303 error and says the site has moved with a link to a page(I should say this only SOMETIMES happens. Not every single time). BUT even though my network is supposedly disabled I can go to other sites. I seem to have full internet access.
7. I assume a virus, although I cannot at all think of where it would come from.
8. I boot into safe mode with networking.
9. I notice that not only does my network still have a red X, now my volume icon has a red X, and I have 2 notices in the security center. One says that Microsoft Security Essentials is not active, and the other says that Windows Defender is not active. Microsoft Security Essentials IS active, but is not monitoring and I can't make it monitor. Still can't update it's definitions. When I try and click the Turn On Windows Defender notice, it opens a folder to my system32 directory.
10. I do the following in Safe Mode:
10.a. Run and update Malwarebytes successfully. Finds no threats.
10.b. Run and update Spybot successfully. No threats.
10.c. Run and update ClamWin successfully. ClamWin finds one infection of kui.exe which is a Worm.Palevo-609. I remove all instances of it.
11. Reboot into normal mode. All of the problems are still there. Network disabled icon, sound not working but not a disabled icon, Security Essentials says it is not active. Windows Defender says it is not active. I also cannot run Windows Update. Tells me the service needs to be restarted (I checked the service and it is running).
12. Run RKill and shows 4 problems, but they seem to be false positives. Will post log on request.
13. Run Housecall. Finds nothing.
14. Run ESET Online Scanner. Finds nothing.
15. Post on bleepingcomputer for the first time.

BC AdBot (Login to Remove)

 


#2 vivisect

vivisect
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 25 March 2011 - 08:04 PM

Forgot to mention I am running Windows 7 x64.

Here is some more info.

I ran Hitman Pro and it found nothing except tracking cookies.
I ran Super Antispyware and it found odd remnants of things, but nothing of consequence.

Here are some other problems I've been encountering.

Posted Image


Posted Image


Posted Image


Posted Image


Posted Image

Edited by vivisect, 25 March 2011 - 08:04 PM.


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:50 PM

Posted 25 March 2011 - 09:32 PM

Hello, I suggest a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run on your bit,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 vivisect

vivisect
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 25 March 2011 - 10:10 PM

Done. Posted here: http://www.bleepingcomputer.com/forums/topic387175.html

Thanks!

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:50 AM

Posted 26 March 2011 - 11:35 AM

Hello,

Now that you have posted a log, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Response Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days, up to a week, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users