Virus that reappears after deletion - Logs Attached

Hi, I have a really bad virus/malware that I cannot get rid of. I have tried Norton 360 scan, Norton Power Eraser, Norton Recovery Boot Tool. None of those 3 procedures found the problem.

Also, I ran Spybot and Malwarebytes which found the problem, but it just came back after removal. I think I have a SmitFraud Trojan (based on Malwarebytes scan). Thus, I tried SmitFraudFix and that didnt work or it was blocked.

At one point I restarted my computer and found that all my virus removal programs were gone! I have never seen that before. Not sure if they were deleted or blocked, but I had to re-install all the Major Geeks recommended programs again. Here is what came up on each:

1) SUPERAnitSpyware - nothing found

2) Malwarebytes - found smitfraud, removed, and came back again

3) ComboFix - looked like it was trying to fix some reigistry keys, however, they were locked so it wasnt fully complete. Also, it gave me a warning before it ran that Norton 360 was running prior and I couldnt disable it as it wouldnt show up in my Icon Tray; access to the program was still being blocked by the virus. Instead I "Ended Process" in Task Manager for the Symantec process beforehand. Hopefully it didnt interfere with the ComboFix run.

4) MGTools - Ran and generated logs.

Attached are my respective log files.

Computer - month old Toshiba Protege Ultrabook
System OS - Windows 7
I am working on a separate, stable computer to use this forum and to download programs. I have been transferring programs/logs between a USB, as mentioned before, it seems like the infection is interfering or removing my Anti-Malware programs.

PLEASE HELP! :cry

Thanks in advance, Jon

 

Hi, looks like it found Rootkit.Boot.Pihar.b. I "cured" and restarted. However, Norton still doesnt work properly and I reran Malwarebytes. This time it found only 1 threat (instead of 2 before). I cleaned and restarted and it is still there.

 

Hey sorry, I was running late this morning for work so I didnt have time to gather logs. Here they are. Thanks for your help.

Jon

 

Thanks for the reply. I performed the procedures you recommended and attached are the logs. Here is what I saw:

ComboFix ran normally except I didn't get the error message you mentioned below.
TDS didnt find anything.

One thing to note....when I run ComboFix, it gives me a warning that Norton is running, but there is no way I can turn Norton off as 1) the program denies me access since it is being blocked by the virus, 2) the Norton Unistall does not respond (probably blocked as well). I don't see the program running in the Task Manager and the only thing I can do is End Process of an item that appears to be a Symantec process. However, even after I end this process, CombFix still gives me a second warning. Do you know another way I can disable Norton? (same problem in Safe Mode)

My computer still is the same at this point. One other thing this virus is doing is changing my time settings to military format (i.e. 21:21) even after I change it back.

Thanks for your help.

Jon

 

Here are the logs. Not sure why they didnt upload with my last message.

 

Hi, I removed the item you requested. Things are still the same as before. As I mentioned, I can't disable Norton and possibly other programs as they are malfunctioning and I dont have user interface visability.

Do you think I can remove Norton through HJT and then re-run some scans to see if it was interfering with ComboFix, etc? What would you recommend?

Thanks, Jon

 

Update: I removed Norton using their webtool; however, when I run ComboFix again, it gives me a warning that Norton is running even after I uninstalled it. I am thinking this virus is masking through Norton somehow. Also, I ran MalwareBytes again and it found 2 more viruses, but the computer is still the same.

>sigh<

 

Hi, I re-ran Malwarebytes and it doesnt show anything now, but the virus comes back after a while. I bet if I run it again in a day or two, Malwarebytes will find 1-2 more different items. Attached is a screenshot of my current quarantine which shows different items found on different days. Also, I attached my log with the latest virus and the latest log that I ran just now.

These scan programs make it look like my system is clean, but my computer still isnt operating the same. My settings still change to odd items (time) and my browser (Firefox) lost its themes, certain programs won't operate. Also, every few days Malwarebytes will find something new.

If it isnt malware, what is it? A virus/infected registry key? It seems like it is an infected System32 file that keeps changing. I did a PC backup about 2 weeks ago and would be willing to restore it, but I am pretty sure that this problem is more deeply rooted and dont think it will change anything.

Thanks, Jon

 

Hi, I swear I posted a reply with log on 3/16/12. I came back online today to see if I missed a message or something since it has been 10 days and noticed my last post was not on here. IDK.

Anyways, attached is a Malware log as of today and a screenshot of my quarantine showing items that have been found in the past 2 weeks. Malwarebytes still shows nothing but I know the virus is still on here as processing problems are still present and new infections will be found in 1-2 days of computer use. I believe it is a deep RootKit infection or System32 infection that just keeps resurfacing. MalwareBytes will find stuff, then in 1-2 days it will find something new. Attached is a screenshot the item in Quarantine. You can see that new infections come up after I scan every few days. I know there hasnt been anything since 3/17/12; however, I have not used the infected computer since that date.

What would be the final steps? A full reboot? This is the worst virus I have ever had.

Thanks, Jon