Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help me people. I just made it in here


  • This topic is locked This topic is locked
5 replies to this topic

#1 wallace_060

wallace_060

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 01 January 2012 - 03:12 AM

Hello, please can anyone help
My computers seem to be under attack from something nasty.
It wouldn't even let me create an account here. I had to use 3 emails before I wasn't constantly redirected on a login loop with 'unknown password'.
I have:
Acer Aspire Windows 7
Asus Netbook Windows 7 starter
Compaq Windows Vista
EMachine Windows 7

All computers are in and out of functionality. I think it may be some denial of service attack or something. It's been going on for a while.
There are litereally dozens of problems, none of which have been solved by anti-virus checkers, malware removals, clean installs, formatted hardrives. I even bought a brand new computer and the same thing happened as soon as logged on to internet.
Is this the right place to post before I launch into details. Im led to believe that somehow i am running on 2008 windows server or something so i post here.
please help
more info ready and waiting.
thanks
Dave

Edited by hamluis, 01 January 2012 - 10:31 AM.
Moved from NT to Am I Infected.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:34 PM

Posted 01 January 2012 - 01:28 PM

Hello,it seems the problem is actually based in your router and that in turn is infecting all the other computers on your network.
Here is the entire fix(from the beginning) that you will need to run on each PC.

Please download Malwarebytes' Anti-Malware from Here or Here

Next disconnect your system from the internet, and your router, then…

Double Click mbam-setup.exe to install the application.
  • Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don’t know the router's default password, you can look it up HERE

However, if there are other Zlob-infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site here for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router. Then return to this site to post your logs.
>>>>>>>>>>>>>>>>>>>>>
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 wallace_060

wallace_060
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 03 January 2012 - 09:06 AM

Hello
I followed steps as requested.
It did a quick scan, but found 0 infections.
Then Notepad opened but there was nothing to read, so I have nothing to post.
I reset my router has requested (though to be honest I have done all of this many times)

I think something is migrating my files from the C:Drive to the X:Drive. I know I am booting from the X:Drive

Here some of the probems I have been encountering
-I always get logged in as a tmp profile. I don't believe i have admin privaledges even though it says i am an administrator (no changes to settings ever work). In some cases I am denied access to non-system essential folders e.g. pictures or videos
-URL redirects (e.g. I can never log into Yahoo and see my sign in seal)
-Hardrive light constantly on, never stops whirring.
-unable to boot in safe mode
-unable to change boot source
-unable to enter Bios
-comp never seems to fully turn off (doesn't shut down properly)
-Backup not working
-Troubleshooter/diagnostics not working
-WMI not working
-cannot change settings in msconfig
-multilpe versions of same process e.g. if i open firefox with only 1 window in task manager it says there are 4 firefox.exe
-CPU usage hovers between 60-90% with no apparent programs running and no windows open on desktop
-strange whining sound intermittantly comes out (sounds like feedback). I read this has something to do with temperature of computer (but the comp feels cool to the touch)
-i can hear the sound of a phone dialing every now and again
-just today when i logged on i saw at corner of desktop the words "Windows 7, Build 7601. This copy of Windows is not genuine" Ive had this machine for 2 years and have never seen this. I bought it brand new from John Lewis.

In windows exlporer I dont have My documents or My computer folders. I only have libraries and a 'Computer' folder which is at a lower level on the path tree than other items on desktop.

These are only some of the problems on one machine. These problems occur on 2 of the other machines (Compaq/Emachine). I do not have access to the Asus netbook to check that, as it won't let me into my account with my password.

PS I have a lot of Java script files which have appeared on desktop and think it has something to do with Java Script hacks.
Also I have active connections in netstat to different servers, even though i am not browsing the internet
Plus when I put in my BT Broadband Installation CD the other day (just to check if i had right settings) it says I have no adapters for the ethernet or wireless, which is strange as I was surfing the web!

another weird thing is that the wireless icon in network and sharing centre has a red cross on it, so you'd think it was disconnected or disabled, but it only gives me the option to disable it, not enable it. I've also noticed that the drivers for the ethernet and wireless have changed name.

BT are useless. I have contacted them so many times...this is way over the heads of their broadband 'tech help' people please help

Thanks

Dave

Thanks

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:34 PM

Posted 03 January 2012 - 11:02 AM

Ok, this sounds like a Zeroaccess rootkit and we need to repost.

We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Include a link back to this topic.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 wallace_060

wallace_060
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 03 January 2012 - 05:54 PM

Thanks...
here is the URL for my new post.
http://www.bleepingcomputer.com/forums/topic436059.html

Dave

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:34 PM

Posted 03 January 2012 - 09:58 PM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 3 - 5 days and ALL logs are amswered.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users