Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is My System Infected?


  • Please log in to reply
2 replies to this topic

#1 RaSkull

RaSkull

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 13 January 2006 - 11:28 AM

I think my problems began with an update for SpyBot S&D, but I can't say for sure. Anyway, here is what got me wondering and investigating.
I opened Spybot while online and searched for updates. Found "Detection Rules" so I downloaded and installed them. I then tried to run a scan but the program was frozen, nothing I clicked on within SpyBot would respond. So I tried to "close" the program and it would not close. So I opened "Task Manager" and under the "Applications" tab I saw that SpyBot was "Not Responding". So I selected "End Process" and was successful. I then re-opened Spybot useing my desktop shortcut as usual and ran a scan. The scan took 1 second at most and there was an entry that said "could not read" but I was not able to read the rest of what it said because the program closed itself! I then disconnected from the internet and began running scans with Ad-Aware, AVG Free, Microsoft Anti spy, Stinger build 2.5.8, and HJT. I found the folliwing results:

AVG Free scan: "PartitionTable (MBR)"......Reading Error
"Boot Sector of Disk"........Reading Error
Everything else ok, no virus.

Stinger: clean

HJT scan: Will post log if advised. May be corrupted, may need new copy of HJT, I see red letters at the top of the scan box where the files being scanned are shown during a scan, but they go by so fast I can't read what they say, did catch the word "services". Make any sense?

All other scans where clean. So I thought maybe Spybot got corrupted during the update so I tried to uninstall it with the intention of reinstalling but the installshield encountered an "error" and "had to close".
At this point I was convinced that SpyBot had issues, so I rebooted in Safe Mode and was able to uninstall SpyBot. While in safe mode I ran "msconfig" and looked under the Services tab and after checking "hide all ms services" box, I noticed in the Item "InstallDriver Table Manager" manufacturer "Unknown" and it was "enabled" but I disabled it.
I then looked under the "Startup" tab still in "msconfig' and I saw "Test" under item and command, Location- SOFTWARE\Microsoft\Windows\CurrentVersion\Run, was set to run at startup so I disabled it. Now I'm not sure what to do next. I would love some advice and I can give more info if I remember anything I left out here. Thanks in advance!
Almost forgot.....after rebooting in Selective Mode my AVG Free scans with no errors and everthing works ok, or seems to. Could this be because of the Startup entry and Service that I disabled? Thanks

Edited by RaSkull, 13 January 2006 - 11:36 AM.


BC AdBot (Login to Remove)

 


#2 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:11:21 AM

Posted 13 January 2006 - 06:01 PM

Have you tried using a System Restore date from a date where you had no problems?

#3 RaSkull

RaSkull
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:11:21 AM

Posted 13 January 2006 - 11:00 PM

Yes I did Restore to an earlier date but even after doing that I found the same results in the scans that I mentioned before. I tried more then 1 restore point also, going back as much as 1 month. I have heard that some nasties can infect Restore points as well. Is this true? I did the System Restores before trying to uninstall SpyBot. Sorry for leaving that out before. Everything seems ok now that I disabled the "Test" Startup Item and the "InstallDriver Table Manager" in Services when I run "msconfig". But both entries are still listed in "msconfig" so how do I remove these nasties? And I have now gotten a fresh HJT download and run it but I see nothing out of the orinary, and the "red letters" I mentioned in previous post are normal I guess I just never paid attention to them before, will post a log. Thanks very much!

Edited by RaSkull, 13 January 2006 - 11:16 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users