Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Severe infection on computer. CTRL+ALT+DELETE = "disabled by admi


  • Please log in to reply

#1
Ganryu

Ganryu

    Member

  • Member
  • PipPip
  • 13 posts
I have a desktop and a laptop computer. I'm using the laptop at the moment. The stationary machine is kinda old and it was infected by a virus which lead to another virus which led to another virus...

I would usually post a hijackthis log but... I CAN'T.

The machine cannot connect to the internet
The machine initially suffered from a reinstalling virus in a system file. I think it was tcpip.sys. After attempting to update that file the comp is unable to access the net (might be for the best considering the severity of the infection).

The virus infects USB devices
If i connect a clean usb device it installs an autorun.inf file along with something which is likely a virus in a file called nsshell.exe hidden in a false RECYCLER directory. The .inf file forces windows on the recipient machine to run to the virus file. I have, of course, kept all usb devices far away from any other machine. Neither file can be removed and the virus prevents killing the autorun.inf and the RECYCLER directory.

The virus blocks ctrl alt delete
And it also blocks some other functions. I get a "disabled by administrator" message whenever I try to use it.

The fact that the computer has neither USB or internet access means I cannot upload a hijackthis log. I need some way to safely access the machine without corrupting the USB drive. This current computer has virus protection but I am not sure it will catch whatever infection is on the USB drive.

Any help with this is greatly appreciated.

Quick summary:
No internet access
Virus infects any drives inserted
No taskmanager

Edited by Ganryu, 19 June 2009 - 05:21 AM.

  • 0

Advertisements


#2
Ganryu

Ganryu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
It seems I am unable to edit my original post so I'm now making an update in this post.

I have now scanned the infected USB memory stick with mcafee. The following infections were detected:
Generic Downloader.x
Generic.dx
Generic!atr

The virus was in two exe files name runshell.exe and nshell.exe both hidden in a false RECYCLER directory and set to autorun in a file called autorun.inf. All files were in turn being protected internally on the other machine and could not be removed. That is, the virus infection on the main computer which is infected prevents files relating to itself to be removed. The RECYCLER directory could not be removed on that machine either.

I'm going to try and copy a version of hijackthis to that machine now and produce a log.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP