[HELP] Annoying Malware

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by GPC, Oct 3, 2010.

  1. GPC

    GPC Private E-2

    Hey all,
    I have an annoying malware that I cannot remove by any means. I was protected by Avast! Free Edition, and had no problems 'till today. It seems I've been striked by this kind of malware that can disable and completely destroy any Antivirus that I use. Basically, if I try to scan with anything it just disables it/shuts down and make me have no permission to access it. So, when I tried to scan with Avast! it just got disabled and now I have no protection. I already went to Safe Mode to try to fix this but somehow this malware still runs in safe mode and well, I end up the same way. Already tried ComboFix but for some reason it says Access Denied (because of the malware...?). Tried Hijackthis but as soon as I try to scan, something just closes the application. It happens for every scanner I try to use. If I try to use those online scanners, I end up getting no permission to use my browser. (solution uninstall and install again). Seriously help me out, I'm going nuts and I dont want to format my computer.

    Thanks in advance.
     
    GPC, Oct 3, 2010
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Does Task Manager work? If so, look for any strange process names in the list and list them here for me. You may have something running that can simply be stopped and then you will be able to run some scans to attempt the removal of the source.

    Download TDSSKiller from Kaspersky to your directly onto your Desktop
    • Now double click the TDSSkiller.exe file to run it ( if using Vista or Windows 7 do not double click on it but rather, right click and select Run As Administrartor. )
    • Allow the application to run if prompted by Windows or any security programs you have installed
    • It will start the scan and run rather quickly and will notify you of whether anything is found or not.
    • Follow the instructions to delete/quarantine if asks you what to do when if finds something.
    • Whether an infection is found or not, a log file should be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See: HOW TO: Attach Items To Your Post )

    Also no matter what happens above, try each of the below tools ( MBRCheck and MGtools).


    Please also download MBRCheck to your desktop
    • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
    • It will show a Black screen with some information that will contain either the below line if no problem is found:
      • Done! Press ENTER to exit...
    • Or you will see more information like below if a problem is found:
      • Found non-standard or infected MBR.
      • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
    • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
    • Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )
    Now run MGtools per the below instructions and attach the requested MGlogs.zip file
     
    chaslang, Oct 3, 2010
    #2
  3. GPC

    GPC Private E-2

    TDSS said there were 2 threats, so I deleted them. Logs attached.
     

    Attached Files:

    GPC, Oct 3, 2010
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Did you reboot immediately afterwards? Please make sure you have rebooted, and then rerun TDSSkiller and attach a new log. If it finds anything, make sure that you immediately reboot.

    Also tell me what problems, if any, you are still having.
     
    chaslang, Oct 3, 2010
    #4
  5. GPC

    GPC Private E-2

    Yes, I rebooted right after TDSS said that those files had been deleted. Ran second scan, and I didn't find anything. Log attached. It seems now it's ok. Scanners can run without closing. I just have one problem that I dont even know If it's because of a malware or not. I wanted to try to use other AV than Avast!, but for some reason they can't finish installation due to some premature error, and they just roll back. Almost every antivirus do that. The only that didn't do until now was avast!.
     

    Attached Files:

    GPC, Oct 4, 2010
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    MBRcheck indicated that there could be something wrong with your Master Boot Record. Let's make sure this is not a problem.

    Please follow the instructions in the below link:

    READ & RUN ME FIRST. Malware Removal Guide
     
    chaslang, Oct 5, 2010
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds