Is this fun or what

Hi,

Over the past few days, due to conflicting Anti-virus programs (Norton AV & ZoneAlarm), my system (XP Professional & Vista RC1 on my Primary HDD and Vista Ultimate OEM on another HDD.... i also have two other HDD's connected) seems to have been infected.

I was configuring my new Vista Ultimate OEM (licensed) when it reported an error on my XP/Vista RC drive (primary disk). I setup CHKDSK to run on reboot and found that it was fixing over a 1000 File Security attribute entries on my primary drive. This was my first hint at malware activity.

After completion of chkdsk, i re-booted into XP and found that my audio mixer and network connection were not working. I tried running an avi file using VideoLan and it just closed. This was when i realized it could be the handiwork of malware (i am on peer-peer networks from time to time).

I enabled ZoneAlarm (which was disabled earlier due to a conflict) and ran the Antivirus. After running for over an hour (on a Core Duo 6700, 2GB Ram, 250 GB HDD), it identified Trojan.Win32.Agent.Ye and Backdoor.Win32.Bifrose.fs but could not clean them.

I shut down the system, disconnected all other drives (over 600 GB in all) and rebooted to find

- Firefox was launched automatically with an address like 2007.07.xxx..xxx.xxx (i dont have the actual address on hand) which i closed immediately

- my windows task bar is hidden (actually more like Autohide but it does not get active on mouse over) and my desktop is non-responsive

- I have to use Taskmanager to run any programs (some run, most don't)
- Cannot set/reset system restore (Restore points are corrupt)

After spending some time reading up in this forum, i tried the steps in "READ & RUN ME FIRST...." (logged into Safe Mode as Admin) with the following results

i. Unable to install most applications
ii Emptied recycle bin, managed to install and run CCleaner (have all the install files on a write protected USB Pen Drive) successfully
iii. Ran ZoneAlarm - no virus detected
iv. Unable to install Counterspy & SuperAntiSpyware - i get the message "The system administrator has set policies to prevent this installation"... same with Kapersky

I haven't yet tried to run HijackThis (but may not be able to provide the Logs ....wouldn't want my Pen Drive to get infected - if it already hasn't).

I did some reading but don't think the two malware identified (Bifrose & Agent.ye are so evolved). Who ever wrote this sure seems to have done some homework

Should i try running Stinger from the pen drive/boot from Install disk ???

Help much appreciated.

Thanks

 

I am trying to run the READ ME on XP Professional, SP2 (it has been my primary OS).

Haven't tried it on Vista RC1 (dual boots with XP above) or Vista OEM because
- i thought ZAlarm is not supported on Vista and
- didn't want the HDD running Vista OEM to get infected (it may already be infected)

I am suspecting that Vista RC1 is also infected since it is also not running some programs and i get unrelated error messages (when i try to run a program for example, i get an error relating to Terminal Server (Win 2003) etc.

Greatly appreciate your help.

 

Pls find attached the Logs.....

Managed to install the tools through Safe Mode and executed from Normal Mode. Copied logs back to Pen drive in safe mode. ......so far so good .....In normal mode, the Pen drive is continuously access for writing (keep getting error messages saying "Unable to write to drive....").

You will notice that NAV is still installed (as are quite a few others progs). Thats because I can neither run it not un-install it (that applies to most applications). I upgraded ZoneAlarm to 7.0.3xx. and latest virus updates but did not find any virus (had to use MSConfig to disable NAV services to make ZA run).

I am @ GMT + 5.5 hrs .... so please bear with me

 

So you think the problems below could be due to changes to File Security Attributes and not Malware ?

In that case, I will probably have to re-install XP (since most things don't work anyway) :banghead

 

Guess I'll re-install (has been long over due any way ). But before that I'll see if there's any way I can get the other three Logs.

Slightly off topic..... since i am moving to Vista Ultimate, any reviews/suggestions on choosing between NAV or ZA Security Suite ? I have NAV Trial (which expired) and ZA 7.0 (Free upgrade to Vista is still in the works). Been tilting towards ZA but if I want it IMMEDIATELY, i guess ill have to buy ZA 7.1.

Thanks for all your help and keep up the GREAT WORK :clap

 

..... roflmao by far the most candid piece of advice I've gotten in a long time :dood. Thanks :highfive