Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All looks clear, but it isn't.


  • Please log in to reply
6 replies to this topic

#1 blankzero

blankzero

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 26 March 2013 - 12:03 AM

My laptop got infected by various types of Win32.Sality, and cleaned it up with the common methods found on the Web. While verging through the system files, I found a bunch of files, marked as created by the U. S. Robotics Corporation. I deleted them. But a few seconds after, they came back.

I tried to use a Root kit Scanner, and reports say nothing. As long as I want to use Combo fix, I can't. Because it's infected by Sality. Also, due to memory limitations, I can't use G-DATA and its extensive system monitoring service + Antivirus.

One time, when I was shutting down my computer, there's an unresponsive program named "Have fun" or whatnot. After it ended, a bunch of Internet Explorer windows opened up at a site named "search.alexeu.tv" simultaneously displaying "starting daemon.....", and Windows cancelled the shutdown process. Here's the analysis of the site from Anubis:

http://anubis.iseclab.org/?action=result&task_id=1570d9600b94eea148d5e7bc6d8b7dd03&format=html

Lastly, Safe mode remains inaccessible, even with the registry fixes.

I don't know if Sality came back, but.... What do I do with this?

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:37 AM

Posted 26 March 2013 - 10:52 AM

What do you mean by combofix is infected by sality?
 
Do not use combofix without an expert help
 
Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.



#3 blankzero

blankzero
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 26 March 2013 - 10:58 AM

The Last time I checked it's..... Oh, Combofix is cured now. My bad. Expect me to comply immediately.

#4 blankzero

blankzero
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 26 March 2013 - 11:44 AM

... No need, actually, since I can read logs of those kinds. Oddly enough, DDS logs report clean. CLEAN. I've backed up the laptop's files and I will now re-run Combofix.

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:37 AM

Posted 26 March 2013 - 11:50 AM

I never said you to run combofix.Look at my instructions again.Please go to virus removal forum,attach proper logs and wait for an expert help.



#6 blankzero

blankzero
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 26 March 2013 - 11:53 AM

Even if DDS logs report clean, I'll post it, anyway. Give me a while.

#7 blankzero

blankzero
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 26 March 2013 - 12:41 PM

Okay, maybe I kinda cross-eyed a bit. Feel free to look at the logs.

 

I noticed the homepage reverted back to the virus site (yes, that. Not search.alexeu.tv. Sorry.) after changing it. Anyway, yeah. Just look at it.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users