Please Help: Very Smart Virus Took Over My Comp.

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by jkeck, Jun 1, 2007.

Thread Status:
Not open for further replies.
  1. jkeck

    jkeck Private E-2

    Here's all the info, I've discovered about this virus so far...any help would be greatly appreciated!

    The other day I downloaded a program and a keygen using Bittorrent (I know, really stupid idea)...Well, after the program was installed, it asked for a restart, and that is where the problems started. As soon as the computer rebooted, I could tell there was a problem...everything loaded normally at first, but then the desktop flashed and everything reloaded...I clicked the Start button and instead of both the "log off" and "shutdown" options, there was only one option, "log off". My wireless internet connection was disconnected and could not be reconnected and a window kept popping up saying there was no connection and asking if I would like to work offline or try again. My firewall was also disabled. Right away I ran Ad-Aware which picked up 17 objects...2 registry files and 15 others...I then ran McAfee AV which found one backdoor trojan and removed it...Then, I pressed control+alt+delete and there was no shutdown option there either, so I logged off...Now on the user screen, instead of simply saying "Shut Down" it now says "Shut Down Jon's Graduation Gift" which is the name of the computer...So, I shut it down and turned it back on...the same thing happened again. I downloaded the newest version of Spybot and ran that, which found several new problems...I clicked fix, but 3 entries could not be removed even when ran on start-up these were "Smitfraud-C.Core Service"...also 4 entries continue to reappear everytime I run Spybot these are "Zenosearch". CCleaner was run succesfully, Spybot was run with the same results. Everytime I try to run the AVG Anti-spyware installer, it automatically closes the window...this is where the smart part of the virus comes in...the virus somehow knows that I am running an Anti-Spyware program...I can't seem to phase it or trick it, I even tried running it off of my USB drive...I managed to get the internet back up and running, and even when i do a search for an anti-spyware program, it automatically shuts down my IE window...So I moved on to the next step and ran the rootcheck which was succesful...here are those results which show nothing peculiar:

    Edit by chaslang: Inline log removed!.

    Following that, I tryed to run the Hijackthis program, with the same results as the AVG antispyware...the virus seems to know that I am trying to get rid of it and closes the window instantly...I can't phase it...It also closes the Spyware Terminator program...I have managed to get back the "shutdown" option in the start menu, but that seems to be the only progress I've made with this virus...I would greatly appreciate if anyone could offer me any advice to get rid of this smart virus...I really don't want to lose all of my information...and I don't want to pay to have someone remove it...

    Also, symptoms appear to be similar to the W32Chod.D worm, but MsnVirRem did not pick up any files, so I assume this is not the case. Please help! I'm running out of ideas...

    Finally got the computer to run HijackThis after holding CNTRL and repeatdely clicking the .exe file until it could finish...


    Edit by chaslang: Inline HJT and FixWareOut log removed. READ & RUN ME sticky not followed.


    Please, please, please...any help is appreciated...also there is no restore point except today...which, won't do me any good...
     
    Last edited by a moderator: Jun 1, 2007
  2. jkeck

    jkeck Private E-2

    Problem appears to be solved...
     
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    I doubt it based on the Vundo infections noticed in your logs that should not have been posted.
     
  4. jkeck

    jkeck Private E-2

    It's fixed, sorry about the logs...I found some helpful people on a different forum and it is all cleared up now...again, sorry about the logs...maybe I should open up my eyes a little and read before I post...
     
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay that's good! Then I will close this thread.
     
Thread Status:
Not open for further replies.

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds