help, infected

Discussion in 'Malware Help (A Specialist Will Reply)' started by ProblemsOnly, May 21, 2009.

  1. ProblemsOnly

    ProblemsOnly Private E-2

    Hi all, I am having some strange problem concering my computer. I had all kinda stuff on my comp, but so far this is ... really bad

    i did all the steps, one by one, and i am still having problems, plus my eyes hurt from all those red MUST DO/READ, but i understand, many probably just ignore it ^^

    anyway, theres a lot things to do in read and run me first, so i'll go step by step

    My MSconfig was set and is on normal mode, Recycle Bin empty, ccleaner done the work, removed around 55 mb, i usually run it every few days or so, i am Symantec/Norton user but i dont have that Norton Protected Recycle Bin or i cant locate it at least, viewing of hidden files enabled, cleaning procedure started!

    so, i installed and ran all the programs, got logs, but there were some strange stuff, apart from my computer acting funny...

    first run showed around 30, second around 55 viruses, during all that time, when the program started or finished, or when i opened mozilla, i got message about virus from my antivirus program, and it said "virus cleaned, access allowed", before, it said something like "access denied", besides that, all viruses were the same, some "w32.sality" something like that. it popped up around 30 times.

    i am using symantec, since the problems started, i cant update it, says it cant connect, i cant open task manager "task manager option has been blocked by your administrator" ... yeah right, i am him -.- , also ... on start up only 1 thing is starting, sound program from speed-link medusa, which is normal, but not the antivirus, which should, and when i start it, its like nothing happened! also, CCleaner, when i started it, and clicked anything, for example - analyze it would perform the action and shut down, or cleaned all and shut down, and so every time i would start it, i assume this is cuz of virus/es... also, i noticed my system restore was OFF, which is strange cuz i didnt touch it before it said so in instructions and i am positive it was ON before problems started

    also, my IE freezes every time i start it, this started the same time when other problems did, i dont dare to start it anymore cuz then my comp freezes as well, besides i only use mozilla

    if i forgot something, i'll add, but thats all i can think of right now

    also, Task managed started.. "working" after i finished cleaning procedure, but other problems persist...

    Thank you for all the help in advance ^^

    here are log files, hope it will help

    p.s. sry for the long post : \ i just hope i wont have to format disk, but i have the feeling i'll need to:cry
     

    Attached Files:

    ProblemsOnly, May 21, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    If you truly have a w32.sality infection, you may be in for a total reinstall inorder to insure the integrity of your system. This infection can spread to all executable files on your PC. Let's fix what I see and then see where things stand.

    First since this infection takes advantage of the Windows autoruns feature, you need to disable this. So run this: Disabling AutoRuns

    All removable media and drives need to be cleaned but running your antivirus scanner on them. Also delete folders named resycled on any drives. Check your removable devices. (Note the spelling)


    I strongly advise you to cleanup your Desktop. Remove eveything but links to run programs. Do not download and save programs here and defintely do not use it for long term storage. You need to keep ComboFix.exe here for now as we need it, but we will be removing it when we are finished with your cleanup. A cluttered Desktop is malware's playground and it can also cause performance degradation especially when you start saving large files here like you are doing.

    Uninstall the below old versions of software:
    Java(TM) 6 Update 11
    Java(TM) 6 Update 7

    Now we need to use ComboFix.
    • Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
      • If it is not on your Desktop, the below will not work.
    • Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
    • If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
    • Open Notepad and copy/paste the text in the below quote box into it:
    • Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    • At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    • You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    • Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    • Follow the prompts.
    • When it finishes, a log will be produced named c:\combofix.txt
    • I will ask for this log below
    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.


    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • C:\ComboFix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, May 23, 2009
    #2
  3. ProblemsOnly

    ProblemsOnly Private E-2

    i managed to reinstall norton, and run it, update it =) and get rid of sality stuff, at least so says the scan results :D

    then i followed your instructions, and did all the steps :)

    i got everything working, no more pop ups, IE works, autorun disabled, and all scans didnt find anything =)
     

    Attached Files:

    ProblemsOnly, May 25, 2009
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your logs are clean.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
      • Delete the C:\combofix folder from combofix (if it exists)
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    6. Go to add/remove programs and uninstall HijackThis.
    7. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    8. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:
     
    chaslang, May 26, 2009
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds