Computer power-dead, Malware Suspected, sketchy details

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Heavy Mettle Squid, Aug 15, 2007.

  1. Heavy Mettle Squid

    Heavy Mettle Squid Private E-2

    I just received a plea-for-help email from my sister. I'm stumped, but thought that if I shared her sketchy details someone might be able to offer a few tips on how to procede. Here is the pertinant excerpt from her email:

    "- the other day I went on our computer and there was a strange icon that no one had put there 'Winvirus' something or other (there was also another icon 'TAG' but I never had a chance to research that one) a little window kept popping up every few seconds telling me it detected a virus but in order to delete the virus I had to register and pay $39.99 - well, I tried to delete the entire program from our computer but it kept freezing in the middle of the deleting process- then everything started freezing and there were windows upon windows - I could hear an audio of a UPS commercial that came out of nowhere - we decided to shut the computer down but it wouldn't turn off so we switched the power on the power strip it was plugged into off but now we cant even turn the computer back on - the power light doesnt even light up - its completely dead. Any ideas as to what might have happened? and what we need to do?"

    I know this is pretty vague, but may sound familiar enough to someone. Any help would be greatly appreciated.
    Thanks,
    HMS
     
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Sounds like a typical infection from a rogue antivirus tool named WinAntivirus. This is often accompanied by Virtumonde infections. Proper removal methods are given below.


    1. Download this file - combofix.exe
    2. Double click combofix.exe & follow the prompts.
    3. When finished, it will produce a log ( C:\combofix.txt ) for you. Attach this log to your next reply
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Then please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, renaming, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.
    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
      • ComboFix log
      • CounterSpy - only for Windows XP, 2K, & NT users
      • AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy. - only for Windows XP, 2K, & NT users
      • Bitdefender - from step 6
      • Panda Scan - from step 6
      • runkeys.txt - the log from GetRunKey.bat
      • newfiles.txt - the log from ShowNew.bat
      • HijackThis
    NOTE: You can only attach 3 files in a single message so it will require that you use three messages to attach all of these logs!
     
  3. Heavy Mettle Squid

    Heavy Mettle Squid Private E-2

    Thanks for the advice and instructions.
    I have a problem though. How can I complete the first step, i.e. run combofix.exe, if the PC will not even power-up?
     
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Well if you have bypassed the power strip and plugged it in directly to the wall and it still does not turn on, you are then in the wrong forum. You would have to post in the Hardware Forum. You may need to look into a new power supply.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds