Generic.Peed.Eml

Help

I've got a problem with multiple variants (i think) of Generic.Peed.Eml which has Peed all over my computer.

I have done every step in your read and run me first thread, but when i ran Panda scan it dropped out twice

The first time i was not at the computer when it closed without warning

The second time i was watching. At this point it had picked up 10 Spyware and not disinfected them, plus 1 Hacker and Root Kit (also not disinfected). It was scanning C://ntldr and then it just closed both the popup and the main window without any message or warning. (A similar thing happened yesterday when I ran Avast!).

This means I don't have a panda log. But I am attaching the others except that I have a problem with bdscan.log, because it is 7.94Mb and too big for your system to upload... what do i do about this?

Also yesterday I tried to update AdAware (the paid version) and it would not work, asked for the key, would not accept it, and a fresh download behaved the same way. This made me very suspicious, as you might expect... so i ran Spybot S&D which came up with a long list of stuff, said it had removed them, then listed them all again on a re-run. I downloaded the latest version of spybot when I started reading your thing, and that version found nothing (doing it in sequence with the stuff in your instructions). Not sure how reassuring this is...

 

I already posted a "reply", but cant find it, so here it is again, with remaining files from Read and Run Me First guide

also attached ewido log

 

i just finished a kaspersky scan. im still finding malware, every scan i do finds stuff, some says its been removed...

log attached

btw your link for trend on Alternative Scans gets a 404. i used this: http://uk.trendmicro-europe.com/housecall/v6.5/?

 

it's possible im getting somewhere. Zone Alarm just came up negative

otoh, i canna be sure

onward

 

every single of the anti-rootkit links on the alternative scans page comes up with a 500 error. i'm hoping it's genuine, in a way. but i'm paranoid.

 

I ran it again last night before I heard from you, and it came up with 6336 files infected. You know, it puts 3 lines in for each infection found, so i guess this would account for the size. I saved the new log as html, so i can, if you like put it online and give you the address, would this be feasible?

I did upload this, don't understand why it's not there. will attach it to this

Well, ok, but my normal way is to have the instructions open and go down them step by step, if necessary i paste them into notepad or even print them as a last resort, though the screen is easier to read...

bitdefender told me so, repeatedly, the scan before the first one i did for youse. also, the bug with adaware i mentioned seemed suspicious, as did the fact that avast closed without warning - and the same thing happened with panda, which i ran as one of the steps in your instructions, as mentioned above. Then there were the 20 or so items listed in spybot s&d which it "removed" but still listed on a second pass... oh, and the computer i use is an alienware, and has got quite sluggish, with unexplained waits which can be quite lengthy at times, certainly noticeable.

I guess that's some kind of a relief. I get those, too, sometimes when i screw up a .htaccess file

 

ok, i just ran winprofix, since you said the file was empty (though it didnt look that way to me) and I downloaded getkey.zip again, unzipped it again to a folder called getkey in a folder called major geeks stuff at the root level of drive C:

i went into that folder, just like before, clicked on the batch file, it ran, i closed the notepad, and attach the results herewith

 

ok, i downloaded the zip for shownew again, unzipped it to a folder called shownew in a folder called major geeks tools (replace all - which i also did with getkeys above), went to the folder and ran it, attached is result.

its odd as it says it cant execute locate.com in that folder, many times, it's obviously finding it... this malware appears to be extremely well crafted

 

i have to go out for a few hours, so i will close down - my poor Beast hasn't had any downtime for over 48 hours

 

attaching zip with both bdscans, less than 250kb!!

 

results of gmer rootkit check attached in zip file

 

my beloved computer is still sick

why is nobody saying anything? i need help here, please

 

i ran the rootkit hook analyser and found 8 hooks. it would not allow me to export the file, and hung up every time i tried, so i took screenshots and saved them. they are 2 to a zip, because the zips were too big otherwise. here are the first 3 zip files

 

the rest of the hook analysis files

 

attached is the rootkitreveal log, which found some discrepancies

when i was going to choose where to save it, i got "Desktop refers to a location that does not exist..." but it did let me save to c:

 

Here is the result of the sophos anti-rootkit check

 

here is the result of the sysprot rootkit check

 

here is the result of the trend micro rootbuster scan

 

i was searching for solutions through google. i tried all the ones online apart from you first, because they were one-step, but since they involved deleting a file which does not exist on my computer (Deleted Items.dbx) - i have hidden and system files permanently visible and no such file exists in any of my Application Data folders - i had no other choice

i don't know how to find the emails that are infected. i have tried this in the past. searching for what bd says is the identifier gets you nowhere, but i don't even know if im looking in the right file for this, anyway.

anyway, here are the 2 logs which i managed to create having changed the containing folder name to one without spaces so that they could run things contained in it

ive been on lots of forums, never seen the word bump meaning posting. nowhere on your forum does it say to read ALL the stickies before proceeding, only the read me first says to read it first, which is what i did - and it asks for a lot of info, which i was providing.

I have done nothing now for 3 days (this started before I came onto major geeks) but try and get my beloved computer working properly again. my computer means everything to me, and i don't know what to do to fix it.

and what are all the hooks that the hook finders point out? and why won't panda and avast complete? how is it possible that there is "nothing wrong" if these things are happening?

 

I could find no other source of advice for the problems i was having.

I did run it again, but it was all the same, and as it takes 7 hours or so, i stopped it to do other scans.

Well, that's a relief. I don't know how to recognise that sort of thing.

Well, OK. I had these mental alerts when stuff like the failed scans happened, but what really worried me was when the AdAware incident happened on top of all the other stuff: I downloaded a program update, it asked for the key, i typed it once, and it said not valid, so i pasted it, and it said not valid, then i went and got a new download and had them resend the key, but the same thing happened. this was when i started getting paranoid. but i will try again, as there's definitely a lot less garbage now. There were 13 different items listed by trojanscan, including bluestreak, doubleclick, mediaplex and a load of others, which made me even more suspicious. My daughter (quite a geek) who i was chatting to while waiting for some results was really freaked when i read her the list, so that got me even more worried...

ok, done that. sorry.

ok ive done that as well

ok, i will uninstall them, have done all this. thanks

yes, it pops up when something interesting happens on a site im signed up to. do you think i should get rid of it?

 

Just thought I would let you know, as I notice many don't seem to bother, that I got a clean bill of health from Bit Defender at last.

So thanks for all your help (doing cartwheels here)