Bad spyware/maleware infection

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by saladwich, Mar 24, 2009.

  1. saladwich

    saladwich Private E-2

    Log included, quirks include grayed out desktop options under display properties, running windows XP.

    Neither combofix, mwb, nor super antispyware will run, they just stall and the process hangs before I even get to see a splash screen or dialogue. Thanks again for your help.
     

    Attached Files:

    saladwich, Mar 24, 2009
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Let's start by doing this...use windows explorer to find and delete:
    C:\-804823521
    C:\hpnvepk.exe
    C:\lwoa.exe
    C:\WINDOWS\Bcujihuta.dll
    C:\WINDOWS\system32\drivers\glaide32.sys

    Now empty out both of these folders ( you can not remove those from today):
    C:\WINDOWS\Temp\
    C:\Documents and Settings\Administrator\Local Settings\Temp\

    Now see if you can run the other scans. If you have problems, you can try doing it in safe mode or renaming the exe files.

    Attach them if you can.
     
    TimW, Mar 27, 2009
    #2
  3. saladwich

    saladwich Private E-2

    I have it narrowed down to rootkit agent.di (so says avg) operating from ndis.sys in %windows%/system32/drivers/ and running through svchost.exe

    I've tried combofix, superantispyware (bsod's), combofix, spyware terminator, mbam, trendmicro housecall, kaspersky online scan, and mgtools. Nothing will fix this and I can't find a way to get rid of it. My isp called me today to remind me (redundantly) that my computer is sending out spam emails like crazy. My netstat in cmd is hilarious to watch.
     
    saladwich, Mar 28, 2009
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I can't help you unless you post the logs from:
    Combo
    SAS
    MBAM
    MGTools -> C:\MGLogs.zip

    You didnt say if you still cant run the scans.

    As far as your email problem:
    Malware detected in email databases has to be cleaned up by you. You have a few choices:

    1. delete the whole file which is not an option you normally want to use
    2. load the email folder that contains the infection and delete ALL unnecessary emails (hoping to remove the problem email) and then use the Mailbox Cleanup option to delete all old emails. Then compact the Outlook database to permanently remove data. See http://support.microsoft.com/kb/196990 If you do not cleanup and compact the databases, the deleted emails may still be leaving hidden information in the database that you just cannot see but a scanner may still pickup on it.
    3. create a new folder and move only emails you really need into the new folder and then delete the infected folder.

    I need to see the logs you can produce.
     
    TimW, Mar 31, 2009
    #4
  5. saladwich

    saladwich Private E-2

    decided just to reformat, thanks for the help.
     
    saladwich, Apr 1, 2009
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    No problem. :)
     
    TimW, Apr 3, 2009
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds