Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer severely infected and unable to run GMER


  • Please log in to reply
1 reply to this topic

#1 Mr. PH

Mr. PH

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 07 January 2012 - 05:04 PM

Hi,

I have a computer that is severely infected with probably more than 5 viruses or trojans and probably with a rootkit. When I try to do anything on the computer from its built-in Windows 7 OS, the malware kill active tasks, windows and processes and the screen/active window flashes between active process when it starts killing windows/processes or is doing something. Also sometimes it tries to shut down the computer by showing the Shut down/Turn off computer window. Because of this, I am unable to run virus scanners directly from the built-in OS and also from a separate CD drive that is read-only. Also I am sure there is at least one fake virus scanner installed (360?) and another called Thunder networking which is not a "virus scanner", and the malware has infected the system files including the WINDOWS folder and the i386 folder, and possibly even the BIOS.

First I tried to run tools from within the Windows 7 OS: I tried to kill the active malware processes using Rkill, but it did not find/kill any processes. Then I ran the McAfee Stinger but it was terminated by the malware after 30secs-1min of running. I tried to use Hiren's Boot CD (v10.6) to remove the malware by scanning the hard drive as a data disk, but when I run the Mini XP on the Hiren's CD and run scanners like GMER or SuperAntiSpyware or CWShredder, by 5-15 minutes after running the scanner, the malware always kills them, closes all running windows, and tries to shut down the computer by showing the Windows Shutdown/Turn off computer window. And this is with me running Mini XP from Hiren's Boot CD and I am using a CD-R with a read-only disc reader.

When I ran GMER and some other scanners, some error prompts showed up that said some WINDOWS/System/config files and Other system files including the registries were missing or something, so I am very sure that the System files are infected so I cannot run the Boot CD correctly. I think there are 5 partitions on the hard disc (probably some made by the malware) and the one that are used when running the Boot CD's Mini XP are X: and another one. The X: drive's i386 system files are missing or infected and I don't know if they are the ones from the computer or on the Boot CD. I don't know if the Boot CD itself was already infected, but I downloaded the iso from Hiren's website, not from a third-party. I'm sure I burned the image correctly because I used RAW SAO (1:1) and burned at 16 for the first disc I ran (which became infected when I ran the CD in the computer's disc reader which was also a writer). and burned at 10 for the second one, so I'm sure the data isn't corrupt.

So the problem is: I cannot run GMER to get a log because the malware kills it, I cannot run Stinger because it also kills it. I used a Boot CD from a separate disc reader to run them, but the malware still killed them and tried to shut down the computer. I don't know what I should do and what other tools I can use in this situation. I don't know what malware is in the computer, so I think I should probably run a malware identifier scan. But I don't know the best tools to use. Can you guys guide me through the malware removal process? (P.S. I accidentally posted the topic on the Logs thread, so I am posted my problem here too).

Update: After running Kaspersky Rescue Disc 10, it found nothing. The malware was still attempting to terminate the scanning window/process.

Edited by Mr. PH, 07 January 2012 - 07:41 PM.


BC AdBot (Login to Remove)

 


#2 Mr. PH

Mr. PH
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 15 January 2012 - 01:27 AM

This has been resolved: Unfortunately, I had to wipe the hard disk since my friend was requesting it back. But next time I encounter such a problem, I will follow the steps (from the other mirror post) and post the full logs, descriptions in the first post for faster resolving. Thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users