Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can Viruses Fight Back?


  • Please log in to reply
21 replies to this topic

#1 aelfgifa

aelfgifa

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 02 May 2006 - 02:27 AM

Hello,

I hope this is the right forum. Before I post all the details, I'd like to make sure I'm in the right place because I'm a total novice.

My computer has gotten to the point where when it freezes, the only way I can get back control is to turn it off at the power strip or to pull my DSL cable out of the box and reboot. I've tried to download some freeware and rarely get through a download without my machine freezing up. AVG finds a new version of SdBot almost daily, SpyBot S&D tells me I'm OK, but I was reading today that some "malware" can stop you from being able to download anything to fix it.

Something I did (sorry, I need to keep a handwritten log from here out) made me get several e-mail bounces that showed that somebody was using my email address to send spam. I've called my ISP, Googled on almost everything I can find, and things keep getting worse. I use Mozilla Firefox for a browser, Thunderbird for e-mail, AVG free and SpyBot.

It's like my machine is infected with something that is fighting back - and winning.

Can somebody help? Or if not, would you like to stand outside my window as the computer comes sailing through? I like to recycle.

aelfgifa

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:41 AM

Posted 02 May 2006 - 06:55 AM

If your running Win XP/2000, download and scan with Ewido Anti-Malware v3.5 in safe mode.
Ewido Install and Scan Instructions. If you cannot download without a freeze up, there are instructions for downloading from another PC to a USB stick or CD and transfer to the infected computer.

Download and scan with Ad-Aware SE Personal. Setup & Configure as shown here.

Try to perform this online Virus scan:
[Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.]
Trend Micro Housecall Scan for Firefox
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 aelfgifa

aelfgifa
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 02 May 2006 - 08:42 PM

Hello quietman7,

Thank you for the advice and I just finished doing all of that. However, now I am ready to sit here and cry. I apparently have more malware running than I do my own software. Housecall gave me an 18 page report I printed out and can't make heads or tails of; Ewido's and Adware's reports were shorter but still sound like they are written in a language I don't speak.

Apparently, I have/had (can't tell if they were healed or not):

- a few rootkits (Rootkit.Agent.1 and/or FU Rootkit - synonymous?)
- several versions of SdBot
- Adware.Minibug
- Backdoor.SdBot.YX (and several other versions according to AVG)

and that's just what I could figure out. And an 18 page list of vulnerabilities from Housecall.

Is this over or will the stuff keep coming back? Thx again,

aelfgifa

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:41 AM

Posted 02 May 2006 - 09:07 PM

If you are infected that badly we need to have a deeper look at your system with a hijackthis log to see exactly what we are dealing with.

I suggest you read and follow all instructions in the pinned topic titled Preparation Guide For Use Before Posting A Hijackthis Log.

When you have done that, post a log in the HijackThis Logs and Analysis Forum, not here, for assistance by the HJT Team Experts.

It may take a while to get a response because the HJT Team members are very busy. Please be patient as they are volunteers who will help you out as soon as possible. Once you have made your post, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have not been replied as this makes it easier for them to identify those who have not been helped. If you post another response, a team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Make sure you advise them what steps you have already taken and that you have scan reports from Ewido and Housecall if needed.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 aelfgifa

aelfgifa
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 02 May 2006 - 11:16 PM

OK, thank you. I printed out the instructions and will try to figure out how to get that done - or at least the best I can.

At least I know I haven't lost my mind; there really is something wrong.

aelfgifa

#6 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:12:41 AM

Posted 03 May 2006 - 06:33 AM

aelfgifa's HJT log HERE.
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#7 Darthy

Darthy

    The red side of the Force


  • Members
  • 1,217 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Solar System of Ors
  • Local time:05:41 AM

Posted 03 May 2006 - 11:04 AM

Hello aelfgifa
Excuse me if my english is not good enough because I' portuguese.
If you want to try for solving your problem you have to install in your PC the Spyware doctor v 3.5.1.498 and update it for 60128 intelli-signatures, the old giant anti spyware and the antivirus Bitdefender.
You must install them and run one of each time, begining with Bit, after giant and at last Spyware doctor.
Each time you run one of them you must treat the pests found. In Giant there is a special tool named "secure file shredder" that you have to use to erase the quarentine files of Spyware doctor and after that, run it again. I hope that with those tools you solve your problem. :thumbsup:
Darthy
Εν οίδα οτι ουδέν οίδα - Socrates
Thanks John

#8 aelfgifa

aelfgifa
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 03 May 2006 - 03:45 PM

Hi again,

Thanks for the ideas - I'm just not sure what to do first. My HJT log is posted, so I thought I'd try to wait patiently so whoever looks at it isn't trying to chase a moving target.

