Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Various viruses trouble.


  • Please log in to reply
14 replies to this topic

#1 ravaguz

ravaguz

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 21 September 2014 - 03:53 PM

So I just got a new msi Dominator about 2 months ago, and by now I have done few Full System Scans with Norton and it detects various viruses like: 

VBS.Runauto, Backdoor.Rustock.A, Backdoor.Rustock.B, etc. 

 

It took a lot of time scanning them, but still does nothing, I have already download other anti-viruses like malwarebytes, Avant and Baidu, with no success.

 

I too have download the McAfee free Rootkit remover, and still no success.

 

I have seen some explanations of seeking the virus in regedit and have seek in both Run folder I have. 

And for my last hope I try resseting my laptop to factory settings, deleating everything and re-installing windows twice, and when doing a new full scan the same viruses persisted on my system even after all. So in resume I'm really out of hope and with 0 clue what to do.

 

System Information:

MSI Dominator Gt70

Killere2200

Nvidea GTX870M

8GB RAM

64-bit OS

Windows 8

Intel® Core™ i7-4810MQ CPU @ 2.80GHz 2.80GHz

 

HEEELP!!!!!



BC AdBot (Login to Remove)

 


#2 rockysosua

rockysosua

  • Members
  • 772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Caribbean
  • Local time:06:47 PM

Posted 21 September 2014 - 05:00 PM

One of the virus and malware experts will attend to you shortly, but please allow me to mention to you that those virus' are not surviving the format and fresh reinstall.

They can't.

You are either reinstalling programs that bundle in the malware or virus, or you copy your data back to your machine and the installer for the virus is there, but bear in mind, that's still not enough to make it run.

You'd have to install the virus from the .exe file, for it to infect your machine.

So what is it you're doing after the fresh install, that get's you virus"?

I'm certain that there are no virus' at the moment when you first see your Desktop, after a fresh installation.

Or could it be that you are just refreshing the system, and keeping all programs and data?

If so, then by all means, the virus' and malware will remain.

Can you give us more details of how it all went down?


Edited by rockysosua, 21 September 2014 - 05:02 PM.

All is well in Paradise.

#3 ravaguz

ravaguz
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 21 September 2014 - 06:12 PM

In windows 8 I go to Update and Recovery, then in recovery I click on Remove everything and re-install windows, after that it resets. Both time the only programs I install are utorrent and Chrome. The first time I did download a 2 torrents for 2 games, this second time I haven´t downloaded bleep. So I really don´t know where it´s coming from. And another thing, right now my pc is really freaking slow, and the "system" procces is using hell of a lot of my memory and cpu. I also checked on some sites and I have host process for windows task, the Rundll32.exe thing, and like 12 of svchost.exe thingies running.


Edited by ravaguz, 21 September 2014 - 06:17 PM.


#4 rockysosua

rockysosua

  • Members
  • 772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Caribbean
  • Local time:06:47 PM

Posted 21 September 2014 - 06:27 PM

It has to be from the torrent program.

They couldn't survive the fresh install, so the only thing left is that they came in after and utorrent would be the likely culprit.

Was the 2nd time, also a full clean OEM install, or a refresh?

Do you have an external drive or thumb drive plugged in, that might be infected?

The thing is, that virus' and malware can't appear by magic.

They have to be downloaded or copied onto your machine. There's just no two ways about it.


Edited by rockysosua, 21 September 2014 - 06:31 PM.

All is well in Paradise.

#5 ravaguz

ravaguz
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 21 September 2014 - 08:52 PM

Yes both times I clicked on the windows feature of erasing everything and reinstalling windows.

I read that rootkit viruses can survive a reformatting of hardrives, can´t it?

I will do another full clean and get back to you, if the virus still persist even without utorrent I´ll tell you



#6 rockysosua

rockysosua

  • Members
  • 772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Caribbean
  • Local time:06:47 PM

Posted 21 September 2014 - 08:58 PM

Yes both times I clicked on the windows feature of erasing everything and reinstalling windows.

I read that rootkit viruses can survive a reformatting of hardrives, can´t it?

I will do another full clean and get back to you, if the virus still persist even without utorrent I´ll tell you

Wait please.

I've heard the rumour too but have never run into such a thing in many years of having a repair shop.

I'm thinking that we might wait to hear from somebody else with more expertise on the matter, before you go and re-install the whole system.

 

PS: There are people who claim that a virus could reside in the hidden boot sector partition.

It's probably a zillion to one, but I would hate for you to have to go through the whole process again only to have the same thing happen to you.


Edited by rockysosua, 21 September 2014 - 09:03 PM.

All is well in Paradise.

#7 ravaguz

ravaguz
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 22 September 2014 - 10:00 PM

So in the time I waited, apparently every driver corrupted. I say apparently, because I had no way to connecting to Internet it said that diagnostic policy was not running, and neither other services. It also happened to my audio, it was deactivated and couldn't connect, when I run the troubleshoot it said that changes weren't recognize or installed properly. So I'm currently doing another resetting. My theory is that, maybe if those viruses couldn't survive maybe another one is and is reinstalling them again. So I'll get you back on what happens after this.

#8 ravaguz

ravaguz
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 23 September 2014 - 01:30 PM

So After the new reset and even without installation of anything it still has the backdoor.rustock.B and .A the Vbs.runauto, backdoor.tidserv, infostealer.snifula.B, Trojan.Peacomm, spyware.Ezurl, sunshinespy, and a bunch more I couldn't see. Please help :(

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:47 PM

Posted 26 September 2014 - 02:16 PM

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


TO clean.... Please repost here..Virus, Trojan, Spyware, and Malware Removal Logs
 
Mention that You have WIN8.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 ravaguz

ravaguz
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 27 September 2014 - 02:00 AM

I do not use this laptop for any financial things, so I have no worries with that. I already know what they do, and have reset my OS 4 times and the just keep coming back with the new install. So I need a way to kill them permanently.

#11 bandicoot_

bandicoot_

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:47 PM

Posted 27 September 2014 - 12:43 PM

Hello.

 

Have you tried going into Safe Mode with Networking? Safe Mode is technically running Windows with only necessary procceses open, so malware cannot be there. In Safe Mode run a scan with MBAM and delete all stuff it found. Make sure to post all log contents.

 

Tell me if it works.


Edited by bandicoot_, 27 September 2014 - 12:45 PM.


#12 ravaguz

ravaguz
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 27 September 2014 - 03:24 PM

I just did it and it found nothing, it said that my laptop was clean

------------------------------------------------------------------------------------

Log:

CPU: x64
File System: NTFS
User: Ravagu
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 338898
Time Elapsed: 8 min, 5 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#13 ravaguz

ravaguz
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 27 September 2014 - 03:45 PM

I used MBAV chameleon, and saw a longer time scanning a dll file named ntmarta. I may be wrong in this, but I have a theory that the viruses are in the Trustedinstaller ownership files, and because I cannot change or delete them my anti-virus can't seem to do anything and just pass them or something like that, what do you think about it?


Edited by ravaguz, 27 September 2014 - 03:48 PM.


#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:47 PM

Posted 29 September 2014 - 02:32 PM

Post the DDS log in the Prep guide I posted and we will find it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:47 PM

Posted 01 October 2014 - 09:21 AM

Please follow this Preparation Guide, do steps 6,7 and 8 and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users