Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

horrible virus/malware - crippled laptop


  • Please log in to reply
5 replies to this topic

#1 Brokenlaptop1

Brokenlaptop1

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 26 April 2012 - 05:24 AM

hi guys,

wondering if I could possibly have some of your time and assistance here. :-)


My laptop had been running reasonably well recently and my default browser has been Google Chrome for some time now.

Until....I started playing Command & Conquer Alliances online and had to switch my browser to Internet Explorer, updated it and now I have some killer malware/viruses.

I also downloaded Windows Security Essentials ( which admitedly may have been a dodgy link...but I cannot verify this) and Malwarebytes.

Windows Security Essentials kept popping up with threats, even after they had just been deleted and laptop had been restarted. I have now unistalled Windows Security Essentials and Malwarebytes.

My laptop now currently has no anti virus software installed at all and no firewall!



PROBLEM: On startup I get the blue screen: coooo135 %hs missing. (and I have no AVG installed on my machine)


I have performed numerous system restores etc...and have finally been lucky enough to get the laptop to boot up and I am currently writing this thread online, on wifi, on the laptop I am having the issue with. (no safe mode or anything)

the virus/malware is playing random music in the background and redirecting my internet explorer searches to ebay etc. ( it just played some Dora The explorer music/advert 2 minutes ago)





I really need this laptop working asap for a university presentation and honours project. I have taken the day off in order to hopefully get this fixed and if I could get some help here I would really appreciate it guys!

many thanks

Mark

BC AdBot (Login to Remove)

 


#2 Brokenlaptop1

Brokenlaptop1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 26 April 2012 - 05:28 AM

LAPTOP DETAILS:

HP Pavillion DV7 Notebook PC

Intel core Duo CPU T6600 @ 2.20GHz 2.20GHz

RAM: 4.00GB

64 BIT

#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:34 AM

Posted 26 April 2012 - 05:56 AM

Probably zero access rootkit

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#4 Brokenlaptop1

Brokenlaptop1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 26 April 2012 - 06:37 AM

Scan running as we speak..

#5 Brokenlaptop1

Brokenlaptop1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 26 April 2012 - 07:58 AM

log results:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-26 12:25:43
-----------------------------
12:25:43.694 OS Version: Windows x64 6.1.7600
12:25:43.694 Number of processors: 2 586 0x170A
12:25:43.694 ComputerName: MARKS-PC UserName: mark's
12:25:48.085 Initialize success
12:30:15.176 AVAST engine defs: 12042600
12:30:32.326 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:30:32.330 Disk 0 Vendor: Hitachi_ PC4O Size: 476940MB BusType: 3
12:30:32.342 Disk 0 MBR read successfully
12:30:32.346 Disk 0 MBR scan
12:30:32.354 Disk 0 unknown MBR code
12:30:32.366 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
12:30:32.377 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 463342 MB offset 409600
12:30:32.405 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13397 MB offset 949334016
12:30:32.443 Disk 0 scanning C:\Windows\system32\drivers
12:30:52.985 Service scanning
12:30:55.740 Service AMService C:\Windows\TEMP\dipbvk\setup.exe **INFECTED** Win32:Zbot-OHK [Trj]
12:31:27.369 Service symids C:\Windows\system32\bh611.dll **INFECTED** Win64:ZAccess-E [Rtk]
12:31:36.645 Modules scanning
12:31:37.048 Disk 0 trace - called modules:
12:31:37.078 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys sphz.sys hal.dll
12:31:37.085 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800590e060]
12:31:37.092 3 CLASSPNP.SYS[fffff88000c4f43f] -> nt!IofCallDriver -> [0xfffffa800590d040]
12:31:37.102 5 hpdskflt.sys[fffff88001e98289] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004bed050]
12:31:43.146 AVAST engine scan C:\Windows
12:31:46.280 AVAST engine scan C:\Windows\system32
12:31:56.709 File: C:\Windows\system32\bh611.dll **INFECTED** Win64:ZAccess-E [Rtk]
12:32:06.811 File: C:\Windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
12:34:49.326 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
12:34:52.079 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
12:37:28.977 File: C:\Windows\assembly\temp\U\80000032.$ **INFECTED** Win32:DNSChanger-VJ [Trj]
12:37:29.069 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
12:37:29.158 File: C:\Windows\assembly\temp\U\80000064.@ **INFECTED** Win32:Malware-gen
12:37:30.840 AVAST engine scan C:\Windows\system32\drivers
12:37:56.937 AVAST engine scan C:\Users\mark's
12:48:19.889 File: C:\Users\mark's\AppData\Local\promo.exe **INFECTED** Win32:Malware-gen
13:11:48.723 File: C:\Users\mark's\AppData\Roaming\Headup Games\gameupd.exe **INFECTED** Win32:Malware-gen
13:27:18.140 File: C:\Users\mark's\Downloads\7Zip_Setup.exe **INFECTED** Win32:Adware-gen [Adw]
13:41:14.387 AVAST engine scan C:\ProgramData
13:48:19.656 File: C:\ProgramData\LJOBGq6J.exe **INFECTED** Win32:Downloader-NYN [Trj]
13:50:13.624 Scan finished successfully
13:58:06.756 Disk 0 MBR has been saved successfully to "C:\Users\mark's\Desktop\MBR.dat"
13:58:06.764 The log file has been saved successfully to "C:\Users\mark's\Desktop\aswMBR.txt"

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:34 AM

Posted 26 April 2012 - 08:15 AM

We need advanced tools to remove this one

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users