Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Kasperskey rescue disk states /tmp&/var/tmp are saved in ram


  • Please log in to reply
1 reply to this topic

#1 hpsux123

hpsux123

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 21 May 2011 - 11:38 PM

Ok so after 3 days at this I'm giving up and comming to the experts. I have a Compaq sr1810nx I was told there is malware on the drive from previous owner,Win 98(that was just re-recovered to sp2 '06)currently is has 5mg mem onboard ati 200 ,realtek audio,realtek usb 100g maxtor hd and a TSScombo dvd/cdr. I have attempted to use a Kaspersky rescue disk on it after the first recovery started showing graphic problems(retrace).Also I ran superantispyware and it found 8 2 of which were trojans,and malware bytes(the 1 time it DID run)found 13. When running the recovery console in graphic mode it hangs up,when doing so in text it seems to be scanning to quckly and never finds any threats except 1 spyware file and then it froze.Also when I reset the computer the options for win recovery are f10 to enter the rec console,f1 to go to setup and esc to go to boot menu,odd thig is when I hit f11(which is NOT listed) it goes into the phoenix bios also.The time on the computer is off by about 6 hrs.Kav rescue states when running tmp and var/tmp are saved in ram and suggests I save files elswhere. I have done everything from changing bios drive orders and even created a DOS boot disk.I also have Herin's boot disk but SuperAntispyware stated they was a trojan on this disk when I included it in a scan of all drives.Let me also say that I have 4 computers all of Hp or Compaq design with similar issues. As of now I am using a HP notebook that I just got back from "Geek Squad" for having a rootkit(I suspected),but am still not convienced it is 100% secure as the vunerabilities scan states Adobe 9 reader,adobe air,hp assistant,and slingbox along with one other program are still issues do to files: UDX,packed,molebox,Swf2wc,PEpatch,PEcompact bit16b3.tmp.I took the laptop to them after ordering the recovery manufacture disks from Hp ,and just had them "clean install" the entire disks. Back to the pc though(I actually have two i'm trying to fix,the 2nd I am giving to a family that is in dire need of it due to 4 kids and no $) When attempting to gain access to the computer with various caveman like technics I stumbled on to a few (what I think)are linux code scripting programs,killall,vidmode,bash bug,ramsize,sfdisk,sandbox,rmdir,chpasswd,hunspell,idterm,eltorito and there are a few more but I will spare you until I am asked. Before the most current restoration on the presario 1810 none of the settings were being saved,even when I would add a new user settings were not saving correctly on desktop,and configurations i would save would somehow change themselves back. The graphics when perfoming the recovery console from windows are some timed dithered very poorly especially the icons(the file that folder avatar that dends a flying file to your harddrive when performing a destructive restoration,along with non of the animation on the recovery screens is working and when Kav rescue disk is ran the inital screen is completly clear and then it refreshes to one with a background that is dithered again,poorly. Previous to the fresh recovery of Win98home sp2 Kav rescue when i closed it down in windows the harddrive would remain spinning very quietly.On the first recovery it had to make an auto adjustment for the newer monitor being used(the 1810 presario was in a closet for 4yrs without it being turned on). On previous recovery of the windows98 using the Win recovery console I went to windows and updated the OS it downloaded 136 files with the 2nd to last one failing to install,the system reset itself and windows update stated I still needed to install sp3 which had supposedly been installed already. Also when updating the drivers from the HP site when updating the CD/DVD combo writer in device manager a error was shown and it wouldnt let me update or rollback even manually.Along with something called "promise" making the realtek adapter throw an error. Python22 is running in startup along with atiexx and atiexx2 . When I went into network connections recycle bin,a file folder that opens with COM+ was to my documents along with a discription of the type of OS and a few other thins in a text doc named system description. Remote connections is always rechecking it self after I uncheck it and when running a programs it asks me if I would like to run it as myself(current user) or select another user which is blank but if i click on another user the password fills in itself(15 digits)but does not fill in the user. In mycomputer under docs an extra file called _backup_rc was the first one along with 2 sets of folders for documents the actual computer user name and then --your-#########(a bunch of numbers and letters which incidently is the suggested name for the computer when performing the Compaq/windows recovery function from the recovery partition on the hard drive) that cuts off and i cannot change permissions even though the acct I'm using is supposedly an Administrator. Sorry to go on forever but in instruction when posting they asked to be as descriptive as possible and I am actually giving the short version. ANY/ALL help will be greatly appreciated as I am at wits end and thinking I may have to tell these people that I can't get the one computer fixed let alone the computer i was going to give them for thier kids.
Thanks for the help!

BC AdBot (Login to Remove)

 


#2 hpsux123

hpsux123
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 27 May 2011 - 08:34 PM

HELP?? I now have another two computers affected by this rootkit,I have multiple logs and am unable to run malware programs due to the infection starting at the acpi. My laptop which was "fixed" at Bestbuy is already showing the infection signs. I am working on another computer that was left by the wayside due to infection(same basic software setup as all the others)I'm concentrating on one system so please don't think I am asking to fix the remaining 6(yes 6!) I have ran Rkill,GMER,Highjack this,and a few device detection programs.I have extensive logs on one machine and would be willing to post them if given the opportunity. The other systems will be somewhat similar removals until I get down to the main infection(as I believe it to be a multitude of malware on all of them)I know to run defogger then post but is it even safe to D/L defogger on a corrupted machine? I am now working on a sr5710f compaq desktop. The sr1810nx Presario has been put on hold from the previous post.I would appreciate any help ANYONE(legitimate) can offer as I have been on the phone with ATT tech support(4hrs) and then Geek-squad,tech support(3hrs) both which remote'd into the computers and said there was nothing wrong after cleaning a bunch of "odd looking" things out of the system,& it comes right back. Hell the rootkit even snagged a copy of "logmein" software to boot since they both use this program for remoting. I have only made this email specifically for this removal as no computer I get on is safe to use a normal acct. Can someone throw me a hand?Please?Thanks

This is a 32bit Vista OS,sr5710f Compaq Presario AMD Ath x2 dc,Nvidia 5150se w 3g mem(512L1,L2 64/64=640cache) ,single 250gb hd,cd/dvd rw scsi,no wifi card,just a nic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users