Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Virus ???


  • Please log in to reply
1 reply to this topic

#1 majestic100

majestic100

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:45 PM

Posted 04 October 2011 - 04:20 AM

A friend asked me for help with his XP desktop. Problems/issues found wer8/are:-

1. No internet access. Overcome by re-installing IE8. I had a full version copy available
2. Unable to restore to earlier date.
3. Unable to boot into any variant of safe mode. Normal mode OK
4. AV (NOD32) not running (won't run). Firewall turned off (turned on)
5. Unable to acces any AV site
6. Unable to access Microsoft sites

Checked start up items under msconfig found file - ceiaaelc.exe - Cannot find any info relating to this on internet. If I uncheck, always comes back.

This file found at C:\Documents and Settins\[Account Name]\Local Settings\Application data\txqnpbc\ceiaaelc.exe.

Shoen in Registry at HKCU\Software\\Microsoft\Windows\\Current Version\Run

Tried to delete from both locations, even deleted registry Key. Keeps comming back

Tried Combofix - download to USB drive from own PC (ensuring only one PC was network connected to stop cross infection). This found Recovery Console not installed but downloaded and installed on accepting option o do so. Combofix picks up (deletes?)the above file but it comes back.

Tried to access safe mode by installing safeboot.reg but though says successful still can't get into safe mode.

Ran recovery console to run fixboot and fixmbr but that just compounded the issue as, on restart, couldn't get pat account screen - immediating logs off and back to account screen

Tried XP repair. This went OK but as soon as desktop appeared a window flashed up which I didn't catch and back to square one again - no internet access etc the file, ceiaaelc.exe, back again

Tried to run Norton Eraser but this wants to go to the internet (Can't access AV sites) to look for latest version (Why? it was. I just want it to run).

Currently running latest version of McAfee Stinger

Appreciate help on this one

Update 1: Stinger completed. All files clean
Update 2: Decided to reformat disk and re-install XP. partion deleted, recreated and formatted. WOuld you believe it!!! same symtoms re net connection and safe mode. Now find new file...............

This file found at C:\Documents and Settins\[Account Name]\Local Settings\Application data\ljnhlol\tmrdrlxy.exe

Shown in Registry at HKCU\Software\\Microsoft\Windows\\Current Version\Run

What is happening !!!!!!????????!!!!!

Update 3: Issue looks like resolved! My theory - When repair installing 8MG of disk space is not used in partition creation. Whatever was affecting this machine must have ben located in this 8MB and regenerated on restart. I used a bootable version of Acronis Disc Director, deleted existing partition and created and formated a new partition that used ALL disc space (no 8MB left). Reinstalled XP and now can get to Microsoft sites and AV sites and safe mode. Bit of a pig but hopefully now all OK

Edited by majestic100, 04 October 2011 - 09:50 AM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:45 AM

Posted 04 October 2011 - 07:38 PM

With the information you have provided I believe you will need help from the malware removal team.
Please make sure that you read the information about getting started first.
Then start a new thread HERE and include or required logs.
Including a link to this thread will be helpful.

Good luck and be patient. Help is on the way!

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users