malware probs!!

Hi there!

Having some trouble with some malware.
Been running S&D, Ad-aware and avast, in both normal and safe mode and during bootup, all of which finds various problems, but all of which return after a reboot.

Have tried to download and run the software and online versions of the software as in the pinned thread, but it either doesn't allow me to install or run, or crashed ie when ran.

attached is my HT log. I hope someone can look at it and help me out - I am sure its something thats booting up when I boot up.

Oh, i have a folder called windows2/ as i had to reload windows a while ago - thats the old folder.


If you need any more info, please let me know.
Thanks!!

 

Hello and thanks for the reply.

As per my original post, I have tried the instructions contained within the post you listed, and either completed, or failed where the programmes would not run,
For the purpose of prudence, I'll list out what I have done;

TDSSserv - not in Device Manager.
Recycle bin - emptied
Quarantine folder - emptied
Malware programmes - none to remove
Sun Java - computer will not let me uninstall (JS2E Environ 5 - "unistaller can not be found"
MSconfig - in normal mode
CCleaner - run (in both normal and safe mode)
Folders/Files - all types visable
Clean up (for windows XP) - undertaken as below.
- SAS, downloaded. Will not install/run, even when renamed - "MSIEXEC is not a valid Win32 application"
- Anti-Malware, downloaded. Will not install completely - "run-time error '0'"
- Combofix, downloaded to Desktop. Will not run - small status bar appears, icon appears on start bar, then both dissapear.
- MGtools, downloaded to c:\ - will not run properly, creates MGtools folder, but displays message "windows cannot find 'getlogs.bat'"

I can't run, and therefore post logs, for these programmes. The only programme I can run is Hijack This - log was attached to previous post.

I run Avast as reisdent and S&D and Ad-aware on regular basis to ensure my system is clean.

My symptons are generally;
browser windows opening on casino websites.
new mail messages opening in MS Outlook to be sent to "info@webcomms4u.co.uk" (sometimes others)
problems when logging on (explorer doesn't appear to start automatically).
several instances of SVChost running in task manager

I am not too sure what I did before these happened to indicate where they come from. There has been no change in my surfing habits (only I use this comp) and I don't download and run attachements without first scanning.

Your help would be appriciated!

 

Hi there.

I don't mean this as a bump to my thread and I have read the sticky on it, but I would appriciate it if someone could let me know if they are looking into my issues.

Many thanks.

 

Ok, thanks.

Not with the comp in question until tommorrow, but will carry out what you have advised then.

One thing - is there anyway you can notate on the forums that an answer to a post is pending - my bump wasn't intentionally done to move me up the board (on the contrary, I mentioned I read the sticky on it), but I didn't know if I would be better off trying for help elsewhere if you guys were mega busy.
Just a suggestion.

 

Ok, well I followed your instructions,

fixed the HJT entries (although not all of them were there)
and copied the text for The Avenger.

The PC did reboot, and when it restarted everything looked fine and dandy.
Avast kicked in with a boot scan (which is does now and then, may have been left over from a previous session) which it completed.

But now when I try to log in, it logs me straight back out again. This happens under all users and in both safe and normal mode.

In detail - I get the XP splash screen, the blue select account screen appears, i click on my user name and it goes through 'applying settings' etc, then it instantly says 'saving settings' and i'm back at the log in screen.

I tried to repair windows with the XP disc, incase the above scans removed something, but i still get the same trouble. Any ideas?

I am exclusively here.

 

Ok, cheers will do and come back to you/

 

Ok, tried that, to the letter, no luck - again, both in safe and normal mode.

Don't know if it helps, but if the computer is left in the log in screen, then I get an error message 'program failed to start'.
It varies as to which one it it, sometimes svchost or another system process, sometimes a long list of characters.
I get the option to either cancel or ok, ok terminates the programme and it says cancel debugs, but either way, it makes no difference, I still can't log in.

Any other ideas?

 

ok dokey.

file was not found in windows installation.

First command line text didn't work - error message "Unable to create file userinit.exe

Second command line text did work - "1 file expanded".

I exited and shutdown - shall i attempt to reboot/log in?

 

Ok, Yeah that worked!

I had to re-register Windows with the key and when it logged on a lot of processes failed and had to be closed by windows, but i'm there.

Ok, will now pick up where we were before couldn't log on and report back.

 

Ok.

Running through the tools on the thread "Windows XP Cleaning Procedure".

SuperAntiSpyware - run & complete. Found several hundred items - removed and rebooted.
Malwarebytes Anti Malware - installs, but can't run - get several window "encountered problem and must close" windows.
Combofix - starts to run, but "freeware implementation of Reg.exe" performs and illegal operation and needs to close. Also get error message about wrong OS.
MGtools - installs and appears to run the .bat files. Some logs generated, but with different names. As attached.

I also re-ran Hijack this - log attached.

Thanks.

 

ah, 10-4.

please see attached.

 

oh, ok redownloaded from the link on the MGTools post.
New logs attached.

 

ok, followed the link again, downloaded and ran it.
no logs, so i manually ran the .bat files listed on the MGtools post.
These are attached, though i dont think that they all ran - i have attached the .txt files that are timed as when i ran it.
MBAM will not run - error message stating it has to close.
Also attached the HJT log from within MGTools.

Oh, it wont let me attach some files as I have already posted them in this thread.

 

Ok, thanks.

Firstly, as in my first post, Windows2 is my current windows install - i had to reinstall windows due to a problem with it booting up before I came here for help.

Running through your actions;

Antivirus/Antispyware software all disabled.
fix.bat created and run.
HJT entries deleted.
Avenger downloaded and extracted.
Avenger will not run - I get the message "avenger.exe has encountered a problem and needs to close"
MGtools will still not run and post logs. However, I attach again what it produces when I run the three .bat files manually (GetRunKey, GetUnKey and Shownew). (it won't let me attach getunkey.txt as it is already in this post)
Also attached are two logs that save in the MGTools folder itself rather than in MGlogs.zip.

I tried all of the above in normal and safe mode too.

 

to be honest, i was coming on here to say that was what i was going to do - i logged on today to do just that and have encountered the same unable to log in error when windows starts. I have a spare hd somewhere and i'll run this one as a slave and transfer the files across, reformat it, reinstall windows then make it a master and transfer the files back across.

thanks for your help anyway and patience at the begining.