Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am having serious issues here...and beg assistance,


  • Please log in to reply
2 replies to this topic

#1 zenx

zenx

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 01 June 2013 - 05:48 AM

About a week ago, I noticed strange behavior on my pc while gaming. I updated drivers, and it fixed the stuttering. On running a Malwarebytes scan, I believe something called bitcoin.miner or something came up. It's tough to provide a coherent narrative from then until now, but I will do my best. Any help that you can provide is very appreciated. I am literally at my wit's end. I always been around and comfortable with computers, since the C=64, but this has me beat.

1. Sometime after running the initial scan, I googled a bit about what that virus does, and it lead me to a site with several of the standard rootkit detectors and fixes. However, I was really shocked that most of these reputable sites would have so much ad-ware on the pages to download he fixes. I'd then realized this malware was redirecting.

2. I went to my wife's computer (a laptop) to swap some files to a flash drive. I then noticed that she had the same issues, as does my son's laptop. At this point,at my wife's laptop, I actually saw folders opening....I asked my wife if she'd opened her bills excel sheet and she hadn't! I immediately shut her system off and told my son to disconnect from the internet.

3. I spent pretty much the next three days awake trying to handle the issue on my own system. I keep a spare Hiren's CD around, and no matter what route I took to diagnose or repair the problem, this thing prevents it--or sends false clears. Stuff like R-Kill or GMER would send me to a BSOD.

4. A friend explained bootkits in detail and offered a suggestion. I went out and bought a new hard drive. I disconnected all other drives. I installed Windows 7 onto the new drive, and bolstered up for slowly reconnecting each drive to clear it up.

5. In the process of cleaning the first drive, my new Windows 7 had become infected again. I read up on loading Gparted and changing flags on the hidden partitions (I find one 10 meg or so hidden partition for each drive). Needless to say, I have 4 SATA drives and I actually thought I'd made some progress on my system when in finally snapping the last (I thought mbr-clean-drive) in, I broke the PCI Express slot straight off my motherboard. My system is currently out of commission!

6. I decided to load GParted on my wife's system. I deleted the hidden partition and did a complete HP Restore. Hers is one of the lapsops with an actual partition with a system recovery. I recovered it, and all day have been running Malware Bytes and TDSS to check it. I thought I was in the clear wih her.

7. About 30 minutes ago, I heard her HD spinning and thought I would check on it. Although no virus checker had shown anything, I noticed that something called TrustedInstaller was running at 100% CPU. The thing was hot as fire. I loaded Autoruns and noticed several processes that were out of wack, including ones named Catchme.sys as well as Ipinip or something. I've shut it down.

My one godsend is that I can browse/download with my Android phone and swap files and such with an otg cable (i think it's called). On searching those two crazy autorun processes, I realized I can't do this alone. I'm spent, and frustrated, and it's been upsetting for my entire family.

All that being said. I will follow steps I am given verbatim. If I am to run initial scans, please let me know if I should do so in safe mode. I know that most all of the suggested first downloads (from her system) like Combofix are redirected or when ran, throw up a UAC warning (I turned it off and it still did) or an immediate "Windows needs to update...",

Please advise! :(

Steve

BC AdBot (Login to Remove)

 


#2 zenx

zenx
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 01 June 2013 - 06:27 AM

I have been going on such little sleep with this. I realize this is the wrong forum for me and will follow the directions from the other.

Edit--- if someone would move this if necessary. I have read the guides and such and am still at a loss.

Edited by zenx, 01 June 2013 - 06:42 AM.


#3 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:25 AM

Posted 01 June 2013 - 06:58 AM

From reading this I think you have 3 laptops/computer which need cleaning? For each computer you should make a new topic in this part of the forums, following this guide. You mainly need to concentrate on steps number 6 and 7.

 

If you have any questions, or need help to complete these steps then do tell me.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users