Chinese virus after reformat

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by xtoyz, Dec 27, 2008.

  1. xtoyz

    xtoyz Private E-2

    Hello All,

    I did a reformat because I had a chinese pop up virus start harassing my computer last week while streaming music using iTunes. Anyways, I tried using a piece of MalwareBytes software to solve my problems and it found a number of files and deleted them, but required a reboot. When I rebooted my computer it said it was missing hal.dll and could not be booted. I did a fresh install of windows without formatting, and had all sorts of issues after all was said and done.

    Next, I formatted before reinstalling Windows XP SP3. Now, as soon as the computer was all said and done I was getting a flashing icon in the system tray. If you click it, it's that same damn virus pop-up that is in all chinese.

    Next, I found this site and followed all of the things I found in posts for "recommendations" of things to do before making a first post. I checked programs, but nothing was there. I used ad-aware, but nothing was found. I used ccleaner, and it deleted some files. After this, I decided to reboot mylaptop. It hung up turning off, so I forced it off. When I went to turn it back on it won't load and it's says NTLDR is missing.

    Help! This is my work laptop, and I need to get things figured out by Monday! Also, now my personal desktop is getting the same chinese popup! I'm scared to do anything, as I don't want that computer to stop coming on as well.

    I appreciate anything you guys can do for me.
    Thanks,
    Shawn
     
  2. xtoyz

    xtoyz Private E-2

    OK All,

    I got the computer to boot. I replaced the missing NTLDR file with a USB bootable file I found on the internet.

    It can be found here. I've continued to do what the "do me first" thread has and have come to the point where its time to run HJT. I've downloaded and installed it, but the computer will not open it nor will it open Task Manager. I will report back when I can get it to run and make a log.

    Shawn
     
  3. xtoyz

    xtoyz Private E-2

    OK guys, I ran all of the recommended software and have all of the recommended logs. This was VERY difficult as the computer will no longer reboot and the NTLDR file is missing. I have to hold the power button to force it off, and manually boot the computer from a flash drive with the NTLDR file on it.

    I hope you all can help,

    Thanks
    Shawn
     

    Attached Files:

  4. xtoyz

    xtoyz Private E-2

    MBLOGS.zip is attached in this one. I've also just noticed a file named iiiii.exe in my C drive, that was never there before?

    Shawn
     

    Attached Files:

  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes sir, it is a mess.
    For the missing NTLDR issue:


    1. Insert the Windows XP bootable CD into the computer.
    2. When prompted to press any key to boot from the CD, press any key.
    3. Once in the Windows XP setup menu press the "R" key to repair Windows.
    4. Log into your Windows installation by pressing the "1" key and pressing enter.
    5. You will then be prompted for your administrator password, enter that password.
    6. Copy the below two files to the root directory of the primary hard disk. In the below example we are copying these files from the CD-ROM drive letter, which in this case is "e." This letter may be different on your computer.

      copy e:\i386\ntldr c:\
      copy e:\i386\ntdetect.com c:\
    7. Once both of these files have been successfully copied, remove the CD from the computer and reboot.


    Now for the malware:

    Please disable all anti-virus and anti-spyware programs while we do the following ( be sure to re-enable when we are finished):


    Run C:\MGtools\analyse.exe by double clicking on it. (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    NOTE: HJT may popup an error about the AppInit_DLLs line. Ignore it and click OK to continue.

    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Now download The Avenger by Swandog469, and save it to your Desktop.

    * Extract avenger.exe from the Zip file and save it to your desktop
    * Run avenger.exe by double-clicking on it.
    * Do not change any check box options!!
    * Copy everything in the Quote box below, and paste it into the "Input script here:"
    part of the window:

    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.
     
    Last edited: Dec 29, 2008

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds