Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with System Fix


  • This topic is locked This topic is locked
3 replies to this topic

#1 amc25

amc25

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 01 December 2011 - 01:59 PM

Hi,
I've started with the Prep Guide Before Removing Malware and Requesting Help but I'm having trouble completing all the steps.

Here are the the popups and windows I see that swamp my screen:

System Fix/Scan PC for errors window superimposes itself and can't be minimized so I hide it in the corner.

Warning windows pop up that say:
"Windows-delayed Write Failed. Failed to wave all the components for the file "sys32"00004f25.File corruptible or unreadable. This error may be caused by a PC hard drive prob."

Warnings from my tray flash up frequently saying:
"RAM memory reliability is extremely low. Prob. may cause system failure"
"Hard Drive Critical error. Start sys diagnostic app to scan hardrive"
"Windows OS can't detect a free hard drive space. Hard drive error"
"Hard Drive clusters error.."

A history of what's happened with the computer since infection:

When all the popups first showed up I'm pretty sure that it reduced my once swollen desktop to about a quarter of it's original icons. I don't recall what panicked, feeble efforts I made to figure out what was going on but at some point the computer restarted and my desktop went from sparse to completely blank (black without my desktop image) and my start button only showed the Toshiba Direct Store link and everything else was empty.

I tried to open my control panel with CTL+C and that wouldn't work nor would CTL+ALT+DEL do anything. AVG also showed a general error on startup.
I couldn't remember what keys I could use to shortcut into stuff and I couldn't even figure out how to open a window to get on the internet so luckily I could use the Toshiba link in Start to get in.

I went to your site and read that I could get into control panel thru Run Dialog to begin following your prep guide and make sure the windows firewall was enabled.

So, as far as following the Prep Guide:

I followed firewall instruction but when I got to step #7 I tried 3 separate times to run DDS and my computer would freeze each time. The hash marks that showed in the box indicating (I assume) its progress would get about 3/4 finished and everything would freeze and I would have to restart my computer.
I skipped ahead to step #8 and tried to follow your directions but I couldn't seem to do what you specified. I downloaded it and first had to unhide my downloads folder so I could see the zip. I unzipped and clicked on it and got an error that said, "(C:\Docume...cannot create a stable subkey under a volatile parent key".
I clicked okay and then the program popped open and I thought it started up and froze cuz it actually looked alittle funny but then I hit the "Scan" button and it started scanning. At this point I realized that I hadn't unchecked several of the boxes that you instructed so I stopped the scan to set the parameters as you said they needed to be.
When the program opened only the "services", "registry", "files" boxes are checked with C: showing in the box and "ADS" checked below that. All the other boxes above are greyed out and can't be changed.

I'm not sure if using the other GMER link will work or just clicking on the "Exe" rather than the "zip" will work. Because my desktop and start buttons are blanked out I worry that I won't be able to find it to access it once saved/downloaded. For instance, I'm wondering if I'm able at some point to run steps #7 and 8, will I be able to save the results and then find them to post here (hopefully unhiding stuff will work?)

So this is where things stand now. I know you guys are busy with requests and I'm assuming it might take awhile to get to me so I thought I'd post this info and dig around some more on your site and see what helped other people. This is the only site I'm using for help, as prep guide requested and I will now wait patiently.
Thanks for taking a look at this- I hope my descriptions are helpful; I know I wasn't able to do much in terms of generating logs that you guys need but hopefully with a little instruction I can figure out how to get that to you.
Thanks again,
Alex

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:59 PM

Posted 06 December 2011 - 02:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/430251 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:59 PM

Posted 08 December 2011 - 02:32 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

You may have been infected by a ZeroAccess rootkit infection.

Before I suggest any tools I need to know what you operating system is, ie, XP, Window Visa, Windows 7 and if you have the 32 or 64 bit system.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:59 PM

Posted 14 December 2011 - 10:08 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users