Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very Advanced Virus Infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 Jim Eddy

Jim Eddy

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 22 August 2013 - 10:15 AM

Hello Bleepers,

 

My Vista machine is moribund.  It no longer talks to the internet.  Many applications will not launch.  An attempt to launch some applications will think for a minute and then return without launching anything.  Other applications will launch after about 10 minutes or so.

 

I have read the preparation guide that instructs posters to post dds logs.  I have read the instructions at the top of this forum that says not to post dds logs.  I have dds logs but will keep them to myself pending further instructions.

 

The machine in question had the FBI MoneyPak virus.  I was able to fight through that with safe mode to the point of being able to boot up and access the machine in normal mode.  For a while the machine seemed to behave ok.  But I am convinced that infection, or some other infection remains because the behavior of the machine has degraded steadily.  The last thing it did was forget the file extension - launch application associations.  It now attempts to open .txt files with Paint.

 

msconfig Startup tab has the entry:

 

regmonstd     Unknown

 

this entry has the command:

 

C:\Windows\System32\rundll32.exe C:\Users\JimEddy\AppData\Local\Temp\b34btbztdb0vavaw.exe,XFG00

 

The location of regmonstd was in my personal startup folder.  The target b34btbztdb0vavaw.exe in not in the target Temp folder and does not appear to exist on the machine.  The target Temp folder does contain many <randomNumber>.od files and many CVR<randomNumber>.cvr files.

 

I disabled the entry in my msconfig Startup list.

 

Please let me know what should be my first move.

 

Thank you for any help.

 

Jim Eddy

 

 

 

 



BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:07:02 PM

Posted 22 August 2013 - 10:30 AM

Please post your DDS logs...as directed to via the Prep Guide...in the forum hosting the Prep Guide.

 

Once that is done, this topic will be closed and your issues will be in the proper forum :).

 

Louis



#3 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:05:02 PM

Posted 22 August 2013 - 12:09 PM

Now that your log is properly posted here, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the logs you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Removal Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users