Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Malware/Virus/Rootkit/Bootkit retaliation, The shizinite hit the fan,

  • This topic is locked This topic is locked
2 replies to this topic

#1 NematodeSWAG


  • Members
  • 38 posts
  • Gender:Male
  • Local time:03:39 PM

Posted 27 October 2012 - 11:50 PM

So I recently was receiving help for my PC on here, and I was getting ready to start on the advanced removal when my computer out of nowhere start writing and rewriting files. And it wasn't anything I intended on doing so I was a bit suspicious. I tried accessing the bleeping computer forums but Fire Fox kept telling me that there was no response from the server. Then my UI flickered and a different version of Firefox was open, and it wasn't mine. There was what looked to be a Panda Security page, but I don't think it was because I didn't even try accessing their site. Also the fact that he URL for the site kept changing, like it was cycling through different names. All were similar just slightly different. With that I unplugged my internet and have been trying to logged onto here through my phone, but stupid me forgot my logon credentials so thus why I've been m.I.a :P I'm afraid to re-enable my internet because there are numerous NT services waiting for internet connection so they can respond to a Remote User. A Remote User that I have no idea of, plus a HijackThis log I ran showed possible a LSP problem, as well ass not knowing the file location of said NT services with malintent. I've also compiled numerous JS and XML files that could be possible injections.

Oh and I just found something called MigWiz that just wrote and rewrote a plethora of files after I ran a system clean up of Webroot. A log file it created mentioned multiple partitions that I've never seen, as well as setting exclusions for various files Ans registry keys. Please help in any way possible, if we can I'd like to work out a possible way to work on this computer without internet connection. That is unless those helping me can show me a possible way to do this.

Here are the tools that I have already downloaded on my machine:
RKill.exe as iExplore.exe
RootkitBuster installer
Spyware Blaster installed, as well as stock install
SUPERAntiSpyware installed, but I think it may have been altered
USBVaccine.exe installer

And if those helping honestly think that the infection is too much to know for sure that it's gone. I have no problem with wiping my drives and doing a reinstall, and if someone could help me with that process, if it comes to that. that'd be swell :)

Thank You, Jay

Edited by NematodeSWAG, 27 October 2012 - 11:56 PM.

BC AdBot (Login to Remove)


#2 NematodeSWAG

  • Topic Starter

  • Members
  • 38 posts
  • Gender:Male
  • Local time:03:39 PM

Posted 28 October 2012 - 04:14 AM

Please disregard this posting
I went ahead and began the wiping and reinstallation process with help I got recently. Didn't realize how simple it was to do at first :P

Thank you, Jay

#3 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,573 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:04:39 PM

Posted 28 October 2012 - 08:46 PM

You're welcome and thanks for the update Jay.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users