Pesky malware in XP

Hi All,

I have a computer that I use for work. Iwork from home, sp it is essential that I have a working computer.
I use a home-built unit with XP SP2.
I get a lot of email from abroad, and 5 days ago I got an email from russia containing a job offer.
I did not think about it at first, but when I read the email, my harddisk started working quite noisily.
Also I had a pop-up with scrambled writing on the buttons.
I closed the pop-up with Alt-F4.
After a while I noticed that I could not keep windows open in my browser (Firefox), I was restricted to just one or occasionally two (I use tabbed browsing a lot).
I switched to Internet Explorer which was slightly better.
After some standard procedures (Rollback of Windows with System Restore, etc) I started the virus checks...
ha-ha !
NONE of them would start!
Updating them did not work.
I checked this forum and tried to follow the advice....
When I typed the name of Malware's program in the browsers, the browsers closed, both Firefox and Explorer.
I used an other computer to download the required programs, transferred them to the sick computer using SKYPE, but I could NOT start any of them.
I tried online virus scanners, but only one of them worked, and it did not solve the problem...it found things, but it said "some items could not be removed"

This is obviously a VERY cleverly written piece of software...
It will not allow me near any anti-virus/malware/cleaning software, so obviously I cannot post any logs...

SO THE QUESTION IS:

Where do I go from here.
I do not want to nuke the harddisks on my computer unless I really have to.
I only have partial back-ups of my files.
Is it possible (= safe) to take out the harddisks and scan them with another computer using cabling (USB + Power, etc) for external harddisks?
Or do you have any other solution that I may have missed?

Thanks in advance,
L-D

 

The virus scanning programs did not start at all, not even the online ones, with one exception - I think it was BitDefender (sorry do not remember) and that one scanned for 3.5 hrs but could not clean away the crud.
I tried renaming the programs even by just using a number + exe (like 1.exe) but as soon as the program started it exited...ComboFix, MalWareBytes, Avira Antivirus, MGTools, etc, no program started.

 

Now that you mentioned that, I did not try safe mode.
What do you think of the idea of taking out the disks and givibg them the treatment outlined under "READ & RUN ME FIRST. Malware Removal Guide " from another computer with WIN 7?
Is there any risk of the nasty stuff migrating to the clean computer?

 

Let's hope the writers of the malware did not think of that when they designed the defences for the malware.
Do you have any other advice?

 

Thanks!
I will have a go with this tomorrow.
It is time for my beauty-sleep right now.

I will keep you posted on the progress, if any.

L-D

 

Hello again,
after a busy morning, I finally got round to using BitDefender Rescue-disk
It scanned for more than 4 hours, and cleaned out some stuff, but said that it could not delete 3 files.
After that I tried to run Windows in safe mode in order to run the anti-malware programs listed under "READ & RUN ME FIRST", but I could not start in safe mode...all that happened was that Windows returned to the meny where it is possible to select between the different modes of starting the OS.

I will have a go with Kaspersky Rescue Disk and report back

 

OK,
I will have a go with this step if "Herr Kasperski" cannot do the job.
That disk is busy working right now.

 

Hi again.
The reason I have not replied sooner is that the The Kaspersky Anti-Virus Boot Disk took a long time scanning my 1TB computer disks.
On startup it would not start in the graphical mode, so I had to restart in text mode.

That was quite nostalgic.
It reminded me of the days when the debate was which OS was best; DR-DOS, IBM-DOS or maybe even MS-DOS. Lotus 123 and WordPerfect ruled the roost in application software, and there were rumors of floppies that could save an amazing 1.44 Mbyte of data.

The Kaspersky Boot Disk Anti-Virus "quickly" ran through most of my files (it took about 4 hours to reach 95%) and identified a lot of suspicious files which I had to delete by typing the letter V or L respectively.
Then it started scanning my Linux and MAC files (93 GB) and that REALLY slowed down the scanning process!
Some small GIF's took as long as 4 seconds to scan, so those last 93 GB took more than 24 hours to do.
When the scan was finished, I disconnected from the Internet.
(It was connected during the scan, because the Karpersky disk needs an Internet connection to download the latest anti-malware definitions when it starts).

Lesson learned - Move ALL Linux and MAC files to external harddrive for faster scanning!

I disconnected the Internet and restarted normally.
I then uninstalled and re-installed my firewall and my anti-virus, and that got them working again. I downloaded them using another computer, and I only reconnected to Internet once my firewall and anti-virus was up and running again.
So it took a long time, but the wait was worthwhile.

So, after 4.5 days of scanning and scanning I now have a "clean" computer.
Considering that I usually charge $50/hour for my work, it means a potential loss of $2.600 (I usually work 12 hours a day), so if anybody is considering a class action lawsuite, I am willing to join!

I would like to thank
TimW for the great help,
Major Geeks for hosting this site,
Karsperky for a great peice of software and
Linus Torwalds for creating LINUX (Used on the Kaspersky Rescue Disk)

and,
may the hackers that created this malware rot in hell !

 

Hi TimW.
Well, my system wasn't up and running directly after Karspersky, bt at least it allowed me to start up the Avira Antivirus, Malwarebyte's and my firewall programmes.
The malware had prevented me doing this before.
Malwarebyte's found some twenty-odd instances of infection and when I ran Avira Antivir, it found another 3.
I assume I am rid of the pesky little buggers, and I have increased my level of protection in the firewall to an aggressive one.

In brief, Kaspersky did not remove everything, but it took away enough for me to be able to use "regular" anit-malware solutions.

Further, the issue of the incredible SLOOOOOOW scanning of LINUX and MAC files needs to be adressed. 3-4 seconds for a tiny GIF is not acceptable, and I would not be surprised if some users simply exited when Kaspersky started to slow down....then again, most people do not "schlepp" around 100 GIG of MAC and LINUX software on their harddrives.

Once again, thanks!
L-D