Humdinger of a foe

This is the first time I've had to post here. Usually I can work things out one way or another. But I am stumped with this one. Would love your input.

Been using XP Sp2 on my laptop quite unhindered for a while. Used AVG for a while and then Avast4. Nothing seemed to get through until the other day. I may have carelessly opened an .rar or even a .exe not sure. Uh may have disabled Avast for a short time. Can malware be hiding in video files I wonder?

Ok. Two early symptoms.
Avast would not run. After a second it would go dead on the screen or disappear. IE would open automatically with some Chinese crap (I'm in China by the way.)

Then I noticed no virus scanners would load or run. If I even entered the Avast directory in Explorer it would exit. Other folders were accessible! Then I found out that I couldn't run in SAFE mode. I would choose it, a blue error screen would flash and I would go back to a normal startup. MSCONFIG was buggy and would freeze.

I could use all other non-system related programs.

Eventually, I noticed that every time I opened taskmgr it would start hogging more and more of the CPU with no limit. My drive started to run a lot. This was worrisome. Is the drive dying?? If I closed taskmgr and reopened it, the same thing would start over again.

I tried to prepare a post to you with all the logs (SUPER, SpyBot etc) by following your guidelines but none of them would run in any effective way.

SO - My drive is divided into 3 partitions. XP is on one. I thought I would try reinstalling (had no faith in a repair at this point). Wasn't sure the other partitions would leave me alone enough but had to risk it. Well, I reinstalled a few times and had many similar problems and some worse. Data seems fine though. Could run in SAFE mode if I caught the OS before the first real boot. Even SAFE was buggy.

NOW - I am about to buy an external drive so I can move my stuff to it and reformat the whole internal drive.

QUESTIONS:
1) What the heck is this thing? I'm sorry - I had some malware names from an early ineffective CMD line Avast scan I did but I left the paper home. I'm in a net cafe.

2) How can I build a really protected environment on the internal drive and then safely integrate and scan the external drive?

3) Could there be something infecting my BIOS? Any chance it is hardware related?

4) I'm somewhat savvy with PCs but am I totally missing something here?

Really appreciate your time with this.
Thanks, Cameron:confused

 

Hi HaplessFool,
Welcome to Major Geeks!

See if you can get the MGTools installed and run. You will find the link for them here Windows XP Cleaning Procedure. The tools are about the 4th link down. If you can get a copy of the logs to attach to us, we will have a better idea of what's going on. It's possible that this will run where the other scanners wouldn't because it's not made to remove anything. It's worth a try in any case.

abri

 

Thanks Abri.
Things just weren't looking too encouraging so I went ahead and moved my files to an external drive. Then I reformatted the whole nut and am reinstalling everything. I see no signs of mischief on the C: drive while the external is still unconnected.

The big question for me is how do I safely attach the external without activating the virus that is probably lurking there... waiting. Well, I guess that can't be avoided so what should I do to protect the C: drive and then clean the external?

Connect the external drive while in SAFE MODE? And then use which virus killer I wonder to scan and clean the external?

Your thoughts would be very welcome.

 

Hi Hapless Fool,
This is what I recommend. Set up your computer the way you want it without the external harddrive and then go through the How to Protect Yourself from Malware Be sure to have all the protections in place, in particular Spyware Blaster, one resident antivirus, one firewall, CCleaner, and all your Windows updates. At that point, create a clean restore point, so that you can come back to that.

Then go to the Alternate Scans and look for the Free Online Scans and find BitDefender. BitDefender's online scan will only run with Internet Explorer and active X needs to be enabled. There's a set of instructions you can link to called Using BitDefender Online Scan. This will tell you how to run it and how to produce a log that is usable at the end. Try it out until you see how to use it to scan a specific drive or folder on your computer.

Once you've got it set up and can see how it works, then plug in your external harddrive and have it run the scan on the external harddrive only. This will force it to do that drive first. After it produces a log, then go back and have BitDefender scan the whole computer. This is a lengthy scan (about one to two hours for the whole computer) and it will also look at the contents of your zip and rar files. If that comes up clean, then just run through the usual instructions for the READ & RUN ME and make sure those look okay as well.

If anything turns up, you can attach your logs here.

Hope that helps.
Good luck with everything and post back if you need any further help.
abri

 

Awesome, Abri! Thanks. I will get on it and let you know. -Cameron

 

Well, that was fun. Oy. Learned a few new things during this ordeal. Everything seems to be working now. Had to rely on the restore point made after things were fresh again. The "rootkit" got into my system again somehow. Then I made the mistake of trying to force a safeboot using msconfig. Locked me into a loop of not being able to boot at all. Ooh I was mad then. Luckily found the bootcfg and was able ot reset the boot back to normal and do the restore.

I don't like all this stuff running all the time but I will try to get used to it so I don;t have to come knocking again.

Thank you again. I would have been inching along with so many more dead ends without your help. Great site! You guys take donations?

P.S. So... are there some fat cats somewhere who are actually getting rich off of all this hassle they are causing us? Are they profitting from the control they get of our machines. I guess the answer must be "yes." Just makes me mad that they took up so much of my time. Take it easy, Abri.
-Cameron

 

not today

I have wondered this so often myself. I just can't imagine anyone falling for all the stuff out there, nevertheless, the issue of identity theft is a relevant one.

Good luck to you and your computer.
abri