Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

This sucks.


  • This topic is locked This topic is locked
30 replies to this topic

#1 Zestypanda

Zestypanda

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:09:31 AM

Posted 11 July 2013 - 01:49 PM

Ok, so I was using my laptop. Doing some coding and messing around on my virtual machine, and then I had started up my pc. Had a USB stick plugged in, noticed that my Kingston 16gb was plugged in when I booted, I thought nothing of it and let the computer boot because I didn't want to improperly shut down windows. So windows loaded then it lagged at the "welcome" screen, I thought "hmm that's strange" and the scripts I have been making are to lock down a computer for a customer, dibble accesses to C: drive, disable cmd, block registry changes from non admins, etc. so when windows loaded up I safely removed the USB and started working on my virtualbox machine, I noticed my computer was sorta slow (host) but I thought, hey stuff is still starting up, then I exited out of my virtualbox and then googled some stuff, opened comodo dragon, then I stumbled upon something called DNS leaks, so seeing as the NSA spying has kinda got me paranoid, I clicked on the first link, and it did a DNS test, it reported that some servers can see my DNS traffic, I thought that was strange because none of the servers were registered to AT&T (ISP) or Comodo, because I use their DNS, so I was going to run the cmd command to see what networks I was connected to. I hit run, then started cmd.exe and it said "cmd.exe could not be found" and then that's when I went "oh crap..." Because I thought maybe I had run one of my scripts on my host, so I went to open up comodo again to search for the reverse of the disable cmd, "Comodo.exe is not a valid shortcut, would you like windows to delete this invalid shortcut?" Or whatever windows says when a shortcut is broken, so then I started to panic, because I have my school work on there, though from last year, and my music, my music is worth about $4000 (I have over 13k tracks of music) so I restarted (probably a bad idea) the computer started up faster, but the HD was crunching away, when it finally started up I was missing my wallpaper and except for the wifi, volume and mbam tray icon all of my tray icons were gone and then I went to start task manager and the dreaded "taskmgr.exe cannot be found" so then I freaked out and shut down the computer and popped in my kaspersky rescue USB. I'm currently updating it and I will do a scan. I have steam installed though I don't have my credit card number saved there, I'm just horrified what could of happened. I don't remember visiting any sites that could harm my computer, unless I as hit by a drive by and my antivirus didn't catch it. I'm currently typing on my IPad so I'm sorry for misspellings, I'm just horrified that if I start my laptop in windows again more will be deleted.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


BC AdBot (Login to Remove)

 


#2 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:09:31 AM

Posted 11 July 2013 - 01:55 PM

Right now I'm kinda stuck, I don't wanna boot up windows or more will be gobbled up. And I'm horrified that its a network virus.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#3 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:09:31 AM

Posted 11 July 2013 - 01:57 PM

Also, I did run a random program that I didn't noticed I had installed before, it was something to do with graphs and it was included in he Klite install folder, comodo gave me a hips alert so I ran it as restricted. It failed, I doubt it has anything to do with it.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#4 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:09:31 AM

Posted 11 July 2013 - 01:59 PM

Also, I have been using a lot of drivers Ed test sites, for practice, need to renew my license, and a lot of them run using java, so maybe it was from there.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#5 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:09:31 AM

Posted 11 July 2013 - 02:12 PM

Here is where it gets strange. I check the folder that has my browser, it's there, I check system32 and taskmgr.exe is still there. So.....the files it's saying is missing aren't?

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#6 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:09:31 AM

Posted 11 July 2013 - 02:22 PM

Though, in kaspersky registry editor I find these keys. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#7 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:09:31 AM

Posted 11 July 2013 - 03:33 PM

Ok, kaspersky is currently at 29% still scanning. What or how should I proceed next after it finishes?

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#8 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:09:31 AM

Posted 11 July 2013 - 06:51 PM

Ok, kaspersky finished and found nothing.....what do I do now? I'm scared to turn it on for fear that something is laying in wait. I kinda need some advice here guys, noting to urgent.......but I kinda wanna know what to do next. Please?

Edited by Zestypanda, 11 July 2013 - 06:58 PM.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#9 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:09:31 AM

Posted 11 July 2013 - 09:05 PM

Ok, I'm doing a chkdsk /r /f on my windows drive from the windows 7 install DVD.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#10 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:09:31 AM

Posted 11 July 2013 - 11:36 PM

Ok, chkdsk finished, now I restarted in safe mode with command prompt. Now I'm doing a quick scan with mbam.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#11 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:09:31 AM

Posted 12 July 2013 - 12:49 AM

Mbam finished and found nothing, doing a comodo cleaning essentials scan, so far it's found one registry key, something disabled the security service.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:31 AM

Posted 12 July 2013 - 01:16 AM

Lets try to gather some information first without jumping in "blind" -

 

Please download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•Report FF Proxy Settings
•Reset FF Proxy Settings
•List content of Hosts
•List IP configuration
•List last 10 Event Viewer log
•List Installed Programs
•List Users, Partitions and Memory size.
•List Minidump Files
 
Click Go and copy / paste the result (Result.txt).

 

 

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.
 

 

Please download Farbar Service Scanner and run it on the computer with the issue.
Make sure the following options are checked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

 

 

 

Please download AdwCleaner by Xplode onto your desktop.

*Close all open programs and internet browsers.
*Double click on adwcleaner.exe to run the tool.
*Click on Delete.
*Confirm each time with Ok.
* NOTE : Your computer will be rebooted automatically. A text file will open after the restart.

*Please post the contents of that logfile with your next reply.
*You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

 

Thank You -



#13 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:09:31 AM

Posted 12 July 2013 - 01:21 AM

Thank you, you think it's safe to turn on in normal mode? Or restart in safe mode with networking? It really scared me when my wallpaper went away, I thought I was gonna have ransom ware or something. I think my pictures and docs are intact. Aso, task you for helping me.

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#14 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:31 AM

Posted 12 July 2013 - 01:27 AM

Run as much as you can in Normal Mode -

 

MBAM scans only find minor things in Safe Mode, and should always be run in Normal Mode.

In Safe Mode, some "infections" can stay hidden and are not able to be found -



#15 Zestypanda

Zestypanda
  • Topic Starter

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:09:31 AM

Posted 12 July 2013 - 01:29 AM

But, I'm worried, if I have a file deleting virus won't it start up again in normal mode?

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users