Virus... I think

Toshiba P35-S605
Windows XP Home Edition

Wife uses for games, mostly offline, sometimes email and facebook. Previous was using Norton online furnished by our internet supplier.

Begin having problems so I ran updates which worked, then malwarebytes from a flash drive and found the following listed as threats:
PUP.Optional
Adware
Adware
PUP.Optional B
PUP.Optional B

Deleted all and later when she tried to use it.

Blue screen - windows shut down.
PFN List corrupt.
Restarted.
Black screen with media failure.
Given previous experience, after checking wires and removing and reinserting HDD I determined to be exhibiting behavior similar to bad hard drive.
Scanned HDD, appears OK..
In rebooting, the only way I can get it to open is to set bios boot order to:
Checked CD drive...
Unchecked HDD
Will not boot if HDD is set as boot option.
Performed system restore. No help.
Did a full recovery with original cd... still having same problems and when I go to microsoft to update IE shuts down.
When I go to MGs and attempt to download anti-virus / anti-malware it shuts IE down.
I installed malwarebytes on flash drive and updated then attempted to run in safe mode and get a run time error '13'

I am guessing there some sort of nasty virus/malware.

I just attempted again to download SAS, AVG, Malwarebytes, MSE... cannot.

HELP please.

 

I cannot connect the laptop to the internet, so the only thing I can do is use products which I can install from another computer to a flash drive, update and then run.

 

I'll try the three you suggested on a flash drive.

I tried several times to run malware bytes in safe mode but I always get a run time error / type mismatch. Should I attempt to install MB from the flash drive to the desktop?

 

Here are the reports from Rogue Killer...

 

Last 2

 

Hitman Pro doesn't seem to work due to no internet connection

 

Hitman pro will not work it says because of no internet connection.

Here is MG Tools report

 

Question? Does Viewpoint Media Player have anything to do with our use of an ASUS USB-N10 USB wireless adapter? The on board wireless has stopped working... Also, I am unable to get the hard wire connection to work if that would have something to do with this too?

 

Hi,

Stand by... having a problem updating IE 6 to 8.

Oops... Hitman Pro found 8 generic tracking cookies.

 

I'm looking for the logs.

I am able to get on the internet now.

I have just hit a wall as the recovery includes IE6 and nothing works with it.
I have been attempting to download IE7 but it tells me there isn't room on the drive.

I'm really confused here as if I boot to the HDD it black screens and reports a media failure.. IF I boot from cd drive with HDD unchecked it boots to OS and works fine. I've gone into msconfig and checked the links and it says they are ok...

Right now running auto fix and scan and recover on C drive.

 

IMPORTANT UPDATE:

I cannot run malware bytes from the flash drive or downloaded to the desktop in safemode or regular as administrator or user. A prompt pops up and says runtime error '13'
type mismatch

I was finally able to download and install AVG from the AVG website.
I updated it and ran it and it discovered:

Trojan Horse Backdoor Hupigon6.ZP and put it in the vault.

In reading the info about this online and how this works it appears it has already begin to send tons of spam to my wife's email and she is having some pop ups and problems with IE just shutting down for no reason. I'm guessing here by memory, first appearances might have been as much a two weeks ago.

I attempted to download a special cleaner online and IE shutdown.

I still cannot get on the internet in safemode so how do I approach this problem in cleaning up this whole mess?

Do you think this might be the whole problem?

 

I have not been able to find the original log. I thought it self stored into malewarebytes, i.e. on the flash drive, but it is no where to be found.

FYI... the machine I am discussing is my wife's, one in the same... sorry for the confusion.

I will download the new MB as instructed and report back.

NOTE: I tried to but when I attempt to go to MajorGeeks IE is shut down due to an error. Also, I cannot get online in safemode.

Can I load this special MB to a flash drive and use it?

 

Did F8 boot into safemode with networking.

Downloaded zip to documents file -Copied and pasted zip of new MB by clicking start - C: pasted into program files folder.

C prompt opened: pressed key to continue
Installed driver
Malwarebytes anti-maleware not found
Trying to run mbam-setup, pleasse wait, done
Trying to update Malwarebytes anti-malware, please wait, done
Killing known malicious process, please wait, done
Try to run Malewarebytes Anti-malware, please wait, done
Disabling protection driver, done

The computer now has the Malewarebytes Icon on the desktop.

Attaching log.

 

It will likely be tomorrow when I run combo fix..

Using safe mode I was finally able to get IE8 installed.

I am now in regular user and the unit is updating thru Microsoft on its own

I plan tomorrow, unless you have a better suggestion is to after the unit is completely updated to:

#1 scan with combofix and post results.

