Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Renos, Fakeinit, Virtumonde, Rogue


  • Please log in to reply

#1
SF-67

SF-67

    New Member

  • Member
  • Pip
  • 2 posts
My husband's PC got infected earlier this week with multiple trojans. Win Defender identified the main ones as Renos and Fakeinit, and Spyware Dr. said it also found Virtumonde and a Rogue AntiSpyware which showed up on his machine as a "product" called Advanced Virus Removal. We did a great deal of trial and error before we found this site and followed your guide to malware removal (thank you!).

Although Defender and MBAM scans come up clean, the PC is unstable and crashes several times a day. I'm not sure if we still have some trojans, or if they're tweaks that were left behind, or something we did inadvertently while trying to remove the malware.

Below is a list of problems we've found so far:
  • System Restore was turned off (turned on now, but all previous SR points seem to be deleted - do not exist in Sys Vol Info)
  • Cannot boot in Safe Mode - just reboots before reaching Windows
  • Cannot run Chkdsk from CMD window - "cannot open volume for direct access". We even used msconfig to boot without services & startup programs, but chkdsk will not run in any way from CMD window
  • We modified the registry (Autocheck autochk /p \??\C:) to try to force chkdsk to run at boot up and it did try, but didn't appear to complete the process
  • Used Recovery Console to run "chkdsk /r" and it did fix some problems, but "chkdsk /p" says there are still more errors
  • Ran FixMBR from Recovery Console but it said it was Non-Standard or Invalid and that partitions could be damaged, so we did not proceed
  • We've also run SFC/scannow, but there was no noticeable improvement
  • Last but not least are the numerous system crashes that appear to be caused by the video driver, but I'm not sure that is the culprit, or at least not entirely. At first, we had the PC set to reboot after errors so we missed some of the messages, but since then we've seen "Page Fault in Non Paged Area" and "Driver IRQL Not Less or Equal" in addition to numerous "Mini-xxx.dmp" and "Sysdata.xml" messages. But the video driver is the same one he's been using for 1.5 years, so it's not new to the system. We did notice after the trojan attack that the version number and version date of the video driver did not match what we knew the numbers to be. We have uninstalled and reinstalled the driver, twice now, and version and date show correctly but the system continues to crash several times a day. We've also changed to other driver versions but still have multiple crashes. Oddly, we get the fewest crashes when using the generic Windows VGA driver but performance is very sluggish, of course.
I know there are a lot of problems here to address and it may not be possible to fix them all, but I'd be grateful if any of you good folks could give me some suggestions of things to try. I've been trying to address the problems individually and had very little success on my own.

Please let me know if I should put this in a different forum. Thanks in advance for any help you can provide.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP