Need help with likely malware/trojan

Hello there,

I am pretty sure I have some malware on my computer, I cant access the microsoft website and a lot of anti malware sites. The internet is a bit laggy too other than that everyhting works okay, one of my online accounts may of been hacked so I changed my passwords and things like that. Hopefully the logs are attached correctly. All anti virus software ran okay except Search and Destroy, I had to change the .exe name to get it to run.

 

2nd post just to attach the MGlogs.zip, looking forward to getting some help :wave

 

Hi! Welcome to Major Geeks!

I am reviewing your logs. Please be patient as there is a lot of information to review

 

Thank you! I appreciate the help a lot. It's 4 am here, I will sleep and follow your advice after some needed rest.

 

You are infected with Ramnit!

In most cases the only safe and reliable way to properly remove Ramnit is to reinstall due to the damage it causes and also due to the security issues it opens. So let me first post a canned speech/warning about Ramnit.

 

Damnit not Ramnit! Firstly thank you for looking at the logs and diagnosing the problem, at the moment I can't re install even if I wanted to, I havent got a windows xp disk to reinstall. The computer infected is pretty old and I am willing to try and sort this out even if it ends up breaking the computer as a result. Short answer: yes I would like to attempt a clean.

 

Let's try this first..

ESET Online Scanner

1. Do the scan once
2. Reboot your PC when it is finished!
3. Go back to do the scan AGAIN
4. Reboot your PC AGAIN when it is finished!
5. Do the scan for a 3rd and final time
6. Reboot your PC AGAIN when it is finished!

Come back here and Attach all 3 logs from the 3 scans here

 

I can't open the link, this is one of the cases where I am being blocked from opening an antivirus link

 

Do you have another browser you can try? Firefox? Opera? Google Chrome?

 

Firefox and Internet explorer, both don't work, google chrome isn't even opening up at the moment

 

First, see if you can run this tool from Normal Mode: FixIt

Now try running the ESET Scanners.
If that doesn't work


Boot into Safe Mode with Networking

Starting your computer in Safe mode with Networking

Once in Safe Mode...

Please download and run the below tool named Rkill by Grinler which may help allow other programs to run.
There are 6 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Administrator

You only need to get one of them to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

1. Rkill.exe
2. Rkill.com
3. Rkill.scr
4. IExplorer.exe
5. uSeRiNiT.exe
6. WiNlOgOn.exe
   

Once you've gotten one of them to run then try to immediately launch a browser to proceed with the ESET scans.

 

If the above doesn't work.

Please uninstall ParetoLogic PC Health Advisor
If you are prompted to Reboot the PC for the changes to take effect, please reboot.

Now download and install MSE

Try to update MSE from within the program

If you have trouble updating MSE, try downloading and installing the latest virus definitions for MSE by clicking here: http://go.microsoft.com/fwlink/?LinkID=87342
Just double click this file after it finishes downloading, the updates will automatically be applied.

Now run a FULL scan on your C: drive.

 

Doesn't let me open Fixit in normal mode, I can't reboot into safemode, when I try the computer just loops on start up, I tried repairing the safemode registry with SUPERantispyware, still didnt work. I have MSE on my desktop already and it won't let me update it, I tried downloading the updated version, it wouldnt let me access the link, I tried accessing the link via a proxy and it still wouldn't let me.

 

I can't open up the RKILL links, anything from bleeping computer actually.

 

It seems as though Ramnit has its hooks too deep into your system to fix the problem using traditional methods. An offline scanner still may help though.

We recommend that you back up your important personal data to CDs/Flash Drive/External Drive, etc before proceeding with the following.

Note: It's very important that you don't backup any executables (.exe) or any .html files (example: your Favorites). If you back even one executable file that is infected, and rerun it in any form, you will start the infection all over again.

Note: If you don't have any important files on the PC, then skip this and refer to LAST RESORT section at the bottom of this post.

1. You need to make this CD using a different, uninfected PC

Avira Rescue CD - also see Tutorial for Avira Rescue CD for instructions on what to do after you've successfully created this Bootable CD

___________________________________________________________________________________________________________________________

LAST RESORT:

Even though you don't have your Recovery CDs to reload Windows XP, you do have a Recovery Partition (PRESARIO_RP) thanks to Compaq. You could boot off of this partition they made for you as well and restore your system to a Factory Default State, which is basically how the PC was when you first purchased it. But let's use this as a last resort.

To access this
Reboot your computer
Press F11 at the COMPAQ splash screen
Follow the instructions here

Please remember, this will wipe all your data and restore the PC in a state when you first purchased the PC!

 

Quick update I have got a new PC and I will be formatting my old one, thank you so much for your help though man!

 

You're welcome
Surf Safely!