bad virus - Page 3

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: bad virus




< snip >

| True, though my anti virus program is hosed, so I don't know what I have in
| the way of a virus.

| Here is what I seem to have, at least this is what spybot is detecting.
| A total of 21 infected files, spybot locks up with an error "cannot create
| file c/windows/system32/drivers/ect/hosts access is denied" when trying to
| delete any of these.
| Malwarebytes is unable to install, so they are known and located, removing
| them is the problem.


< snip >

Please stop using the term virus.  It is specific implications on its abilities
to spread.
You are infected with malware and highly probable it is ONLY of type trojan.

As for Malwarebytes' Anti Malware.

First...

Kill as many running programs as possible then...

Download the 'mbam-setup.exe' and rename it to something lik;  xray.com
Then run;   xray.com

Don't allow it to update or run.
Then go to;   "C:\Program Files\Malwarebytes' Anti-Malware"

Find;  "mbam.exe"  and the COPY it to something like;  xray.com  and the run;
xray.com .

Perform an update and then run a scan on your PC.



--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: bad virus




Quoted text here. Click to load it

I'll give that a try, thanks.

I finally managed to uninstall Avast, so I could install Kaspersky.
It found 3 viruses and 2 trojans, including 2 in memory.
One is rootkit.win32.agent.bdzt
Another located at c/windows/system32/drivers/bqglkgov.sys

It calls for a restart to be removed, but upon restarting, Kaspersky
crashes.


Re: bad virus






| I'll give that a try, thanks.

| I finally managed to uninstall Avast, so I could install Kaspersky.
| It found 3 viruses and 2 trojans, including 2 in memory.
| One is rootkit.win32.agent.bdzt
| Another located at c/windows/system32/drivers/bqglkgov.sys

| It calls for a restart to be removed, but upon restarting, Kaspersky
| crashes.

Please describe what were 3 viruses were found.
File name and paths as well as what Kaspersky called it.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: bad virus




Quoted text here. Click to load it


Well, the rootkit listed above is a virus I believe.
Also have Rootkit.Win32.TDSS.d

Since Kaspersky wasn't doing anything, I unistalled it and installed Avast.
Got multiple blue screen page faults on startup after that, apparently my
system has become highly unstable.
Finally managed to boot normally.
Avast doesn't work at all, its there but corrupted, won't do a thing.

Looks like I'm looking at a fresh OS reinstall about now, this thing is
insidious and is always one step ahead.


Re: bad virus




| Well, the rootkit listed above is a virus I believe.
| Also have Rootkit.Win32.TDSS.d

| Since Kaspersky wasn't doing anything, I unistalled it and installed Avast.
| Got multiple blue screen page faults on startup after that, apparently my
| system has become highly unstable.
| Finally managed to boot normally.
| Avast doesn't work at all, its there but corrupted, won't do a thing.

| Looks like I'm looking at a fresh OS reinstall about now, this thing is
| insidious and is always one step ahead.

RootKits are trojans not viruses.

Viruses self replicate.   That means once infected it will auto-infect other
files (by
appending, inserting or prepending code ), boot sectors and/or systems.  Trojans
may
infect another file by appending, inserting or prepending code but that
subsequent file
doe not speread the infection.  It is simply becoames "trojanized".

You can't uninstall, replace and re-install fully installed antio virus
applications like
you've been doing.

** At this point, my advice is now to WIPE and RE-INSTALL the OS.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: bad virus




Quoted text here. Click to load it

Well, the virus hosed Avast, seemed like an option worth trying, since the
alternative is basically to reinstall the OS.
Kaspersky detected the problem, was unable for whatever reason to do anything
about it, so I moved on.
At this point, since I've nothing left to lose, I'm going to unistall Avast
[again] and try AVG.

Re: bad virus





Xray wrote:
[snip]
Quoted text here. Click to load it

Have you tried running MalwareBytes as Lipman suggested. (renaming,etc)?
Have you tried installing and running SuperAntiSpyware (free version)? You
may have to rename the superantispyware.exe to something like xray.exe or
xray.com.
Buffalo



Re: bad virus



september.org:

Quoted text here. Click to load it
You

malwarebytes refuses to run, I even tried running it from an entirely
different drive - If I try to name it something.com, it won't run unless
its an exe extension.
I can change it to donaldduck.exe or whatever, doesn't seem to do any good.
This infection seems geared to stop most programs, either by corrupting the
install or not letting them run.

Super did run, found and cleaned a few infections, ran it again and it came
back with nothing.
Rebooted, ran it once more, and still nothing.
Ran spybot and it found a bunch of infections that super didn't find - Then
when I installed Kaspersky, it uninstalled super, so its no longer on my
system.

I'm trying "clamwin" antivirus now, it installed and runs with the dormant
avast still installed.  Don't have high hopes for it, its been running over
an hour and so far has detected a few tracking cookies and thats it.
I think I'm screwed, I'm basically in experimental mode right now.

