Spyware/Trojan from hell

About a year ago I pissed off a hacker, I used to run Norton and he got into that easy, since then I've been trend and ESET, which pissed him off more, and the guy got me finally, he custom designed a spyware and trojan packet that came in on a video stream, it disables my nic card in windows, everything else runs except my internet, so online scans are out, I delete the files, folder and partition even and windows still has no connectivity, I think its in some sort of hidden unix type folder because I delete the files from the boot record, system restore even manually from linux, and still no go, any solutions beside reformat or reinstall seem hopeless, my problem is I don't know how to guard against this comming back, I need a programmer to help me look at this thing. btw the malware is useless against unix/linux/and mac, its windows specific, and gets in through real and wmplayer video streams.
another note is panda can find this threat but it replicates itself some how, I'm at a loss. help....ideas?

 

Welcome to MajorGeeks.com, please follow our standard cleaning procedures:

http://www.majorgeeks.com/images/grenade.gif Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

http://www.majorgeeks.com/images/grenade.gif Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

http://www.majorgeeks.com/images/grenade.gifAfter doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis

• Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around..

http://www.majorgeeks.com/images/grenade.gifWhen you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:

• CounterSpy Log - only for Windows XP, 2K, & NT users
• AVG Antispyware Log - ONLY IF NEEDED you were not able to run CounterSpy. - only for Windows XP, 2K, & NT users
• Bitdefender Log - from step 6
• Panda Scan Log - from step 6
• runkeys.txt - the log from GetRunKey.bat
• newfiles.txt - the log from ShowNew.bat
• HijackThis Log

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

well I can't run any online scanners because the spyware and trojans block me from accessing the internet from windows even in safe mode, I've tried reinstalling the nic, installing a new nick, repairing windows from the blue screen, everything I can think of this thing blocks me from accessing the internet no matter what browser or connection I use, and the nic works in linux so it isn't hardware, even if I do install a new scanner I can't download any updates to combat this threat. I think it is using administrative privelidges to bypass my anti-virus. Basically it seems to be have somehow seperated my operating system from its networking capabilities, so its using my networking system to spread or host or what ever its doing, also I must mention that this infected computer is xp x64 so its basically a server with a seperate user interface for working, so I have the xp part but my server has been hijacked. right now its disconnected and windows is disactivated so this threat is contained. What I think may have happened is that I was able to remove the threat with panda but the threat was disigned to take my networking capabilities down with it. which means exe,dll, and other components are now gone and a complete reformat and reinstall maybe my only route, how ever I have tried every trick yet and I may be able to fix it. either way I'm going to copy this malware to a cd and mail to panda and trend so they can develope protection against it.

 

Try to download the tools to the infected computer and attach logs from ShowNew, GetRunKey & HijackThis.

Also, try to run the below is you can transfer the files to the infected system.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Attach this log to your next reply

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

 

I finally got it off, the last part of this malware was tricky but I got it, it had stuck a freeze command in my anti-virus kernel, all I had to do to finish removing it was turn-off my anti-virus, deleted the last part of the malware, reboot my system, my anti-virus has its own kernel so thats whats been happening.

 

Good to hear you got it fixed.

You should see this article on How to Protect yourself from malware!