Can I ask two more questions? (Sorry if they sound naive - I never heard of most of this stuff until a few months ago):

1. I got another mail bounce last night for a spam I supposedly sent. Is it reasonable to assume that the website in that e-mail is connected to whoever sent me my viruses, trojans, spyware, etc? Is it even worth trying to find out or is it irrelevant at this point? I don't really want to click on their link.

2. From what I'm reading, it sounds like removing multiple infections and the rootkits that hide them is hard. Is there any way to just encrypt the rootkits so that they're hidden from whoever is using them? Would it hurt me to just let them sit there if nobody can use them? One of the programs I was advised to use yesterday found them - I don't know if they're still there or not.

OK, if these are dumb questions, I apologize again.

aelfgifa

#9 Darthy

Darthy

    The red side of the Force


  • Members
  • 1,217 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Solar System of Ors
  • Local time:05:41 AM

Posted 03 May 2006 - 06:13 PM

Hi again

What is your operating System?


Darthy
Εν οίδα οτι ουδέν οίδα - Socrates
Thanks John

#10 Darthy

Darthy

    The red side of the Force


  • Members
  • 1,217 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Solar System of Ors
  • Local time:05:41 AM

Posted 03 May 2006 - 06:29 PM

Hi

I saw in the other forum that your operating system is the Windows XP SP1

I have to know if your Windows XP is the home edition or the professiona one.

Thank you and bye.

Darthy
Εν οίδα οτι ουδέν οίδα - Socrates
Thanks John

#11 aelfgifa

aelfgifa
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 03 May 2006 - 06:52 PM

Hi Darthy,

I have the Professional version.

aelfgifa

#12 Darthy

Darthy

    The red side of the Force


  • Members
  • 1,217 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Solar System of Ors
  • Local time:05:41 AM

Posted 03 May 2006 - 08:30 PM

Hi again aelfgifa

So you have the restore tool in the system 32 of your Windows.

First you do what I've tell you to do and after you go to restore tool open it and click in rstrui.exe and

restore your computer to a date before those things hapen to you.

After you have to erase all suspicious mails.

That's it.

Darthy
Εν οίδα οτι ουδέν οίδα - Socrates
Thanks John

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:41 AM

Posted 03 May 2006 - 08:43 PM

Darthy I understand your trying to help but aelfgifa has already posted a hijackthis log. I would advise him to wait on the HJT Team to provide further instructions. Team members are experts at malware removal and they will be able to deal with the infection and advise how to prevent future infections.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 aelfgifa

aelfgifa
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 03 May 2006 - 09:49 PM

Hello again,

I think one of the tutorials I was advised to follow yesterday told me to disable system restore (?). Anyway, I did and it is now turned off. Oh, and I'm a "she" :thumbsup:

aelfgifa

#15 Darthy

Darthy

    The red side of the Force


  • Members
  • 1,217 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Solar System of Ors
  • Local time:05:41 AM

Posted 04 May 2006 - 04:34 PM

Hi quietman7

If you tell me I can't help aelgifa, well I don't help her anymore.

Lets wait to how long time she solve her problem whit the help of the expertise team.

Let me tell, also, aelgifa that my mail is xxxxxxxx and if she wants to contact me out of

the forum she can do it, I think. I'm prepared to send her all programs she needs.

Best regards,

Darthy

Mod Edit: Email address deleted to prevent Spambot harvesting.

Edited by Scarlett, 09 May 2006 - 10:54 AM.

Εν οίδα οτι ουδέν οίδα - Socrates
Thanks John




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users