Virus problems - logs attached

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by skilldave, May 6, 2010.

  1. skilldave

    skilldave Private E-2

    Hi my mum's laptop has been having problems and I've been trying to sort it out.
    It runs fine quite a lot of the time, then it suddenly stops working as the cpu shoots upwards. It also closes windows randomly occassionaly.

    I had problems running the combofix, it was saying the file had been compromised possibly by a virut something and to install a fresh version from the website. I managed to get a log completed in safe mode (but couldn't turn off the firewall).

    Thanks, Dave.
     

    Attached Files:

    skilldave, May 6, 2010
    #1
  2. skilldave

    skilldave Private E-2

    Thanks
     

    Attached Files:

    skilldave, May 6, 2010
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    It appears as though you did not let MGTools run to completion or make the license agreement to run HJT. But I am not seeing any malware in your other logs. Please try running ComboFix in normal mode and then run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:

    * C:\ComboFix.txt
    * C:\MGlogs.zip
     
    TimW, May 7, 2010
    #3
  4. skilldave

    skilldave Private E-2

    Hi thanks.

    I got the MGtools to run properly this time, thought it had finished last time but obviously not. I've attached that to the thread.

    I tried running combofix in normal mode, but after a string of messages saying:
    'Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item' (the heading was 32788R22FWJFW\hidec.exe)
    it got to the page where you accept the licence agreements, then once I did that a message popped up saying:
    '!!Alert!! It is NOT SAFE to continue' The contents of the Combofix package has been compromised. Please download a fresh copy from (the website). Note you may be infected with a file patching virus 'Virut'.

    Any advice on how to get the combofix working?

    Thanks a lot.
    Dave
     

    Attached Files:

    skilldave, May 7, 2010
    #4
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Although your system files look to be the correct size, I would not trust that they have not become corrupt.

    There is no known reliable fix for this. In addition there are many many other infected files. We could spend a lot of time trying to remove this infection, but odds are that it will not work because the nature of the infection has so many executable system files infected that as soon as we fix one file, other files that are infected will almost immediately or upon the next reboot, just reinfect the files. In addition, your PC would still basically be unreliable/untrustworthy even if we manage to fix the infected files that we can see since there could be many more that we are not seeing.

    The safest thing for you to do is backup your personal data immediately since your PC could possibly become unbootable at any point in time. Do not back up any executable files. This includes programs that you have downloaded since any of them could be infected. Anything you may have already backed up that is an executable type file (things you downloaded to install programs....etc) are most likely infected and will cause you to be reinfected if you reuse these files.

    Once you backup, you need to format partitions and reinstall Windows and all other software especially your protection software. Then install all updates for all software. DO NOT reinstall from any executable file backups you made while this PC was infected or you will just be reinstalling the
     
    TimW, May 7, 2010
    #5
  6. skilldave

    skilldave Private E-2

    wow didn't realise it was that bad. It seems to run fine most of the time, with just occasions when the cpu shoots up to 100% every few hours (i've once noticed the svchost.exe using up all the cpu).

    Would you say it's dangerous to continue using the laptop, as the problem is manageable with the freezing only going on for about 5 mins at a time.

    If not, I doubt I still have the recovery disk for this computer so would I have to buy a new copy of the windows software?

    Thanks.
     
    skilldave, May 7, 2010
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I would would suggest that Comodo be shutdown and then redownload ComboFix and try it again. I don't think there is a Virut infection, I just think ComboFix was interfered with which made it think files were corrupted.
     
    chaslang, May 7, 2010
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Shut down all your protection software ( including Comodo ) and try it again. See if you get the same warnings. As I stated, I was not seeing the system file corruption, but didn't consider that Comodo might be the cause.
     
    TimW, May 7, 2010
    #8
  9. skilldave

    skilldave Private E-2

    Success! I uninstalled Comodo and downloaded a fresh copy of combofix and everything worked completely fine when I loaded it.

    (for the previous times I ran combofix, I closed Comodo and I'm reasonably sure I downloaded a fresh copy straightaway while Comodo was still closed, so maybe fully uninstalling it was necessary to get combofix working)

    I've posted the combofix log. Let me know if there's anything you can do :)
    Thanks a lot,
    Dave
     

    Attached Files:

    skilldave, May 7, 2010
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Sigh, more and more security programs are interfering with malware removal tools!! Your log is clean. Please tell me what issues, if any, you are still having. :)
     
    TimW, May 7, 2010
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds