Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Desktop Infected w/ Multiple PUPs: Cherimoya, a Lovely Rootkit & more..


  • Please log in to reply
4 replies to this topic

#1 mariposa!

mariposa!

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:OVERFLOW, OTHERWORLD-west oakland california
  • Local time:09:15 AM

Posted 25 April 2018 - 08:10 AM

.......aaand this happened 2 years ago... so forgive me for some of the things i cant remember clearly. .i didnt have time to deal with it at the time so i unplugged the internet, shut down the comp and have solely used my uninfected laptop instead. i want to be able to use the desktop again, so ive finally made the time to get ready to try and fight this thing.

ill give what little bit of history i remember and then all the operating system etc info you need after.

 

i had been trying to find a program to do something, specific, what that was i cant recall but i think i may have thought  i was downloading something legitimate, not sure what or where i found it.. forgive me, this was 2 years ago.  i quickly discovered something was terribly wrong. i cant remember what happened for sure, but i actually have some screenshots i took of things that popped up. i think it might have been virus warning pop ups with loud noises. because i got similar pop ups on my laptop not long after and thought my laptop was infected with the same thing, but i think i narrowly escaped infection on the lappy because it scans clean. whereas on the desktop i obviously clicked somewhere unknowingly sealing my doomed fate.

 

anyhow, i did immediately run malwarebytes , i dont believe i had the premium at the time with live web protection, but when i ran a scan over 300 threats began popping up immediately, i chose delete upon reboot but many came right back and were discovered by the many subsequent scans i did one  right after the other. 

that is when i gave up, unplugged the internet cable and shut it down.

 

i have some screenshots and i also have an mbam log with the results listing the threats. one of which is a rootkit.

 

fast fwd 2 years:

what i have done so far this round is try to run malwarebytes but i keep getting error messages.

i tried to reinstall malwarebytes but it wouldnt,  even when i tried to install from a flash drive. one attempt seemed to bypass the error message and went all the way to finish and restart to finish the install. but when i tried to open it i got " the program cant start because DNSAPI.dll is missing from your computer. try reinstalling the program to fix this problem."  i have been trying that. and getting this same message.

i also cant connect to any websites from any browser. (and yes the internet cable is connected and it says i have internet service). but i  cant even access  sites like google. firefox instantly crashes, chrome, bing wont work either. i even tried explorer, fail.

 

i am wondering if this virus caused malwarebytes to flag legitimate objects for removal and rendered my computer unusable to me and unable to access internet to download and then install any programs that could remove it.....

let me know when and where if you'd like me to send the screenshots and mbam log.

 

the specs:

Dell Optiplex 390

Windows 7 Professional Service Pack 1

64 bit OS

 

let me know when and if youd like me to send the screenshots and log. if i have posted this in the wrong forum please forgive me and point me where i should have.( i did re-read all the rules and this isnt the first time ive come here for virus help unfortunately. )

 

thanks in advance!

 

The Specs:

Dell Optiplex 390

Windows 7 professional


Edited by hamluis, 25 April 2018 - 09:12 AM.

:killcomp:  me before bleeping computer  :smash:  me after bleeping computer :bowdown:


BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 24,451 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 PM

Posted 26 April 2018 - 10:38 AM

Start a thread in the BC Malware Removal Forum where a removal expert can look at your logs. Read all the pinned posts first. Attach the logs to your first post or you may get kicked back to this forum. Once a thread is started there you can PM a moderator and have this thread locked.

 

https://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/



#3 mariposa!

mariposa!
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:OVERFLOW, OTHERWORLD-west oakland california
  • Local time:09:15 AM

Posted 29 April 2018 - 10:39 PM

hello and thank you johnC_21!

 

i have returned to update that i did a system restore to a point before this happened and was able to reinstall malwarebytes and ran a scan and it found 2 threats which it removed. i restarted my computer  and ran another scan and zero threats came up!

 

i should have tried that 2 years ago. duh.

 

unless you think it may still be compromised and worth followiing your advice to post in the forum you suggested?


:killcomp:  me before bleeping computer  :smash:  me after bleeping computer :bowdown:


#4 mariposa!

mariposa!
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:OVERFLOW, OTHERWORLD-west oakland california
  • Local time:09:15 AM

Posted 29 April 2018 - 10:43 PM

 off topic, but i am curious what in my post was edited since it says Edited by hamluis, 25 April 2018 - 07:12 AM.  at the bottom of my original post.


:killcomp:  me before bleeping computer  :smash:  me after bleeping computer :bowdown:


#5 JohnC_21

JohnC_21

  • Members
  • 24,451 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 PM

Posted 30 April 2018 - 07:58 AM

If you did a system restore it's still may be possible to have a rootkit in your MBR. A System Restore does not affect the MBR. If you have a UEFI computer there is no MBR that can be infrected as it would have a GPT disk, not MBR. You can verify if you have a GPT disk by opening a command prompt and typing

 

diskpart

list disk

 

If you see an asterisk under the GPT column for your Windows disk then you have a UEFI computer and no MBR on the disk.

 

Malwarebytes scanned as clean so I can't confirm if the rootkit is still there or not. I am not sure why hamluis edited the text. 

 

If you are worried you could still post what you did and have an expert check your logs and verify if you are clean. 


Edited by JohnC_21, 30 April 2018 - 08:00 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users