Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan; black screen after login to system


  • Please log in to reply
No replies to this topic

#1 djreload

djreload

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 19 March 2014 - 12:29 PM

Hello,

this is a little embarrassing, because i never had any infection while my 15 years proffesional computer carrier. So i really dont know how i got this one, probably some exploit at java framework inject some dll library. I was never going to untrust websites without sandbox mode, so i am little confused how it happened... :-)

 

Whatever Happened, Happened ...

 

Everythings looks normally, logon page shows up, enter password and here i come. Login to account takes 25 second ( normal is 3) and after that, black screen appears. Cursor shows up, when i press cltr+alt+del tasklist appers. When i try start up a new task for exemple explorer.exe, i get a error msg Program is corrupt: virus found .

 

I was try at safe mode:

 

TDSSKiller

 

Avast Antivirus

 

Eset Remove Rootkit

 

JunkwareRemover

 

----

 

Nothing found

 

---

 

-Only aswMBR found this -

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-03-19 08:53:57
-----------------------------
08:53:57.587    OS Version: Windows 6.1.7601 Service Pack 1
08:53:57.587    Number of processors: 2 586 0xF02
08:53:57.588    ComputerName: WARLOCKER-PC  UserName: WarLocker
08:53:58.214    Initialize success
08:54:00.291    AVAST engine defs: 14031802
08:54:43.192    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
08:54:43.195    Disk 0 Vendor: ST3320620AS 3.AAK Size: 305244MB BusType: 3
08:54:43.275    Disk 0 MBR read successfully
08:54:43.279    Disk 0 MBR scan
08:54:43.765    Disk 0 Windows 7 default MBR code
08:54:43.792    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        99998 MB offset 63
08:54:44.295    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       205244 MB offset 204796620
08:54:44.542    Disk 0 scanning sectors +625137345
08:54:45.007    Disk 0 scanning C:\Windows\system32\drivers
08:54:57.858    Service scanning
08:55:12.217    Modules scanning
08:55:15.759    Module: C:\Windows\System32\user32.dll  **SUSPICIOUS**
08:55:17.139    Disk 0 trace - called modules:
08:55:17.155    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
08:55:17.155    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858f8030]
08:55:17.155    3 CLASSPNP.SYS[8bd9a59e] -> nt!IofCallDriver -> [0x84b17918]
08:55:17.155    5 ACPI.sys[8b89b3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8545f610]
08:55:17.545    AVAST engine scan C:\Windows
08:55:17.992    File: C:\Windows\explorer.exe  **INFECTED** Win32:Dropper-gen [Drp]
08:55:19.945    AVAST engine scan C:\Windows\system32
08:57:12.079    AVAST engine scan C:\Windows\system32\drivers
08:57:19.917    AVAST engine scan C:\Users\WarLocker
08:58:12.085    AVAST engine scan C:\ProgramData
08:58:26.269    Scan finished successfully
08:59:03.398    Disk 0 MBR has been saved successfully to "C:\Docasne\MBR.dat"
08:59:03.406    The log file has been saved successfully to "C:\Docasne\aswMBR.txt"
 

I will be very grateful, for any help :-)

 

Thanks


Edited by djreload, 19 March 2014 - 12:30 PM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users