Computer functions Ok, but god knows whats going on behind the scenes.
My ISP already stopped my ability to send email, it detected the virus like
behavior. Can still receive at least.
Can't connect to google, it also detected the shenanigans of the virus.
Pressing ctrl/alt/delete doesn't bring up the process box anymore, other
than that things seem normal.


Re: bad virus




Quoted text here. Click to load it

You don't give up easy, do you?  :-)
I'm guessing I can clone a drive, wipe it out and reninstall XP, get the
updates, reinstall the software, import all the documents, email,
favorites, etc. back from the drive I cloned to in about 5 hours. Some
would say I'm slow but I'm trying not to exaggerate. There's lots of
variables there, of course. Especially if you don't have the install CD's
for everything.
It sounds like you've spent way more time than that trying to clean it
up. Even if you get all the junk out of it, you will still have a
crippled system.

--
        --- Everybody has a right to my opinion. ---

Re: bad virus




Quoted text here. Click to load it

Haven't spent much time at all, just downloading programs, clicking buttons
to run them and rebooting now and then.
Sit around, playing my guitar and watching my kids, I'd be doing that
anyhow.
Its a matter of debate how crippled my system is, that may or may not be
the case, and nothing you or I know would allow a definitive statement in
that regards - I'm not trying to "clean it up", per se.
I am trying to get rid of malicious infections, then I can go to the
cleaning stage.

Fresh install, firstly have to download the 100's of security updates &
service packs from microsoft, install video card/sound card/printer/scanner
drivers, all of the dozens or 100's of apps & programs.

IF I had a cloned drive from a month back or so, then yeah piece of cake.
I don't.


Re: bad virus





Quoted text here. Click to load it

I think your computer can be saved without reinstalling Windows.  It doesn't
sound like that bad an infection, just annoying as hell.

If you feel comfortable monkeying around in the registry, look at HKLM,
Software, Microsoft, Windows, CurrentVersion, Run and look at the first key.  
It should say (default) and (value not set).  If it doesn't say (value not
set) and instead is blank, delete that entry.  I see this a lot -- it'a a RUN
entry that is masked by delete characters, making it invisible.  These
infections that disable anti-malware tools and disable certain Control Panel
functions often hide themselves this way.  I've seen it a LOT.  

Also, while you're looking at the RUN section, see what else runs at startup.  
Are there any programs with random characters in the file name?  Do they
reside in the user's localsettings/temp directory rather than in Windows
System32?  Nothing legitimate should be starting up from any temp or
local settings directory.  

Some ideas for you...


Re: bad virus



sfdavidkaye2@yahoo.com (David Kaye) wrote in

Quoted text here. Click to load it


Finally, some words of optimism, thats what I like to hear.
It is annoying as hell, and insidious, but not unbeatable.

I have no problem mucking around the registry, been doing that since the
windows 95 days.
But can you run that key string again, everything starts with HKEY not
HKLM, and theres a bunch of software/microsoft folders.

I did have a bunch of temp files that I was unable to delete because they
were in use, very suspicious.
I used a handy little app called temporary file cleaner, which called for a
reboot to clean out the running temp files, so that helped.

Right now one of my main problems seems to be fraud windowsprotectionsuite,
which I believe is a trojan. Spybot detects it but is unable to kill it.
As far as viruses, not sure what I have as I have no functional virus app
right now.  


Re: bad virus




Quoted text here. Click to load it

Another option to try, that I haven't seen mentioned so far.
http://www.gmer.net /

If the system can boot from a cd/dvd, you could try a linux
live cd, or a bart pe cd.  Since you're not booting from the
infected hard disk, none of those files would be in use.

May take a little while to set up, and learn to use, but it's
useful.

You could also take the hd, and install it as a slave in a
second system, so you can delete those files.

Regards, Dave Hodgins


--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

Re: bad virus





Regarding the original problem, with the unreadable dvd, have
you tried polishing it?
http://www.wikihow.com/Fix-a-Scratched-CD

The scratches on the bottom of the cd/dvd can sometimes be
polished out, allowing the data (on the top layer, usually
protected by the label), to be read.

I've succeeded polishing an old install cd this way, in the
past.

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

Re: bad virus




Quoted text here. Click to load it

Yeah, I have a top of the line cd polished, motor driven.
No joy, if it had worked this never would have happened.


Re: bad virus







Quoted text here. Click to load it




| Yeah, I have a top of the line cd polished, motor driven.
| No joy, if it had worked this never would have happened.


Does it ever work ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: bad virus



On Sun, 21 Mar 2010 16:18:30 -0400, David H. Lipman


Quoted text here. Click to load it


Yes, although it can take several days of polishing, when
done by hand.

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

Re: bad virus




| On Sun, 21 Mar 2010 16:18:30 -0400, David H. Lipman
| wrote:


Quoted text here. Click to load it


| Yes, although it can take several days of polishing, when
| done by hand.

The most I have ever done is warm water and dish detergent.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: bad virus



Quoted text here. Click to load it

I have successfully used steel wool.



Re: bad virus





Quoted text here. Click to load it






| I have successfully used steel wool.


ROFLOL

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Site Timeline