Hi,

I have a home computer with windows XP, version 5.1 (Build 260.xspp_sp2_gdr.090206-1233), Service Pack 2
I am currently logged on in my user account and cannot run any applications except webroot antivirus with antispyware software. I suspect if I exit from this program then it won't run also, since that's what happened with internet explorer.
Spy sweeper showed 4 infections in the last run - Mal/behave-066, Troj/ByteV-Fam, Troj/Byte-Veri-A and Mal/Generic-B
The quarantine option did not work - that is quarantine failed.

I cannot access the internet or any other applications including notepad. The error that comes up is "This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix the error". With Internet explorer, it complains that cannot find the home page which is blank currently and when i click ok at the error in explorer window flashes for a second and disappears - so no internet explorer access.

I cannot copy and paste a file..I could do that 10 minutes back but now I can't - it says insufficient system resources exist to complete the requested service.

I can address the windows dos prompt (cmd) and run applications from there.

So what should my steps be since I can't access the net or run any applications. An obvious thing might be to reboot the computer and see if it's in a better state to try installing the malware/virus cleaning software - the risk i fear is it may worsen compared to where i am currently.

Hi, mpari

Welcome.

You will need an external drive such as, a Pen drive, where you may be able to copy the downloads of applications downloaded from another computer, then transfer to the sick computer and follow the instructions:

Hi, Wrathofmath8

Welcome.

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version. (if unable to update continue with the process)
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.



Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   -----------------------------------------------------------
   
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
     
     -----------------------------------------------------------
   
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
   
   
   -----------------------------------------------------------
4. Double click on combofix.exe & follow the prompts.
5. If you receive a message that Combofix has detected the presence of rootkit activity and needs to reboot, kindly write down on paper the list of files present in the message before continuing, and post it in your next reply.
6. Install the Recovery Console upon request.
7. When finished, it will produce a report for you.
8. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

I could recover with respect to running applications and internet explorer by rebooting and running with the option run windows with last known working configuration (pressed F12 at power on)
So I downloaded the 2 programs that were suggested and logs are attached

here is the log from running Malware bytes:
Malwarebytes' Anti-Malware 1.36
Database version: 2079
Windows 5.1.2600 Service Pack 2

5/5/2009 12:57:07 PM
mbam-log-2009-05-05 (12-57-07).txt

Scan type: Quick Scan
Objects scanned: 143599
Time elapsed: 36 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

*******************************
here are the logs attached from running combofix.. combofix.txt and hijackthis050509.txt
i am attaching it since unclear whether to be pasted or attached...

So what are the next steps..are there still issues that need to be resolved?

thanks so much!

Hi, mpari

Logs seem clear. Are all sympyoms gone?

Hi,

I didn't have any of the symptoms after I rebooted with an old configuration. I ran webroot anitvirus with antispyware again and all the four infections showed up again:
Mal/Behav-066, Troj/ByteV-Fam, Troj/Byte-Veri-A and Mal/Generic-B

Except this time I could quarantine them with the software.

Somehow I am not confident that it's all cleaned up. Any suggestions how I can get more confidence.

Thanks!

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
• Click Start
• When asked, allow the ActiveX control to install
• Click Start
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
• Click Scan (This scan can take several hours, so please be patient)
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
• Copy and paste that log as a reply to this topic

Note: Turn Off your Security during the scan to avoid conflicts.

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.