Serious Problem

Discussion in 'Malware Help (A Specialist Will Reply)' started by K1ttenface, Oct 12, 2008.

  1. K1ttenface

    K1ttenface Private E-2

    I have had a virus attack which has rendered my pc unusable (i am currently using my sister's pc). Assuming it starts up correctly, a maximised internet explorer window covers the desktop (below the icons) with a fake virus message that links to an assumingly malicious virus scanner site. The words "VIRUS ALERT" have appeared next to the clock on the taskbar. It continuously opens popups linking to teh same site as the background and any attempt to use firefox results in being redirected to various malicious sites. It has also taken administrative privlages and removed all programs from the start command, disabled access to teh control panel, task manager and the command prompt. I scanned with AVG 8 (which i could only access due to having a desktop icon) which did not find anything (after 1.5 hours of scanning) could not connect to update and crashed as the scan finished. Spyware S&D (which was continuously blocking registry entries) found malware in a scan, then froze when i tried to heal them. It also causes the task bar and desktop to freeze soon after making it diffucult to do anything successfully. I am using windows XP
     
    K1ttenface, Oct 12, 2008
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    I will be asking you to run our full cleaning process in a moment, but first I want you to use one particular tool from our procedure. Please download and install Malwarebytes Anti-Malware
    • Important: Rename the downloaded mbam-setup.exe file to mb.exe to help work around certain malware that will block it from being run.
    Now we need to run Malwarebytes Anti-Malware. Please carefully follow the instructions in the below link to most effectively run it and obtain a log:
    You don't need to attach this first log yet. After doing the above, work thru all of the below and use the notes that are provided to help you sort thru some potential issues.


    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.


    READ & RUN ME FIRST. Malware Removal Guide
    • If something does not run, write down the info to explain to us later but keep on going.
    • Do not assume that because one step does not work that they all will not.
    Notes:

    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
     
    chaslang, Oct 12, 2008
    #2
  3. K1ttenface

    K1ttenface Private E-2

    Hmm, it seems to have gotten worse. Starting up the pc now results in it not responding to any input, and restarting it in safe mode results in a bsod saying the video driver will not initiate. I'll give it another try after collage but if not, ya think a professional could do somthing about it if i take it to a shop? I don't wanna pay if i know it won't work, and my data on that pc is valuable.
     
    K1ttenface, Oct 13, 2008
    #3
  4. K1ttenface

    K1ttenface Private E-2

    OK, i'm back. I have talked to my networking lecturer and she suggested booting in linux (somthing which i have never done before) and copying the files onto a flash drive the to my sister's pc (i've got a slow 4GB one and about 30GB of data i wanna save) then re-formatting. I also asked in a local computer repair shop and he said he refused to use linux, but if i let him, he would try and save my files and reformat with a windows pc, but there was a chance that he could not if the virus was using windows admin privlages to prevent it. Any suggestions? (such as how to save teh files with linux or how to access safe mode without the video driver bsod)
     
    K1ttenface, Oct 13, 2008
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Have you actually tried to run anything that I gave you to try. You really should have attempted everything as instructed because if the problem really is malware, it will normally help make things better. Or do you really mean exactly what you say in that NOTHING at all works in normal boot mode???? How far do you get during boot up and login? Do you get to your normal Desktop? Have you tried logging into another user account if you have one?

    Yes there are many other ways to possibly help fix your PC and/or backup data. However we do not have the time to guide you thru the steps of building special CDs (and there are many of them) and how to use them. It may just be easier for you to put your hard disk into another (properly protected) PC and backup your data files. Afterwards, put your drive back into your PC and delete the partition, format and reinstall.
     
    chaslang, Oct 15, 2008
    #5
  6. K1ttenface

    K1ttenface Private E-2

    yes, sadly, i cannot run anything. Windows starts, the desktop goes white, icons and the taskbar appear (including the words "virus alert" next to the clock, which it inserted at an earlier stage) and the cursor stays as an hourglass and dosn't respond to clicking. Your suggestion to move the harddrive to another protected pc was the same answer i was given when i asked a local computer repair shop what they would do but, due to it removing task manager and control panel, there is a chance that it would stop him making changes through admin privlages, and he would just re-format it, which would be bad because i have every photo i've taken in the last decade on the HD not backed up, as well as hundreds of CDs on itunes, a lot of which i borrowed from people who have moved house and backups of a few rare pc games i have lost the disks from.
     
    K1ttenface, Oct 15, 2008
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    When you put the drive into another PC, you could possibly clean up the malware that is adding these restrictions. And when you add this drive to a clean PC as a slave, you could at least back up your data ( photos,...etc). The task manager and control panel issues are only when you boot the infected drive.

    You did not say whether you tried other user accounts.
     
    chaslang, Oct 17, 2008
    #7
  8. K1ttenface

    K1ttenface Private E-2

    I don't actually have different user accounts set, the malware just caused certain feeatures to be blocked, saying it was due to admin restrictions. Does this mean it could prevent access to the files on the harddrive?
     
    K1ttenface, Oct 17, 2008
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No! I cannot offer any other suggestions other than saying what I have already stated, "put it into another PC as a slave drive and backup your data". Then you could try scanning the drive too but odds are it will not make it bootable.
     
    chaslang, Oct 18, 2008
    #9

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds