very stuck

Discussion in 'Malware Help (A Specialist Will Reply)' started by RichardC, Mar 21, 2009.

  1. RichardC

    RichardC Private E-2

    Hi,

    I am stuck here trying to remove some malware from my computer. The most immediate problem, is that not all .exe files are opening (double clicking on them does nothing). This is not helpful at all (of the programmes asked to be run - SUPERAntiSpyware, Malwarebytes, combofix.exe and MGtools - only MGtools would even install/start on my computer).

    When I try to open SUPERAntiSpyware, the message "SUPERAntiSpyware Free Edition has encountered a problem and needs to close. We are sorry for the inconvenience" appears. I tried downloading again, and changing the name of the file to "SAS.exe", but still it does not work. Both Malwarebytes (which was saved to the correct place as requested, and did install) and combifix do nothing when I click on the .exe file. I have tried previosly to download combifix from elsewhere, and had the same problem.

    Using another anti-virus programme I had previously on my computer (Ad-Aware), some malware from the family "win32rootkit.tdss" has been identified. But this programme does not remove the problem for me. It suggests that the malware is hiding in running processes, and needs to be deleted manually.

    Recently, my computer had viruses on it, so I re-installed windows XP (about a month ago). I do not think it is the original copy of windows which came with the laptop, but it is a legal copy. Since doing this, the computer periodically informs me that the virtual memory is full (despite the fact I have allocated the maximum amount possible, and am doing little processing), and the computer crashes. I installed Ad-Aware and Spybot - search and destroy immediately, but now Spybot will not open anymore. Only few programmes are installed on the computer. I wiped the C drive, but not the D drive, during the re-installation of windows. Perhaps, malware/viruses were hiding in there?

    Intermittantly, during programmes operating, the computer's attention is being taken away from what I am doing. For instance, whilst typing this, occasionally the curser will disappear and I need to click on the screen with the mouse again, so I can continue typing. Or whilst a game is running in full screen, the screen will be minimised, such that I need to re-open the screen. Does this mean other processes are being opened or activated in the background, which I am not aware of?

    When turning the computer off or re-starting, it takes a long time to shut down (maybe 20 minutes). Also, before shutting down, several pop ups appear saying that .exe files do not recognise have failed to initialise properly?

    One other note-worthy point, it that there are processes running which I am unable to terminate (using Windows Task Manager). Three of these are called "csrss.exe", "lsass.exe" and "smss.exe". When I click on "end process", I am given the message "this is a critical system process. Task Manager cannot end this process". I have also been given a message, saying I am not authorised to end a process. This is only my computer, so I am (I guess) the administrator, or to that effect. So surely I should be allowed to do anything (end any process)? Is this some virus activity, preventing me from removing these processes?

    I really am unsure how to move forward from here. I will of course attach the MGtools file as instructed, but the other log files I was unable to attain. Any advise on what I can do now would be much appreciated.

    Thanks (sorry it was so long), Richard
     

    Attached Files:

    Last edited: Mar 21, 2009
    RichardC, Mar 21, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    These are necessary processes for Windows to run which is why you are not allowed to terminate them.


    Please follow the instructions in the READ & RUN ME FIRST link given futher down and attach the requested logs when you finish these instructions.
    • If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
    • If something does not run, write down the info to explain to us later but keep on going.
    • Do not assume that because one step does not work that they all will not.
    READ & RUN ME FIRST. Malware Removal Guide
    • After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
    Helpful Notes:

    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
    3. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
    Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.
     
    chaslang, Mar 24, 2009
    #2
  3. RichardC

    RichardC Private E-2

    Thanks for your reply.


    "
    These are necessary processes for Windows to run which is why you are not allowed to terminate them.
    "


    Yes that is ok, I think I was confused as there was one process called "csrss.exe" and another called "csrcs.exe", and it was allowing me to terminate the latter but not the first.

    Perhaps I should have been clear in stating that I did read and follow all the steps (which my laptop allowed me to follow) in your "READ & RUN ME FIRST. Malware Removal Guide" before my first post.

    I was so frustrated with the programmes not running, I have taken the drastic step of wiping the entire hard disk and re-installed windows from scratch. There are now no problems on my computer, which I am aware of. It is running much better.

    Before I wiped the drive, I copied everything on the hard disk onto and external (usb) hard disk (there is now about 90 gig on this external drive). Should I now follow your steps again, and scan this drive using the cleaning procedure as before? Or is there a quicker way to scan this external drive, and ensure it is safe for me to recover work from the drive?

    Thanks again, Richard
     
    RichardC, Mar 30, 2009
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    While SUPERAntiSpyware and Malwarebytes can be set to scan your other drive, the cleaning procedure is primarily meant to clean the Windows boot drive and operating system. If you wish, you can run SUPERAntiSpyware, Malwarebytes, and also your antivirus program (only run one at a time) and have them scan your external drive.


    Since you reinstalled, it would be a good idea to work thru the below:

    How to Protect yourself from malware!
     
    chaslang, Apr 2, 2009
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds