Vundo, virut, bho, smitfraud

Discussion in 'Malware Help (A Specialist Will Reply)' started by Escogeek, Apr 25, 2009.

  1. Escogeek

    Escogeek Private E-2

    Running Windows XP SP3.
    OS fails to load consistently except in safe mode.
    Internet will not connect via lan or wireless although it worked briefly after running CCleaner, but failed again after SAS.
    Task manager and registry editor functions disabled by administrator.
    Ran XP cleaning procedure from safe mode under administrator account.
    Loaded malware cleaners via cd.

    Results of Read & Run Me First:
    CCleaner ran.
    SAS ran. Log attached.
    Malware bytes ran although it took numerous attempts to load. Log attached.
    ComboFix would not run. Received error message:Alert!! Not safe to continue! Contents of ComboFix package have been compromised. Download fresh copy. You may be infected with file patching virus (virut). Reloaded fresh copy and received same error message and ComboFix was automatically removed from desktop. No log generated.
    Ran MGTools. Log attached.
    Ran special removal procedure for SmitFraud. Log attached.

    Ran SAS internet recovery without success.
    Computer will now boot more easily in standard mode, but is nightmarishly slow. Desktop loads in auto-recovery mode.

    Any help greatly appreciated.
     

    Attached Files:

    Escogeek, Apr 25, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    This PC was and is very seriously infected. Even thought the scans remove a huge amount of problems, you still have a very badly infected PC. And the worse infection of them all is a Virut infection that will infect all executable files on the PC. So this leads us to the below bad news.

    I can see the reason for your problems. Your logs show that your Windows Operating system files have become infected and there is no known reliable fix for this. In addition there are many many other infected files. We could spend a lot of time trying to remove this infection, but odds are that it will not work because the nature of the infection has so many executable system files infected that as soon as we fix one file, other files that are infected will almost immediately or upon the next reboot, just reinfect the files. In addition, your PC would still basically be unreliable/untrustworthy even if we manage to fix the infected files that we can see since there could be many more that we are not seeing.

    The safest thing for you to do is backup your personal data immediately since your PC could possible become unbootable at any point in time. Do not back up any executable files. This includes programs that you have downloaded since any of them could be infected.

    Once you backup, you need to delete all partitions, repartition, format partitions and reinstall Windows.
     
    chaslang, Apr 28, 2009
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds