Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Rootkit Virus Removal Help Needed


  • This topic is locked This topic is locked

#1
jaszd

jaszd

    New Member

  • Member
  • Pip
  • 3 posts
Before I pour out my heart here a sincere thank you to anyone that can help me with this problem.

I was stupid and dowloaded a program that was supposed to help convert some .avi files ......big mistake that's when I opened the door.
It started with the computer running a little oddly (slow and not responding well) I ran multiple virus programs as usual and that's when things started to surface. The usual programs (CCleaner, RegCure, Spyware Blaster, Malware AntiMalware, Spybot) I ran were picking up the odd Trojan and then others were not....same old same old. Then I went to run the big guns....Superantispyware and got a blue screen of death with a Page fault in non paged area stop error, this would occur at start up or a few minutes into the scan...it will now run in safe mode after I run the afore mentioned programs. Then I could not connect to the internet and lost my firewall. This has been fixed only temporarily....given time I lose my firewall as the viruses come back.
I would have attempted to boot from CD to cure some problems but I do not have my XP cd as it was a preloaded machine and my old work terminal before my former employee went poof! (my only severance after years of service) So it's an old networked machine that is no longer being used as such, I am running XP sp3. I have tryed lots of rootkit detection programs and was only succesful with Regrun to find some naughty files and used Combofix to arrive at the spot I am at now... knowing that I have various infected executable files (userinit, svchost, spoolsv & explorer).
I would like to get this machine back in my hands as I will not put any sensitive information through this thing on the net until I know it is clean. Any help would be appreciated.

Thank you in advance!
  • 0

Advertisements


#2
Dan

Dan

    Trusted Tech

  • Retired Staff
  • 1,771 posts
Hey jaszd -- welcome to G2G :)

I suggest you go to the Malware Forum and run all the steps located in the START HERE thread. These self-help tools will allow you to clean up to 70% of problems on your own. If you are still having problems after performing these steps, then please follow Step Five: Posting a Hijack This Log; ensure you post your log in the Malware Forum. If you are unable to run and/or post a HJT log, then post that in your initial post in the topic you create in that forum.

If you are still having problems after being given a clean bill of health from the malware expert, then please return to THIS thread and we will pursue other options to help you solve your current problem(s).
  • 0

#3
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
The infection you have is too nasty to fix, you would be better off doing this I feel

You are infected with a polymorphic file infector called. This infection can and will infect all the machine's executable files .exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.

Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain .exe, .scr, .rar, .zip, .htm, .html files.
  • Backup all your documents and important items only.
  • DO NOT backup any executable files (,exe .scr .html or .htm)
  • Do Not back up compressed files (zip/cab/rar) files that may contain .exe or .scr files
  • Reformat and Reinstall as outlined HERE


I suggest you do the following immediately:
  • Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
  • DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

  • 0

#4
Dan

Dan

    Trusted Tech

  • Retired Staff
  • 1,771 posts
That's a shame -- thanks for the input, Rorschach :)
  • 0

#5
jaszd

jaszd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thanks for the info! I was hoping that there may have been a way to restore things without a reformat and restore. It is only the .exe files that are showing up after each scan. There was no sensitive information on this machine as I refuse to keep passwords for just such scenarios...but thanks for the advice.
I have posted a HJT file in the forum just on the off chance there may be some salvation. If you have a chance please take a look and render your final opinion as the machine functions well and only has connectivity and firewall issues if I do not keep it clean....other programs work fine!?
Thanks again!
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Will close this since you are being helped there. Really isn't much you can do besides reformat with this one.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP