Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit, Redirect, Malware, Blue-Screen Errors


  • This topic is locked This topic is locked
2 replies to this topic

#1 Antz

Antz

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 01 May 2011 - 08:21 PM

Hey,
This is the first time i've asked out for help like this but my pc is starting to give up on me and i want to save it before it goes down the drain. I think it all began when i was at a free video streaming website and from there on in it's gotten more and more worse, as they may just be flooding in the gates now and i can't do anything to prevent it...

I've been infected before by these malware programs, WinAntiVirus Pro and MS Removal Tool

Also getting random popups and redirects to random stuff on internet explorer and firefox, when i mean random i do mean random as the sites are totally different heck it even pop'd up a window and redirected me back to google again which i laughed hard at.

I've reseted bios back to default, I may have a currupt registry cause i've not touched it at all. When i attempt to run combofix it freezes then bluescreens me, also when i google windows update error i got it would not load at all infact i googled everything else and that worked but when i googled the error it just diden't work.

BlueScreen Errors which has appeared.
bluescreen: IRQL LESS OR NOT EQUAL
bluescreen: Internal_Power_Error

i'm currently using...
Avira anti-virus (scaned with no results)
AVG Anti-Rootkit Free (quick scan found nothing, deep scan still doing now..)
Hitman Pro 3.5 (found some ad cookies along with a old keygen i had a while back which was zipped up)
Malwarebytes' Anti-Malware (nothing found)
Search and destroy (nothing)
SpyNoMore (found nothing)
ComboFix (can't run, freezes and bluescreens)(worked last time but now doesn't want to even bother loading)
tdsskiller (found nothing, last time it got rid of it but now it's not even picking anything up)
ccleaner (did it's job and cleaned lol)
Little Registry Cleaner (likewise for the cleaning part)

I tryed doing everything again in safe mode with and without networking, i even unplugged my usb wifi network adaptor, it also managed to infect someone elses PC because it hopped onto the stick and raped his pc the same way. I work with PC's all the time but i'm not a expert in detecting malware or how the function which is why i went to the best resource i know and asked, the bleepingcomputer site lmao...

If we somehow manage to fix my pc, i'm reinstalling zone-alarms again regardless of it's annoyance. it worked when it was installed and on my pc and without it.. the gate is wide open to everyone.

I'm not in a situation to lose all my files on 3 hard disks, so please help me

I've attached my logs

Regards,
Antoni

Attached Files



BC AdBot (Login to Remove)

 


#2 Antz

Antz
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 04 May 2011 - 05:52 PM

Well i could not save the hard drive in time as the virus took full advantage of the exploit and ran serveral rootkits and opened up folders called "System Volume Information" and they hidden those folders and that was monitoring my keystrokes but the log file was totally werid as it was like it was encoded. They also had serveral trojans and worms in the system and it taken over my svchost.exe process as well as alot of main startup and shutdown processes and the registry was beyond repair.

If your infected by this virus which also is the following...

Win Anti-Virus Pro 2011
MS Removal Tool
WinAntiVirus Pro

It turned my PC into a "botnet" as a mailer machine as i seen the inbound and outbound traffic come from just this one process.

A word of warning this so called virus hopped onto my flash drive too which i was using to cure my pc, it spread like wildfire...

Here's how i fixed it.
Backed up all my data that wasen't infected onto DVD-R+ Disks such as pictures, movies and music as well as documents (OPEN & READ BEFORE MOVING THEM!), make sure all files are working correctly and not been exploited before you burn them onto a disk.
Downloaded Active@KillDisk free software and burned it to a disk
resetted my pc hit F8/F2 whatever your boot key is and press any key, then select the erase option and whip it clean.
Once it was done i used my Windows 7 disk to reinstall windows. (Rename your username to something else with numbers)
Hardened my security with Avast Anti-Virus, Hitman Pro, CCleaner and Malwarebytes as well as comodo firewall

Please be sure to totally whip your hard drive clean, they aren't called "Root-Kits" for nothing you know... So make sure you perm delete all data using the windows disk to format alone is not enough to kill this virus. I formated before and it came back the same way so using this method crushes the worms and rootkits.

That is the only way to correctly get rid of this, so be warned.

I've resolved my own problem, please close thread.

Regards,
Antz

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 PM

Posted 04 May 2011 - 06:01 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users