Malware/Rootkit/Trojans Amuck

Discussion in 'Malware Help (A Specialist Will Reply)' started by Jadeauto, Apr 11, 2009.

  1. Jadeauto

    Jadeauto Private E-2

    Evening,

    I was stupid today, and opened a file without checking what it was. Say hello to the quickest, nastiest infection I've ever gotten sofar. (Before you ask, yes, I was stupid and trying to find a bypass to a simple program. Lesson learned. Who knew that 21kb would lead to such a mess?)

    Logs attached. Still have leftovers after the nominal xp cleansing.

    SAS, MB, CBFix, and MGTools run. SAS blue screened on run #1, tweaked as per directions and it completed on run #2.

    Currently just running SAS again for curiosity's sake, it's picked up less than the first two passes, but there's still some left. Won't delete/etc until I get a response from my logs being reviewed (this is just to see what's left - only 8 files found this go around, Trojan.Agent/Gen-Reader_S and Trojan.Agent/Gen-Waledac, along with two measly tracking cookies).

    Thank you in advance for your time and effort in helping me (even if it is just to remove the last little bits of this infection). Lesson learned for me, I don't like having to stay up so late to fight this kind of problem.

    Sincerely,

    JadeAuto
     

    Attached Files:

    Jadeauto, Apr 11, 2009
    #1
  2. Jadeauto

    Jadeauto Private E-2

    Much as I dislike having to post again, I rebooted my computer after posting the above, and lost all internet conectivity. I attempted to repair using SAS's repair connection tool, but nada. Also attempted to reinstall my drivers (using my laptop to download and a Flash drive to copy the files over). No go. Looks like I'm persnickered for the time being.
     
    Jadeauto, Apr 11, 2009
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    IMPORTANT NOTE: Some if not many, of your Windows system files are infected. And many other non-Windows files could also be infected. Even if we attempt to fix these problems (which may not be easy to do unless you have an original Windows XP SP3 bootable CD), your system may be unreliable and untrustworthy.You may need to reinstall this system.


    I'm sorry to have to bring this bad news, but infections like Vitro, Virut,...etc. can infect every executable file on a PC. They will attack all executable and not just the ones related to the Windows OS. Infections like this are not repairable (at least not at this time) and thus continued scanning will eventually result in a PC becoming totally unusable since the scanners will be deleting required system files along with files for all other programs you have installed.


    The safest and most reliable thing to do for infections like this is to just perform a total clean reinstall. I suggest that hard disk partitions be deleted and then recreated. Then formatted followed by the reinstall of Windows and other programs. We don't recommend backing up anything since the files could be carrying the infection (especially anything that is an executable type file) and you will just reinfect a new installation if you restore these backups. However if you really need personally data from this hard disk, the only method I would use would be the below:

    • physically remove the hard disk from this PC and slave it into another well protected computer. I recommend having Avast on the other PC since it seems to catch this infection.
    • DO NOT RUN ANY PROGRAMS on this infected slave drive while plugged into the other computer.
    • Copy only your data files from the infected drive. DO NOT COPY any executable type files.
    • The put this infected hard disk back into the original PC and start the reinstall process beginning with the deletion of all partitions.

    Also note this infections can spread to shared drives and also writable removable type drives. So if you have a network with shared drives, other computers may be infected. Also if you have plugged a USB flash drive into this PC, the flash drive could now be carrying the infection if any executable type files were on the flash drive. Also any PCs this flash drive has been plugged into could now be infected.
     
    TimW, Apr 13, 2009
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds