Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

malware wont let antivirus run. rkill says it works, but malware restarts


  • This topic is locked This topic is locked
10 replies to this topic

#1 chili2

chili2

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 31 March 2014 - 09:18 AM

I have not had a virus in 10 years, but I got one now. I double clicked on a password icon (STOOPID), and immediatly knew I screwed up. Now when I boot up, a little dialog-box screen pops up with PW: supergirl in it and has an okay button. This is basically letting me know that the malware is running. clicking the "X" to close the box or hitting okay seems to make no difference.

 

Since this started (a few days ago) microsoft essentials is gone, defender is gone, no ani-malware programs will run (even in safe mode). I ran rkill (in both regular and safe mode) and it said 1 process was terminated, but as soon as it says that, the password dialog box thing pops back up immediately letting me know the malare is running again. I ran a dds.com scan and nqij.exe seems to be blocking all antivirus.

 

Any help is greatly appreciated.

 

EDIT: running windows 7 32 bit


Edited by chili2, 31 March 2014 - 10:01 AM.


BC AdBot (Login to Remove)

 


#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:03:33 AM

Posted 31 March 2014 - 10:24 AM

Hi chili2 and welcome to BleepingComputer! :)

 

You said you double click on a password icon, what is that, where it's located?

 

And can you run any programs?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 chili2

chili2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 31 March 2014 - 02:01 PM

Hello, Sirawit

I can run most of my programs, just no spyware programs. Things are a little buggy but not too noticeable other than that.

 

The password came with a zip file I downloaded. My explorer folder was not set up to show the file type and I mistook it for a txt file. WHen I double-clicked it, a little pop-up dialog box opened with the password inside. The passwormd worked for the zip file so I didn't think anything bad had happened until the next time I rebooted and that same dialog box opened up again by itself. When I went in to scan my PC, I saw that winwdos defender and security esentials were both DOA. None of the spyware programns will work either - not even in safe mode.



#4 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:03:33 AM

Posted 01 April 2014 - 09:24 AM

Please download Malwarebytes Chameleon from here: https://www.malwarebytes.org/chameleon/

 

Then unzip it to any folder and try open CHM help file, if it won't open, try open another files that comes with it one by one, if any of them work, follow the on-screen instructions.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#5 chili2

chili2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 01 April 2014 - 10:30 AM

ThanksSirawit I will do that.

 

I was desperate so I downloaded Kapersky cirus remover tool and it is about 85% done right now. Found the virus right away and has been remonving it for about an hour. I will post my results back here.



#6 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:03:33 AM

Posted 01 April 2014 - 10:37 AM

OK, keep us update, post the result when that done.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#7 chili2

chili2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 02 April 2014 - 09:44 AM

the kapersky thing helped and after it was done (4 hours later) I was able to run super antipsyware which also found some trojans and deleted them. The PW pop-up thing is gone and the associated exe is also no longer present.

 

However, I am still unable to run malwarebytes - even the chamelon version. And I still cannot reinstall microsoft secirty essentils or load windows defender.

 

 

EDIT:
I had to do some security stuff in the properties of the C:/program files/ malwarebytes folder and re-establsih my control and permissions over that folder. Once I did that, chamelon loaded and is now scanning my PC. I will post results when it is done.


Edited by chili2, 02 April 2014 - 09:52 AM.


#8 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:03:33 AM

Posted 02 April 2014 - 09:54 AM

OK, so what happen when you try to run malwarebytes?

And can you include the report from kaspersky and superantispyware if possible?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#9 chili2

chili2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 02 April 2014 - 01:23 PM

So both programs found trojans and both removed them. Re-scanning shows nothing, even after reboot. Still couldn't re install security essentials, but after hunting down some error messagesa and updating winodws, it looks likke defender is current scanning my machine. I will try agaain to load essentials when defender is done.

 

I don't see any log from malwarebytes, super antispyware or kaperski so I can;t post anything.


Edited by chili2, 02 April 2014 - 01:24 PM.


#10 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:03:33 AM

Posted 03 April 2014 - 04:47 AM

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Thank you.

Edited by Sirawit, 03 April 2014 - 04:48 AM.

If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#11 hamluis

hamluis

    Moderator


  • Moderator
  • 56,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:33 PM

Posted 10 April 2014 - 09:12 AM

MRL topic, http://www.bleepingcomputer.com/forums/t/530603/malware-wont-let-av-run/#entry3339163

 

Now that you have properly posted a malware log topic, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on, the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users