As an added safety precaution download and install SAS, scan and post results.

Then again update and scan with Malwarebytes and post results again.

I have now manually searched for all files and extensions known to be associated with Hypigon6.ZP and its blood brothers listed on internet and found nothing.

So, off to bed while it finishes installing SP3 and updating.

Thank you

 

A difficult question... but a good one...

The puter is currently updating itself from micrsoft.com and by all appearances is working fine cept it still will not boot up from the HDD and I must leave the bios set to boot from an mt cdrom with the HDD uncheck but in second place.

My concern, what I have read about this trojan online, it hides itself well and malware and virus tools don't always find it all.

This is why I did an eyes on search of every file and region it is known to infect, and found nothing. I also did a regular search for parts of file names in regular and safe mode and found nothing.

I suppose I'm a little paranoid... lol... it had me almost convinced the HDD had pooped out.... but my scan of the HDD shows it clean with no issues.

I'll post the combo fix and SAS reports once it finishes all the updates

 

FYI.... only have five here... issue with roof and will finish up puter when done there...

 

Currently running ComboFix on wife's Toshiba (unit we have been working on).

Update: as of this morning my HP did the same thing.

Please, where in the hell are we getting the same virus?

The only connection between the two units, other than same internet supplier and modem are:

Hotmail.com and Live.com

Facebook

Wife downloads library books from local library via Amazon.com on both machines.

Be back... as stated above, Combofix is running on the target unit but has never gotten past the first screen yet. Assuming that is a bad thing?

 

Hi....nothing open except Combofix for over 40 minutes on the first screen....
NOTE: AVG 'would not' disable...????

What shall I do? I'm afraid to do much as combofix said it shutting off my internet link...

Advise?

 

X'd out of combofix as instructed.... did not have to shut down in taskmanager... now however the unit will not hook up to the internet even though wireless connection 3 (the unit) shows it is operational... did combofix perform some action with the internet connection I'm not aware of.

 

If I may...

I did a system restore to yesterday and the internet connection is back.

Now, I would appreciate your professional opinion.

I have been using free virus / malware programs due to a limited supply of monies at this time.

"IF" I were to buy a program, which might you recommend?

 

FYI... lets put the Toshiba issue to sleep right now.

It 'appears' to be working fine.

I was only completing your request by running combo fix.

But please do opine on a security/anti-virus/malware program.

As I said before, my computer (HP Pavillion) had been attacked over night and AVG did not stop it.

I ran your copy of RK and it found two PUMs and deleted them and not it appears to be running ok... however I am running MBs, SAS also.

It seems too much a coincidence both our computers being attacked a week apart.

No porn, only emails, facebook and downloading books to her kindle from Amazon...

IF we can afford it, we'll buy and install a good program and hopefully end this BS???

 

OK... MSE is free so I'll uninstall AVG as it did not stop last nights attack on my computer and install MSE on both computers.

I'm a little paranoid right now...

 

Absolutely... MSE is installing as we speak....done and updating and then will run a complete scan...

I will then rerun everything (combofix???? too) and post the results here.

I naively thought doing a complete restore (which I did last week) would have wiped out any virus/malware on the Toshiba.

Also, while I'm thinking of it: THANK YOU, THANK YOU, THANK YOU... MG rocks... I'm so glad I found you guys a couple of years back.... I'll look MG up on Facebook and give some good feed back too.

 

IRQO

Dammit.... MSE installation not complete and I got a blue screen with Driver_IRQL_NOT_LESS_OR_EQUAL on the TOSHIBA we've been working on...

 

OK Doke.... with F8 start?

 

I used the word 'attack' because yesterday when I left my computer (the HP) it was fine... and I ran the AVG scan as I went off to bed. This morning when I returned to my computer the AVG screen was still showing and it said 'nothing found'... however, upon closing AVG and attempting to go online it immediately would not connect to the internet.

This is exactly the same schedule of events when my wife's Toshiba was infected...

 

I've only used the F8 boot, but I can go into msconfig and do a boot from there with networking.

 

I most often use F8 with network, but I can also use msconfig and set to boot..

 

#1 - The unit will only boot when I set the bios to boot from the cdrom (checked and first in order) and leave the HDD unchecked and second in order.

#2 - The past day or so the unit has booted clean, right to the OS and opened fine from there.

FYI... the unit is on all night as it is set to update (Microsoft) at 2am.

Sorry... the BSOD only happened today when I installed MSE.....

 

BTW... MSE came back clean... no problems and I ran the 'full scan'