Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Xp - SP3 System Infected Host Files And Other Neat Stuff


  • Please log in to reply
10 replies to this topic

#1 he's dead jim

he's dead jim

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 15 March 2013 - 11:04 PM

Howdy all.

 

I have had great success over the years in disinfecting most computers, but when i get a tough nut, i always come back here to the resident geniuses for help.

 

Here is a rundown of what i did so far.

 

1. ran newest rkill.exe - stopped a bunch of stuff

2. ran newest tdsskillere.exe - didn't find anything

3. ran newest combofix - found infected atapi.sys file and replaced it

4. ran spybot - found one entry

5. ran malwarebytes - found 11 pup files

 

from there it seemed to be clean, but i still have issues of system slow down, and another running of rkill.exe showed an all clear except for bieng unable to edit the hosts files and showing 15,340 hosts entries.

 

maybe one of you can walk me through a fresh routine, even if i have to repeat everything i just did.

 

it's after midnight as i type this, so if this thread gets a response, i will follow through in the morning.

 

thanks and have a great night.


Edited by he's dead jim, 15 March 2013 - 11:04 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:17 AM

Posted 16 March 2013 - 03:34 AM

Have you installed spybot?



#3 he's dead jim

he's dead jim
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 16 March 2013 - 09:53 AM

thanks for the quick reply.

 

yep, i installed spybot and it found 1 infection.

 

i also ran superantispy and it found 1 infection.



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:17 AM

Posted 16 March 2013 - 09:55 AM

Hosts entries have been added by spybot as part of its immunize feature.



#5 he's dead jim

he's dead jim
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 16 March 2013 - 09:59 AM

ahh. got it...

 

also regarding spybot, when i click to imunize, it only immunizes some of the listed files instead of all of them. that's the first time i've seen that.



#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:17 AM

Posted 16 March 2013 - 10:04 AM

Other security softwares could block spybot from completely immunizing.Try to disable them and retry.



#7 he's dead jim

he's dead jim
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 16 March 2013 - 10:13 AM

false alarm on the immunizing, lol..

 

i forgot to check the rest of the boxes (slaps head)

 

that's what happens when you don't get enough sleep.

 

so now that i know that the host entries are normal, i will run through the disinfection routine one more time and if there are no problems, i will post to close the thread.

 

thanks :)



#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:17 AM

Posted 16 March 2013 - 10:15 AM

We do not close the topics in this forum.

 

safe surfing :)



#9 he's dead jim

he's dead jim
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 16 March 2013 - 10:39 AM

thanks



#10 he's dead jim

he's dead jim
  • Topic Starter

  • Members
  • 112 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 17 March 2013 - 07:39 PM

ok. i'm back.  lol.

 

i ran the machine for a couple days to be sure it was ok, and it's not ok.

 

i installed 4 plugins for a program, and when i tried to run the program, 2 of the plugins came up with this error:

 

 

The application or DLL   "insert plugin here"  is not a valid windows image. please check this against your installation diskette.

 

 

I followed some online instructions and ran the repair program from the windows install disk.

 

i also ran the system file checker from the command prompt as well as a windows repair program from tweaking.com.

 

the combination of these basically set my windows xp back as close to original install without erasing my current files.

 

the malware programs came up empty, but a fresh run of combofix removed c:\windows\system32\roboot.exe

 

no matter what i do it seems to come back.

 

i want to have you guys give the run through one more time before i contemplate a re-install, which i would rather not have to do.

 

let me know how to set that up..

 

thanks.

 

 

update: the plugins turned out to be 64 bit so they triggered the error, so no worries about that.

 

the system is still infected though.


Edited by he's dead jim, 17 March 2013 - 07:54 PM.


#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:17 AM

Posted 17 March 2013 - 08:03 PM

Since you ran combofix i cannot help you any more

 

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users