Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

1 week, 42 malware entries, and 1 Paladin virus later...


  • Please log in to reply
1 reply to this topic

#1 PaintbrushoftheWolf

PaintbrushoftheWolf

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:44 AM

Posted 07 February 2014 - 10:34 PM

Hello, I am brand new to this forum. I am a gamer and my computer is infected with a virus. I had no noticeable issues until one day I tried starting up my computer from sleep mode and it froze.

At the time I got this virus I had not downloaded anything recently and I only have visited websites that I have been used to visiting for a while now. Now it's been one week of trying to fix it myself and I need help. Here are the details:

 

I have....Windows Vista 64 bit. Computer is a Dell XPS.

 

 

Problems from Day 1 of this virus

 

  • Computer locks up on shutdown
  • Computer locks up when trying to scan with anti-virus software in normal mode
  • Computer locks up sometime after start up / Unable to run outside of safe mode
  • A [Paladin] window pops up in the bottom tray of my desktop and then vanishes a second later. It does not appear in my list of programs
  • Explore.exe constantly rising in memory upon start up (has since been fixed? It averages out at about 28k)
  • All my system restore points wiped
  • Adwcleaner was somehow removed? (I was initially unable to reinstall it but have been able to recently)
  • Several corrupted files that resulted in a massive stream of error messages on start up. I have been able to repair most of these. (Presumably, at least. I don't get anymore error messages now.) (Some of the error messages contained: propys.dll , wer.dll , ODBC32.dll)

 

What I have done so far:

 

  • Malwarebytes is up to date and after several scans has turned up nothing.
  • Spybot Search and Destroy was able to remove 42 entries of malware
  • Avast found 1 virus (currently quarantined) which it said was Paladin. However, the log lists multiple entries in the chest with [Uncomfirmed] as their names. The [Paladin] program box still pops up if I attempt to run on normal mode.
  • After quarantining virus, Avast prompted to do a boot-time scan. I accepted and....the boot scan did not run.
  • MRT has found 1 infected file in Full Scan. It locks up whenever it tries to scan this file:  ( D:\dell\Image\Factory.wim\Windows\Help\Windows\en-US\mail.wmv ) Scanning C and D separately produces no results.
  • Installed and ran Hitman Pro. No results.
  • Installed RKill and ran malwarebytes again. No results.
  • Installed and ran Super Antispyware. Only found cookies.
  • Installed AVG...would not scan properly in safe mode and immediately locked up my computer on trying to scan it.
  • Downloaded Anvira Antivirus....however it was unable to install.
  • Re-downloaded, installed, and successfully used Adwcleaner to clean my registry

 

I have looked up about Paladin and how it masquerades as an anti-virus. However, many of the things previously described concerning Paladin has not been the case for me. It has not completely disabled my antivirus or antimalware programs. It doesn't appear in my programs list. It doesn't try to trick me into thinking it's an anti-virus software. 

 

I am unsure if there are other viruses on the computer besides Paladin. The only scanner that's currently picking up any sort of threat is MRT...but I can't complete the scan so....completely stumped on what to try next.



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:44 AM

Posted 11 February 2014 - 10:33 PM

:welcome: to Bleeping Computer.

Sorry for the delayed response but Staff and Security Experts are all volunteers. This site receives hundreds of requests for help every day. Sometimes a topic will get overlooked when requests for assistance get backed up and not responded to in a timely manner.

Since none of the tools you have used thus far are finding any malicious files or not successful at removal, this issue will require further investigation. Many of the tools we use in this forum are not capable of detecting (repairing/removing) all malware variants so more advanced tools are needed to investigate. Before that can be done you will need to create and post a DDS log for further investigation.

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.
  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running DDS which will create two logs. (Note: Windows 8.1 Users will not be able run DDS and create a log)
When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs, then still start the new topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can closed this one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users