Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I hope it's not too late for help.


  • Please log in to reply
12 replies to this topic

#1 2old2play

2old2play

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 05 October 2011 - 12:19 PM

I have been having problems with one of my computers for a few weeks. At this point, it reboots by itself and most of the time I can't connect to the internet. MS internet explorer stopped working a while ago and firefox was not connecting due to a proxy stoppage. I did not set it up to connect via proxy. It is running Windows XP Pro version 2002 service pack 3.

MS security essentials is the virus program and it has been ineffective. It has identified and removed several trojans multiple times and they just keep reinfecting. I was able to get it to boot in safe mode, at which time I used ATF cleaner to delete the contents of the caches.

Please tell me how to proceed. Thank you in advance for your help.

2old2play

I am not on the infected computer at this time.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:28 AM

Posted 05 October 2011 - 12:39 PM

Welcome aboard Posted Image

Restart computer in Safe Mode with Networking.

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 2old2play

2old2play
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 05 October 2011 - 01:17 PM

Here is the checkup.txt contents below.


Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
ESET Online Scanner v3
Microsoft Security Essentials
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Adobe Flash Player 10.3.183.7
Adobe Reader 9.4.6
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

#4 2old2play

2old2play
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 05 October 2011 - 01:28 PM

I was able to get it to load windows using the run last good settings choice on the safe mode menu. I downloaded, ran and posted the security check .txt file. While trying to download the minitoolbox, the browser froze. Eventually the system rebooted itself. I have chosen safe mode with networking and am waiting for it to come around.

#5 2old2play

2old2play
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 05 October 2011 - 02:12 PM

edited for security by 2old2play

Edited by 2old2play, 05 October 2011 - 11:35 PM.


#6 2old2play

2old2play
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 05 October 2011 - 03:22 PM

I was able install MBAM and run it. there were about 12 items found. I told it to remove selected and it froze.

After a couple hours of blue screens, crashes and such i was able to start the scan again. Its running now, I'll post when it finishes.

2old

#7 2old2play

2old2play
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 05 October 2011 - 03:34 PM

Another crash and blue screen. IRQL_NOT_LESS_THAN_OR_EQUAL. reboot to safe.

blue screen BAD_POOL_CALLER, BOOT TO SAFE, blue screen BAD_POOL_CALLER

boot to last good and went to system restore. restored to 9/22/2011.

boot and blue screen. IRQL_NOT_LESS_THAN_OR_EQUAL.

#8 2old2play

2old2play
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 05 October 2011 - 03:47 PM

Did not complete system restore because shut down was interrupted. I'm all out of ideas.

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:28 AM

Posted 05 October 2011 - 04:26 PM

With the information you have provided I believe you will need help from the malware removal team.
Please make sure that you read the information about getting started first.
Then start a new thread HERE and include or required logs.
Including a link to this thread will be helpful.

Good luck and be patient. Help is on the way!

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,949 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:28 AM

Posted 05 October 2011 - 10:29 PM

Hello,

I found your new topic here: http://www.bleepingcomputer.com/forums/topic422070.html but I don't see the DDS logs or the GMER log or any indication that you tried to produce them. So apparently you missed part of Broni's instructions above. To restate in a different way:

Please follow the instructions in ==>This Guide<== starting at step 6.

Once the proper logs are created, then post them in a reply to this topic: http://www.bleepingcomputer.com/forums/topic422070.html by using the Add Reply button to that topic, not here.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, include the information that you were unable to produce the logs and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#11 2old2play

2old2play
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 05 October 2011 - 11:31 PM

Orange blossom,

I can't get the computer to allow me enough time to run any scans. It will not stop crashing and rebooting. If you have a suggestion to somehow get it to boot to a virus removing cd, we may be able to get it clean enough to run scans in windows. I have a clean computer that I am using to write this.

2old

#12 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,949 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:28 AM

Posted 06 October 2011 - 10:28 PM

Have you tried doing the scans in Safe Mode?

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#13 2old2play

2old2play
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:03:28 AM

Posted 06 October 2011 - 10:35 PM

5 or 6 posts above I tried that with safe mode and safe mode with networking.

When I boot in safe mode, after about a minute, blue screen BAD_POOL_CALLER, if I try again BOOT TO SAFE, blue screen BAD_POOL_CALLER.

When I boot to last good, it goes to blue screen and IRQL_NOT_LESS_THAN_OR_EQUAL.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users