Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

multiple virus issues


  • Please log in to reply
5 replies to this topic

#1 fillmorebuckets

fillmorebuckets

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 22 October 2013 - 12:11 AM

I did a McAfee security scan and it removed several cookies, but there are still remaining issues.  I have windows 7 on a laptop and have several viruses that I am struggling to remove.

 

The most concerning of these is that the McAfee firewall is off, and when turned on, it turns back off within a few seconds. 

 

There also is a zeroaccess!cfg Trojan that was identified by the rootkitremover but was not fixed.

 

there is a FBI ransom virus that has affected one of the users, that asks for $300 through a moneykit payment.

 

and there is some kind of virus that infects any kind of virus removal download - attempting to download rootkitremover, hitmanpro, stinger, and combofix all resulted in the message that the file was infected and deleted.  I was able to download these on another computer and save them to the laptop with a memorystick.  I have not used combofix or hitmanpro. 

 

Any help that can be offered on these issues would be greatly appreciated!



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:18 AM

Posted 22 October 2013 - 12:36 AM

Hello filmorebuckets,

 

I get the impression that what you're working on is a corporate network. The bad news is that it looks like game over. You've described CryptoLocker, and there is no way to cure it anywhere. :(  Please read here : http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

 

Regards, tea


Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 fillmorebuckets

fillmorebuckets
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 23 October 2013 - 11:24 PM

Thanks tea for looking at this.  Looking at the cryptolocker information you sent, I don't think that's what i've experienced.  I have multiple user logins on the single computer, its not on a network, and one of the useraccounts is affected by the ransom virus, but the other is unaffected.  I can still log in to the unaffected user and access all of the data, but the mcafee firewall won't stay on.  Perhaps I can delete the other user account?  Is there a way to fix the mcafee firewall issue?  Or, since i can get at most of the data through the unaffected user account, I could back it all up and reformat the drive?  



#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:18 AM

Posted 24 October 2013 - 12:36 AM

Hi,

 

Thanks for the clarification. :) You can delete the infected user account, but I can't promise you what results it might have, meaning I can't promise all the problems will be solved. If you would like to go that route and then see what's left, I'm willing if you are. :thumbup2:  If the other accounts are infected with other things, that's why you can't keep the firewall up. If it's still a problem when the computer is clean, we'll deal with it then.

 

Let me know how you want to proceed, and we'll go from there. :)

 

tea


Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 fillmorebuckets

fillmorebuckets
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 25 October 2013 - 04:33 PM

Thanks Tea.  I will see if deleting the corrupted user account makes a difference. I'll let you know how it goes!



#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:07:18 AM

Posted 26 October 2013 - 12:19 AM

I'll be around when you're ready. :)


Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users