Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Veteran Professional Malware Warrior at his wit's end!

  • This topic is locked This topic is locked
4 replies to this topic

#1 LitlJay


  • Members
  • 3 posts
  • Local time:06:27 PM

Posted 11 October 2011 - 11:41 PM

Customer brought me his computer, telling me that he went to mycleanpc.com because he thought he had viruses, and now it won't boot.

Turns out his hard drive was splattered with bad sectors, so I had to clone it to a known good drive before I could even get started. The boot failure was a corrupt registry, so restoring from backup via ERD 6.5 got me to his desktop.

Keep in mind that, during all of this, I can not get it online while in his installation because he has the NIC set to a static IP that doesn't work in my subnet (it's an openvpn host and has to have a static ip) and one of the nasties is closing the Network and Sharing Center immediately after it opens every time I try to access it. Come to think of it, I haven't tried netsh yet, but I do know that ping is crippled.

I have worked on it from within his installation, safe mode, a few live disks, ERD, and also yanked his hard drive and scanned it with a bench system a few times.

From all of these environments in as many reasonable combinations as possible I have tried Combofix (blocked by malware), spybot, malwarebytes (blocked), hijackthis (blocked), superantispyware, avast, avira, ms security essentials, windows defender, Dr Web, TDSSKiller, clam, cwshredder, pestpatrol, spysweeper, adaware (blocked), spyware doctor, and a few others that I can't think of off of the top of my head.

I have chipped away quite a few viruses, worms, rogues, and other ugly stuff, but a few things obviously still remain.

Vista is clearly in need of repair due to the registry problem and bad sectors, but I can't do that until the malware is gone. This may also be why some of the antimalware programs won't run, but the errors are just too typical of malware so I'm not taking that copout just yet.

DDS and GMER should be attached.



Attached Files

  • Attached File  ark.log   148.01KB   3 downloads
  • Attached File  DDS.txt   15.42KB   5 downloads

Edited by LitlJay, 12 October 2011 - 12:49 AM.

BC AdBot (Login to Remove)


#2 LitlJay

  • Topic Starter

  • Members
  • 3 posts
  • Local time:06:27 PM

Posted 13 October 2011 - 04:01 AM

Not trying to bump myself here, I promise, but is it normal for a request for help to go 30 hours without so much as an acknowledgement? I've knocked off about TWO DOZEN rootkit process killers as either blocked or ineffective here, and I've pored and pored over GMER and OTlistIT logs for something that looks out of place. I see only one person has downloaded my GMER log. Were they as stumped as me? Why is my issue so undeserving of attention?

If I committed some terrible crime, why didn't someone reply with an admonition so that I could correct it?

I've always told my customers who want to give it a go themselves instead of paying for my services that bleepingcomputer.com should be their first, best, and last resource for tools, ideas, and advice. Is this the treatment I should tell them to expect?



#3 Orange Blossom

Orange Blossom

    OBleepin Investigator

  • Moderator
  • 37,112 posts
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:27 PM

Posted 13 October 2011 - 12:48 PM

I know how frustrating it is when your computer isn't working properly. Let me assure you that your topic isn't lost, forgotten, or ignored. We work with hundreds of logs every day, so we have devised a means of seeing only those topics that don't have responses yet. At the moment, we have over 200 unanswered topics, the oldest dated October 8, 2011 at 2:33:41 p.m. Eastern Daylight Savings time in the U.S.A. Your log topic is dated October 12, 2011 at 12:41 a.m. using the same time zone.

Our volunteer MRT team members have various levels of expertise and training, so while we try to take the oldest DDS/HJT logs, it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us would want someone to assist you who is not familiar with your issue and attempt to fix it.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


#4 LitlJay

  • Topic Starter

  • Members
  • 3 posts
  • Local time:06:27 PM

Posted 13 October 2011 - 02:51 PM

Note again that this isn't my computer, so I am not the most impatient one in this particular equation. This is a businessman who wants his computer back.

Your response is fair, but some form of acknowledgement would be decent if the normal wait really is that long. As it stands right now it looks like you are promising to help (volunteer or not) and then never delivering.

How about some type of queuing system so people know where they stand?

#5 Grinler


    Lawrence Abrams

  • Admin
  • 43,718 posts
  • Gender:Male
  • Location:USA
  • Local time:06:27 PM

Posted 14 October 2011 - 03:40 PM

This topic is being closed. From the private messages between Blade Zephon and yourself, it appears that you are obviously not understanding our side of things. As you have said that you have continued working on the problem, have made headway, and "might be persuaded to share" what you did, I think we can safely close the topic. From just quickly looking at the dds.txt log, I spotted at least 2 malware related lines in there.

Your messages imply that we don't think you should make money at your profession. Noone ever said that. What we do not like though, is when people come to the site asking for free help for services they are charging their clients, and then complain when we do not answer fast enough for them. That is just selfish as far as I am concerned. Everyone who helps on this site does it on their free time. Time that they could be using with their family or pursuing other interests. Instead they help others, like yourself, for free. With that said, if you or anyone else for that matter goes to a site to get free help on a problem they are having on their client's computer, the polite thing to do would be to not complain.

For the record, though, I do want to state that we have nothing but love for our IT Professionals and Computer Repair friends. It brings me, and the rest of the staff, great pleasure knowing that our resources are of help to those in the computer business. It also makes me very happy to know that our information makes them succeed better at their jobs and hopefully earn more money for them. The only thing we do not like is when a company is abusing our free support to solve their client's issues. A topic here and there when your stumped is fine, but when it becomes obvious that we are doing your work for you, we are going to let you know thats unacceptable. Coming from the computer repair business myself, I think that's fair.

As always, quick questions on removing malware or properly using a tool are always welcomed and will always be answered if possible.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users