Possible Malware or Virus is keeping me from logging into my computer.

Discussion in 'Malware Help (A Specialist Will Reply)' started by Legend1392, Jun 7, 2010.

  1. Legend1392

    Legend1392 Private E-2

    Today I attempted to log into my computer and I was unable to. Instead I was getting the following error message, that would appear instead of my log in screen:

    lsass.exe System Error

    An invalid HANDLE was specified.

    After about an hour or two of running scans in safe mode, it finally let me log into my computer, so I did all of these scans outside of safe mode, and posted on this site. I don't know if the error message is going to pop up again or not.


    I think this may be some form of malware or virus, but I'm not sure. I've done all of the scans and followed all of the steps in the READ ME FIRST thread, and so far I have come up with no malware, so my system appears clean.

    I was wondering if an expert could please take a look at the logs I have to see if there is anything that the programs I have are missing.

    If any more logs or information is needed, just let me know.

    Thanks for any assistance in advance.
     

    Attached Files:

    Legend1392, Jun 7, 2010
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    1. You are running both Avira AntiVir Personal - Free Antivirus and COMODO Internet Security, CIS includes anti virus so you really ought to uninstall either avira or CIS now. You also have remains from avg running as services which we will clean up from.

    2. Why did you not run combofix?

    3. Please go to Add/Remove programs and uninstall the following software:

    • Java(TM) 6 Update 18

    4. Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    • O4 - HKUS\S-1-5-18\..\Run: [AntiSpyware Service] C:\WINDOWS\TEMP\egdld4l.exe (User 'SYSTEM')

    After clicking Fix exit HJT.

    5. Delete this now as it is not in the location we specified it to be in anyway.
    • C:\Documents and Settings\Owner\Desktop\MGtools.exe

    6. What are the below files?

    • C:\3451197.exe
    • C:\3888819.exe

    7. Now download The Avenger by Swandog469, and save it to your Desktop.

    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    8. Now reboot your machine and install the most current and up to date version of Java available here at the below link:

    Java Runtime 6

    9. Download and run combofix as per the instructions here:

    A guide and tutorial on using ComboFix


    10. Run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

    11. Let me know how things are running.
     
    Last edited: Jun 9, 2010
    Kestrel13!, Jun 7, 2010
    #2
  3. Legend1392

    Legend1392 Private E-2

    Okay I've tried to follow the instructions you've given me but I ran into a problem. When I attempted to do what you said regarding The Avenger, I got an error message saying:

    Error: Invalid registry syntax command:
    "(Anti Spyware Service Line here)"
    Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program. Skipping line. (Registry value deletion mode)

    After that error message I cancelled everything and aborted the whole Avenger cleaning process. Did I do something wrong? I'm copying exactly what you wrote into the line.

    The other question I have is which should I get rid of? COMODO Firewall or Avira Anti Virus? I've had some great luck with Avira, and I was using COMODO for its Firewall, not its virus protection, infact the virus protection isn't even installed. What should I do?

    I stopped the cleaning process at number 7 on the list you gave me, simply because I don't want to screw anything up. Just let me know what I need to do next.

    Thanks for all of the help you've given me so far.
     
    Legend1392, Jun 9, 2010
    #3
  4. Legend1392

    Legend1392 Private E-2

    Sorry for the double post, but I forgot to mention something else. I tried deleting the following files, cause I don't know what they are:


    C:\3451197.exe
    C:\3888819.exe

    And it told me they were in use, and that I need to stop the program using them in order to delete them. What should I do?
     
    Legend1392, Jun 9, 2010
    #4
  5. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    I edited a part of the avenger script, there was a small error in my syntax. We will deal with it another way, but for now, a log should have been created, so, continue on with the other steps after the avenger step and then attach logs.
     
    Kestrel13!, Jun 9, 2010
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds