worm - using shell, freedos kernel, hijacks network
I have huge problems the last 2 weeks. Got a virus that mods admin rights, adds a shell, hijacks router and all cellphones and computers connected to it.
I have no chance to remove it (I have tried all majorgeeks.com methods) nothing works. I cant use cmd, I cant repair. All tasks, programs, commands run thru shell and gets reversed.
This is what I know about it:
Adds freedos kernel replacing config.sys with a heavily modded fdconfig.sys
Mods the mbr
Adds tons of shadow disks into high memory with himem.exe
Replaces the BIOS version and modify the system time.
Adds huge amount of entries in the register.
Adds delay timers on CD-ROM, keyboard,.mouse, all usb devices
Grants super admin rights to NT authority. Removes all rights to other users
Programs I have seen added in the register:
Messenger live mesh
Messenger live writer
I write this from memory as my comp is totally destroyed.
There is basically 100's of added programs.
This is what I have tried: (that doesn't work)
Restore or update BIOS from cd
using any kind of logging/removal tool
Restore, repair, reinstall from authentic windows cd
Repair mbr with fdisk using rescue cd
Using Kaspersky rescue disk via CD-ROM and usb
Using new ssd disk and new motherboard.
Hard reset of motherboard.
Using a usb to SATA adapter to format ssd (worm uses a block device command)
All this tried with no internet connection.
Asus eee 1101ha laptop win7 sp1
Msi x370 win7 home premium sp1
HTC desire with Android 2.3
Asus sabertooth motherboard
Win7 home premium sp1 fully patched
Intel I7 920 CPU
Before you ask me to use system repair, add logs here. Remember. It doesn't work. All commands, programs and tasks is shelled, redirected and reversed.
Even cmd, F8 options etc
Re: worm - using shell, freedos kernel, hijacks network
Welcome to Major Geeks!
If you wish to try one thing before reinstalling, try the below on your Win 7 PC. Use the boot from Windows installation disc option since you say you have the DVD. If you cannot get to the System Recovery Options menu then reinstall is likely the fastest solution.
Please do the below so that we can boot to System Recovery Options to run a scan. There will be two options to choose from. One if you do not have your Windows 7 boot DVD and another when you have your DVD.
For 32-bit (x86) systems downloadFarbar Recovery Scan Tool and save it to a flash drive.
For 64-bit (x64) systems downloadFarbar Recovery Scan Tool x64 and save it to a flash drive.
Plug the flashdrive into the infected PC.
Option1: Enter System Recovery Options from the Advanced Boot Options:
"There are 10 types of people in this world. Those who understand binary and those who don't."
Support Majorgeeks on Facebook:
|Thread||Thread Starter||Forum||Replies||Last Post|
|Hijacks||doc Holliday||Malware Removal||5||06-03-11 13:48|
|Just wondering - Loading FreeDOS FAT KERNEL Go!||Amjad||Software||2||05-30-07 06:14|
|possibly more hijacks...||RayJay||Malware Removal||10||07-18-06 00:12|
|Hijacks R us!!!||Deb||Malware Removal||1||04-14-05 23:06|
|Only the Best and other hijacks||Scaryduke||Malware Removal||13||07-24-04 04:14|