Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Some Help


  • Please log in to reply
4 replies to this topic

#1 htdefiant

htdefiant

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 31 May 2006 - 05:17 PM

Sorry I couldn't think of a better title!

I consider myself an avid PC user...I have been known to be ruthless in my destroying my spyware, sometimes printing out documents that say the name of the virus and ripping it up (just kidding!). Anyway, I can't seem to get a handle on this one.
First, some notes on my defense systems:

* I have the full version of Spyware Version
* Home version of Adaware-SE
* Spybot Search and Destroy
* McAfee Virus Scan
* McAfee Personal Firewall
* Registry Mechaninc, full version
* Windows defender

And some notes on my computer:

* Dell 4550
* State-of-the-art when bought
* 2.5 Ghz, 1 GB RAM, you get the picture
* Has been virus and spyware free for 2.5 years

So, this is the first one that's got through. The first symptoms were tons of pop-ups. I ran Lavasoft Adaware and found 49, and removed all but two. They said they would remove it upon restart. Upon restart, windows defender notified that I had several 'critical' peices of spyware on my computer. I ran spydoctor and found some more, and removed them. Then McAfee said 'We have found a suspect file on your computer, we recommend a scan now'. Before resorting to the 45 minute virus scan, I decided to run Spybot. It found some bad ones too, like disabling of windows update, windows firewall, etc. I did some research on the one that disables windows update. I read this report and I thought 'ok, its fine'. But then, when I restarted my computer, windows update was disabled. I enabled it. Restarted, it was disabled again. I ran Spybot again, it detected the same group of spyware including Netmon and Look2Me. I removed them, then ran McAfee, found 13 viruses killed them, then restarted my computer. This cycle repeated for the last few days, with some of the same viruses and some new ones too. Eventually, I tried to system restore to May 19, and it failed. Then I tried May 16, that failed too. Obviously this has gotten deep into my system. I was hoping someone could offer some suggestions to me.
Also of note, McAfee Virus Scan is disabled, and I can't reenable it. It is enabled after I restart for about 10 seconds, then some process starts, and it's disabled, along with Windows Security Center.
I am now on my laptop, because my desktop (infeceted), is on lockdown. I got an error message on my desktop that said:

"C:/msdosmgr.exe the NTVDM CPU has encountered an illegal construction. CS 0544 IP: 0124 OP:6374 28 29 3a"

I traced the file, and found four newly added files to my C drive:
config
lsass
msdosmgr
svchost

I know lsass and svchost are system processes, but they shouldn't be in that folder, so I deleted them all.

As said, I have locked down my computer so nothing else can get in or out. Another symptom I was having (pre-lockdown) was bad net connection. I have confirmed that my internet is fine using my other computer.

The saga continues...

Topic with my Hijackthis log:
http://www.bleepingcomputer.com/forums/t/54176/unknown-virus/

Thanks,
htdefiant

Edited by htdefiant, 31 May 2006 - 05:30 PM.


BC AdBot (Login to Remove)

 


#2 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:03:59 AM

Posted 31 May 2006 - 05:29 PM

Now that you have posted a log in the HJT forum it would be best not to make changes to your system, as changes will make your log old and viod. It is best just to let your log sit and be patient. The folks in the HJT forum are very busy, so it can take a few days to get a response. Please, DO NOT make another post in the HJT forum until your log has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post there will be 1 reply. The team member glancing over the replies might think someone is already helping you out and will not respond.

There are currently 92 unaswered logs.

If after 5 days you still have gotten no response, then post a link to your HJT log HERE.

Good luck!
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#3 htdefiant

htdefiant
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 31 May 2006 - 05:32 PM

Thanks. Also, another link for you all, my spybot report:

http://www.filefactory.com/?c7f22d

Should I add this to my HJT topic?

#4 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:02:59 AM

Posted 31 May 2006 - 05:51 PM

Yes, you can edit your post and append the report (not the link) to the bottom of the HJT log.
Regards,
John
Whereof one cannot speak, thereof one should be silent.

#5 htdefiant

htdefiant
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:59 AM

Posted 31 May 2006 - 06:00 PM

Ok, I'll add it in.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users