Trojans, viruses and hijacks

Discussion in 'Malware Help (A Specialist Will Reply)' started by fishingfox, Apr 25, 2009.

  1. fishingfox

    fishingfox Private E-2

    I have been trying to save an extremely compromised computer. It is running XP Pro, SP3. Even with Adaware, Spybot and Command AntiVirus, the kids managed to do a lot of damage

    I know it is infected with Virut.AL1 Generic, New Malware-LSUBased Maximus, probably Zbot and many others.

    It also deleted or renamed the userinit.exe file so I could not even logon. I was able to correct that thanks to your site.

    I have run the following (Safe Mode):
    Command Software AntiVirus from Authentium
    Spybot S&D
    Lavasoft Adaware
    MBAM
    SDFix

    All of them have found and corrected problems, but when I reboot and go into Windows with internet access, I immediately get more viruses and MSIE launches and attempts to connect to unknown sites.

    I followed the instructions in this thread http://forums.majorgeeks.com/showthread.php?t=187604

    Windows Messenger was not found
    Attempted to install CCleaner and received the message: "The system administrator has setup policies to prevent this installation"

    Any help will be GREATLY appreciated.

    Ed
     
    fishingfox, Apr 25, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Why????? That thread has nothing to do with you! All fixes are for the individual who owns the thread and no one else.


    Notes:
    • Command AV is not that good
    • the free version of Adware does not provide any protection and Adware is very infective at finiding and removing malware that exists now.
    • Spybot only offers protection if you have Teatimer active and it is not that good. Also Spybots scanning and removal capabilities are below par.
    I'm going to give you a cleaning process to run below that will give us a lot more detail on your problems, however I want to warn you up front that it you do have a Virut infection, the odds are very high that I will be telling you that you need to reinstall from scratch. Virut will infect ALL executable files on your PC including your protection programs executables. I suggest that you start backing up important personal data now. Do not backup any downloads that are executables (like and installation programs including ZIPs, EXEs, DLLs, SCR, and other executables) as they are most likely infected and reinstalling/using them later after a reinstall will just reinfect your whole PC again.


    Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.
    • If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
    • If something does not run, write down the info to explain to us later but keep on going.
    • Do not assume that because one step does not work that they all will not.
    READ & RUN ME FIRST. Malware Removal Guide
    • After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
    Helpful Notes:


    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
    3. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
    Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.
     
    Last edited: Apr 28, 2009
    chaslang, Apr 28, 2009
    #2
  3. fishingfox

    fishingfox Private E-2

    chaslang,

    Thank you for your reply.

    I posted the wrong link, the procedure I followed was the Windows XP Cleaning Procedure.

    I can not install anything on the ailing computer. Even in Safe Mode, I get the following message: "The system administrator has setup policies to prevent this installation".

    It is impossible to run with msconfig set to boot in the normal mode.

    It appears that the Virut virus has infected so many files that the only option is fdisk/format/reload.

    I will read the article on "Keeping your computer safe and secure" and implement your suggestions.

    Again, thank you for your response.

    Ed
     
    fishingfox, Apr 29, 2009
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    This is the safest course of action to take for infections like Virut.

    I assume you mean this: How to Protect yourself from malware!
     
    chaslang, Apr 29, 2009
    #4
  5. fishingfox

    fishingfox Private E-2

    chaslang,

    Authentium has requested that I send them some of the virut infected files for analysis and possible system recovery.

    The only way I can access these files is by putting the infected hard drive in one of my systems (XP-Pro SP-3). I am afraid to do this without better virus protection than Command.

    What anti-malware combination do you recommend in this instance? I would like to use the best combination possible and it does not have to be free.

    Thank you again for your assistance.

    Ed
     
    fishingfox, Apr 29, 2009
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    They will not be able to fix it. Do not waste your time or theirs doing this since you risk possibly infecting another computer. These more recent strains of the Virut infections actually have an embedded bug which makes creating a reliable fix impossible as the infection is too random.

    All of the free tools work quite well and provide very good protection. The think that people have to realize is that most infections that occur on protected PCs occur due to what the user themselve does or allows. A properly protected PC will normally warn you when you are doing something that you should not do. If you ignore the warning or disable the protection, or do not keep all software up to date then you are putting yourself at risk. No protection, not even the most expensive will protect you from you. ;) All of this is really discussed in the link ( How to Protect yourself from malware! ) I gave you.

    A decision on what to use cannot easily be made without knowing more about your PC.
    How fast is the PC? Is it a single core processor, dual core or quad core?
    How much memory do you have?
    Also knowing what else you run on the PC weighs in the decision.

    Run the MGtools scan given in the READ & RUN ME FIRST. Malware Removal Guide and attach the log from it. It will give me all the info to better decide.
     
    chaslang, May 2, 2009
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds