Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

On my knees


  • Please log in to reply
5 replies to this topic

#1 Kzatu

Kzatu

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 18 September 2012 - 03:31 PM

It all started when I decided to reinstall my Windows 7 computer for the first time after 4 years (I migrated from Win7 x86 to Win7 x64). After the reinstall, I began installing all my old apps and copying my data back to my drive. That is when I started to notice odd behavior in IE9.

Odd behavior:
-Any website may or may not load on the first try.
-Yahoo.com would usually come up garbled and malformed with images missing, page formatting incorrect, and with some encrypted/compiled looking text.
-Bing.com would usually flash multiple times while loading and finish with "Internet Explorer cannot display the webpage".
-Google.com would usually never come up and end with the same message as Bing.
-Downloading malware removing tools like rkill and Malwarebytes would usually prompt IE9 to display "this file has been reported unsafe".
-RDP connections to the infected computer would be terminated within seconds of loggin in.
-The graphical display of any VNC connections from the infected computer would result in horizontal colored bars with many artifacts. VNC connection would freeze then eventually terminate.
-Many images on web pages will look like they were half downloaded and half corrupt with the same visual distortion described above.
-When Malwarebytes would attempt to download definitions, the download bar would just keep starting over when it reached the end.
-ComboFix would attempt to download updates but would fail and the exe would become corrupt.

Since I had just reinstalled my computer the day before, I decided to just start fresh and reinstall again. This time I was more cautious about what programs I installed and what data I copied. The infection has returned and has now spread to my Windows 7 laptop with the same behavior.

I have recently tried Safari 5.1.7 to try something different and when it fails to load a page, its Activity Window says "cannot decode raw data"

Here are the tools I have used to attempt the rescue of my own computer:
Windows Tools
Malwarebytes Pro
Microsoft Security Essentials
Trend Micro WFBS

Linux scanners via bootable USB
Acronis Antimalware
AVIRA AntiVir Rescue Disk
BitDefender Rescue Disk
Kaspersky Rescue CD
Pandad Safe CD
AVG Rescue CD
Dr. Web Live CD

Some viruses and trojans were found and removed with the linux scanners which did not return with subsequent scans. All-in-all, I have been trying to remove this virus for about a week now.

Thanks in advance.

Edited by Kzatu, 18 September 2012 - 07:34 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:21 PM

Posted 18 September 2012 - 08:13 PM

Were any of the found malware a Virut or Ramnit infection?

Can you run FSS

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Kzatu

Kzatu
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 21 September 2012 - 11:30 AM

Last night I may have discovered my problem. I haven't certified it yet, but I believe my wireless adapter may not work properly in Windows 7 64-bit. Last night I reflected on all the problems I have been experiencing and realized they are all network related. I swapped wireless NICs and everything has been normal so far but I think it is too early to lower the terrorism threat level. I will post back in a day or two with an update.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:21 PM

Posted 21 September 2012 - 12:56 PM

OK,sounds good.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Kzatu

Kzatu
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 25 September 2012 - 12:03 PM

Ok. I'm closing this post. I was using some Netopia WiFi adapter in Windows 7 32-bit, and after upgrading to Window 7 64-bit, my computer acted as though it was infected. The problem only appeared after the first volley of updates after 64-bit SP1. In those initial updates, there was a NIC driver that I believe caused the NIC to malfunction and corrupt my network traffic. If IE9 hadn't mislead me by saying "the file has been reported unsafe" then I might not have launched myself into the longest red herring virus hunt in my life. I have since replaced my NIC with a Rosewill and have not had any more problems.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:21 PM

Posted 25 September 2012 - 12:59 PM

Thank you for the update,it's appreciated..

http://www.google.com/imgres?q=red+herring&start=126&num=10&hl=en&biw=1202&bih=593&tbm=isch&tbnid=IV_ZePYTu8O09M:&imgrefurl=http://writerroad.com/use-red-herrings-in-crime-fiction/&docid=5QPW7R9-gBWthM&imgurl=http://writerroad.com/wp-content/uploads/2012/09/RedHerringBlurb.png&w=320&h=320&ei=d-1hUOPhEYSF0QGI6ICAAg&zoom=1&iact=hc&vpx=417&vpy=225&dur=100&hovh=225&hovw=225&tx=87&ty=217&sig=111107880883009806687&page=6&tbnh=132&tbnw=137&ndsp=28&ved=1t:429,r:2,s:126,i:101
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users