Seriously Suspected Malware

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by MaverickAK, May 29, 2009.

  1. MaverickAK

    MaverickAK Private E-2

    Hello,
    Let me start off by first stating how I got the problem. I plugged in a Aircard that allowed remote access to the internet from where-ever I was, and installed the software. Upon installing, my anti-virus (Avast) Popped up with 2 alerts - first one being a Conflikr variant, and stated that it could not delete the file or quarantine it. I started and ran the Microsoft Malicious Software Removal Tool and tagged that file, and it was removed.

    However - upon checking my Avast, I now know the resident protection has been permenantly disabled, the option to run a boot-time scan or resume protections are greyed out, and any new anti-virus software I download and install is immediately disabled (Avira, AVG). I decided to download GMER Rootkit detector, as I had a sneak in suspicion that was the case. Downloading that, and several other random rootkit detectors, all the 'KILL PROCESS / END PROGRAM / Everything to clean the files' buttons were all greyed out, but it did detect 2 rootkeys.

    I then decided to say Screw it all, and reformat.

    Upon reformatting I installed Avast right away - and, suprise suprise! The boot-time scan is still disabled, as well as Resident Protection.

    Now I come to you - as I am stumped.

    :major
     

    Attached Files:

    MaverickAK, May 29, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to major Geeks!

    Your logs are not showing any problems but that is what you would expect after a format and reinstall. If you are still having problems with Avast, did you download a new version or did you use a version you had already had downloaded? Did you install ALL of your protection software before connecting your PC to the internet? That does not mean before opening a browser. If means before a broadband cable was even plugged in. With no protection in place, a PC can get infected in as little as 10 seconds of being turned on if the broadband connection is active.

    Did you run this after the reinstall or before the reinstall? Please attach a log from GMER that was run after the reinstall.

    Upon reformatting I installed Avast right away - and, suprise suprise! The boot-time scan is still disabled, as well as Resident Protection. [/quote]Either you are reinstalling the infection from infected copies, or you don't have proper protection in place before you connection is active, or you possibly have a master boot record infection. When you reinstalled, had you deleted partitions or did you just format and reinstall? Exactly how/what did you do to reinstall?

    Do you have ALL of your Windows Updates installed?

    I also suggest that you run the below just to be safe. Not sure if it supports Vista x64.

    McAfee AVERT Stinger Conficker

    Did McAfee find anything?
     
    chaslang, May 31, 2009
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds