Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor Trojan - BSOD - removal


  • Please log in to reply
1 reply to this topic

#1 GabrielGray

GabrielGray

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 29 April 2011 - 06:31 PM

This is the first time I've ever posted on a forum for help on a virus removal, I usually have no problem taking care of them.

I stupidly downloaded from a rather shady website, and shortly after my AVG pops up and shows 4 infections on my computer. "Backdoor Trojans" it says.
I ran a scan with Malwarebytes, and it found 16 infections. I chose to fix the infections, and it said that it couldn't fix all of them. (unfortunately I didn't save the log)
I'm not entirely sure what happened next, because I was up for hours into the early morning trying to figure out the problem, and my memory is rather hazy.
The next thing I can remember clearly is going into Safe Mode and running Malwarebytes. At first it didn't come up with anything, but then I re-installed it and ran a full scan, and I think it found about 4 infections. So I deleted them.
I've downloaded Spybot Search and Destroy, it found something called "Click.GiftLoad HiJackersC" and so I removed it. (But it's back each time I scan.) I used ESET and it found about 6 Java related infections, got rid of those.
And I can't go into Normal Mode for more than 2 minutes, I get BSOD, which I can't even read because it flashes up so fast, and then restarts my computer.
I can get online and run programs in Safe Mode though.

So I know that the BSOD and the virus are linked, and it's not some Realtek issue or something like that.

I've done everything I can think to do.
I'm seriously considering restoring my computer to factory settings. But that is a VERY last resort, and I hope you all can help me with this problem. I'm sorry if I haven't provided enough information, I'm not used to this.

I just finished my Malwarebytes scan, and it has found-
Spyware.Agent
RiskWare.Tool.CK
Malware.Trace
Malware.Trace
Hijack.Shell.Gen
Hijack.Shell
(the first four are in the file category, the last two are Registry Value, and Registry Data.)



I am using Windows Vista.

Edited by GabrielGray, 29 April 2011 - 07:15 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:11 AM

Posted 29 April 2011 - 08:31 PM

Hello and welcome.


Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, [color="#8B0000"]Post new scan log
and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users