Mutating Malware is sending me in circles

Discussion in 'Malware Help (A Specialist Will Reply)' started by Caniman, Nov 1, 2007.

  1. Caniman

    Caniman Private E-2

    Hello,
    You folks are ace, I have spent days trying to undo my sins of file sharing.
    I have been right through the MALWARE REMOVAL GUIDE and read alot on other forums but things seem to be changing all the time.

    1\ My Virus Protection shutdown and would not start up again.
    2\ I cannot boot in Safe Mode
    3\ I cannot do windows security and ie updates (I have had to go back to ie6 to be able to use the internet.
    4\ I could not install Spybot

    Things I have done wrong
    1\ I got CCleaner to remove files and not quarantine them
    2\ I have done to much file sharing
    3\ I could not find some old quarantined files on my slave drive (E) but there arn't that many

    My guess is I have this Bagle.SP worm plus more
    I would also like to get rid of Bittorrent's DNA.exe which is a new download accelerator tool which is written suspicously like a virus for my liking.

    Can you help please;)
     

    Attached Files:

    Caniman, Nov 1, 2007
    #1
  2. Caniman

    Caniman Private E-2

    Here's the Rest of the files.
    Some of the times are slightly wacky
    and why Combofix2.txt is called 2 is because I had to do a system restore to get back on the net.

    Thanks in Advance
     

    Attached Files:

    Caniman, Nov 1, 2007
    #2
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Did you do the system restore before or after the Bitdefender scan?

    You have Coubterspy installed ..did you not get a log when you ran it?

    Please use windows explorer to find and delete:
    C:\Documents and Settings\Peter Goodman\Application Data\BitTorrent DNA
    C:\Program Files\BitTorrent_DNA\dna.exe

    Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    After clicking fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Attach new logs for:
    ShowNew
    GetRunKeys
    HJT
     
    TimW, Nov 1, 2007
    #3
  4. Caniman

    Caniman Private E-2

    Thanks for your reply.

    I did the system restore before starting the Malware removal Guide fresh. I had only run CCleaner before hand but ran it again. I thought I had included a log for it but will include it again on another message.

    I was not sure if I was to reboot after your previous instruction before running new logs so I didn't.

    Cheers
     

    Attached Files:

    Caniman, Nov 1, 2007
    #4
  5. Caniman

    Caniman Private E-2

    Here are the other log files from earlier.
    These are from before I did the changes in your last thread.
     

    Attached Files:

    Caniman, Nov 1, 2007
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Are you still having problems?

    You should go ahead and use windows explorer to find and delete these:
    C:\Documents and Settings\Peter Goodman\Local Settings\Application Data\BitTorrent DNA
    C:\Program Files\BitTorrent_DNA

    Otherwise I am not seeing any problems. :)
     
    TimW, Nov 2, 2007
    #6
  7. Caniman

    Caniman Private E-2

    Thanks Tim,

    You have been ace.

    Bittorrent DNA did not want to dissappear without me uninstalling the latest Bittorrent Engine aswell (6.0). It shut down my internet if I followed your instructions so I simply unistalled the BT engine first and then the BT DNA would uninstall fine. DNA is a nasty product in that BT has clients paying them to have access to your computer from what I can work out.
    Now I have been able to reload my VP and Spy protection which is CA Security Centre (is this a good product?).

    I have also been able to do some MS updates. I am still having problems with the latest security update but I think this is because I did some fiddling way before I even contacted you.

    I am still not being abe to boot in safe mode but will do a bit more investigation in what I did to my XP setup before I ask for more help.

    I will also clean up as per other threads instructions

    Thanks again
     
    Caniman, Nov 3, 2007
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Not a problem.:)

    CA is a good anti-virus, though I don't recommend any "pay for" utility.

    As to your safe mode problem, try doing this:
    Insert the XP OS cd in the drive
    Reboot
    Choose the "Boot from the CD option
    Select "R" from the blue screen (this leaves you at a DOS prompt)
    Enter "CHKDSK /R" --.no qoutes and note the space between K /
    Wait until completed
    Shutdown PC
    Start PC as usual.
     
    TimW, Nov 3, 2007
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds