Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Malware Infection


  • This topic is locked This topic is locked
4 replies to this topic

#1 StephL67

StephL67

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Georgia
  • Local time:05:33 PM

Posted 27 March 2011 - 03:50 PM

Running Win7 on a Dell Inspiron 1520 with upgraded RAM, otherwise the laptop is stock. Laptop came with WindowsXP installed, I upgraded to Vista, ran flawlessly for 3 years but had accumulated junk and system was running painfully slow. I decided to do some cleanup and went to cnet to find good cleanup utilities. I am assuming that is where I inadvertanly downloaded an infected program. The cleanup was going well, freed up a lot of space and the system seemed to run faster although boot up was still painfully long and it seemed the hd was running very hard in the background.

I first noticed a problem with my AV Webroot with SpySweeper. It was not loaded to actively scan and protect me, when I tried I got an error I never saw before that said webroot had to close and to restart the program, and a status bar showed a progress of closing the program. but after it finished and I clicked OK the program would not start at all nor could I run any scans.

Then I noticed Windows Defender was turned off, and I turned it on but a scan would not start. I tried Malwarebytes and it ran once, said it found something but needed to reboot to fix, I rebooted and malwarebytes did not load and run nor could I ever get it to run a scan after that and I could never find what it had found. The same scenario happened with AVG free and any other scanner I tried including kaspersky. I even tried donloading them from another computer to a flash drive and installing from it but still could not get any scans to run. I now suspect the flash drive is infected. Its a 4gb flash drive but after a format only 3.76GB is available and sometimes a file named HIMEM appears on the drive which I am able to right click and delete.

After 3 weeks of getting no where I decided to delete the hard drive and do a clean install of WIN7. I ran Killdisk twice, then installed Win7 from Microsoft CD. Things seemed great for a couple of hours, running Windows updates, got AVG free and then the problems started again the moment I installed AVG it would not work right, if it ran a scan everything reported OK nothing found.

I have managed to get webroot installed and working but it still does not find anything. I am new to Win7 but the file tree seems wrong, there is multiple sets of the file tree, Multiple Documents folders and some are locked and look like shortcuts but say they are folders and I get "access denied" when trying to even click on the folder.

I was able to get ThreatFire to work for about a day and it would pop up with alerts on almost everything I tried to do, any program launched would include additional operations like deleting and creating registry keys. The whole file system seems suspect to me but again I am unfamiliar with WIN7. I also found locked files located in temp folders in all of the sets of folders. I have found at least 5 different temp folders in various areas. I ran ATF but it did not delete all of the items in these folders.

My goal is to have a completely clean install of Win7 with NO residual files from prior versions or software. I have already backed up any documents I wanted to keep and located the drivers needed for my video, audio, etc. But it appears whatever this Malware is Killdisk does not kill it.

I have installed all the recommended software, tried uninstalling the antivirus applications and reinstalling. It seems as iff the moment the exe is ran the Malware infects it. I do see the AVG, MBAM and Webroot engines running in services but yet I cannot access the programs nor run scans with the exception of Webroot, which I located the exe file in explorer and directly right clicked and ran as admin, then I was able to load the Home panel and perform an update (something else I could not do before with any security software)but it always comes back clean and occassionly 6 common cookies that keep returning but are low threat.

I believe this is a very nasty infection that is able to corrupt valid system files, prevent being seen and I think is opening a backdoor connection. Some of the suspect files I have searched have pointed to different Trojans but I can not get any info on any of them, the infection will not let me view those pages. I have tried to set all security levels to the highest, turned off activex and java etc. But it does not seem to make any difference.

Please advise...

Thanks, Stephanie

Edited by StephL67, 27 March 2011 - 04:00 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:33 PM

Posted 27 March 2011 - 03:59 PM

Hello and welcome, to be absolutely certain you should post a DDS log and have it analyzed for any malware races.

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:06:33 PM

Posted 27 March 2011 - 04:02 PM

I am not judging you, but where did you get your Windows 7 install disc? if it was from some unknown site, downloaded as an ISO, who knows what you got instead. And the access denied messages you're getting can be the result of having your protected OS files showing. Windows 7 is very different from, but easier than, Windows Xp or any of the previous generations of Windows. You should keep it. And I'd recommend something to you. First of all, uninstall AVG free because it sucks, and second of all, uninstall the other antivirus you mentioned. Download a trial of Vipre Antivirus, and then register so that you can get a 30-day key, then scan with that using the deep scan option and see what happens. If it finds anything, move to the history tab, and record those for us in your next post. After that, run a scan with the eset online scanner located at eset.com/onlinescan. The trial of Vipre can be found at gfi.com by the way. Hope this helps.

Chromebuster

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#4 StephL67

StephL67
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Georgia
  • Local time:05:33 PM

Posted 27 March 2011 - 05:25 PM

Thank you for the fast response. I followed your directions and posted in the removing malware forum.

The Windows 7 cd is a genuine microsoft install cd purchased by me through my technical college. I have no reason to believe it is not legitimate. Also all previous OS versions were Genuine Windows software all registered and valid.

Also I did uninstall AVG but it remains running in services. I will wait until after completeing the malware removal before making any other changes. I will then check out Vipre, I have heard other techies reference that program before but most tell you to get AVG free. I appreciate good free software but I rather pay for better protection so would appreciate any recommendations in that area.

Thanks, Stephanie

Edited by StephL67, 27 March 2011 - 05:29 PM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:33 PM

Posted 27 March 2011 - 05:46 PM

Your post looks good. It may be a couple days for the analysis and a reply ,but they will.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users