[BlkTebow]

Well hey G2G folks!! I have a problem the malware that I removed is now BACK AND WORSE than EVER seems like I couldn't get a fellow Tech to reopen my last topic so I'm going to start another one so maybe the next tech that help will not be as slow as the last one here's a list of the things that's going on:

1)Redirects from webpages *when I click on a site in my task bar it goes to google w/ the webpage and the results instead of going straight to the webpage* & Whenever I go to find a online Virus Scanner like on Avg.com or Kaspersky.com and click on them it NEVER goes to the site EVER not even if I manually type them in the task bar... but when I go to ebay.com or Facebook.com it works fine

2)Pop up from different sites if they are really sites

3)This Security Tool programs that runs 24/7 when I load my computer in NOrmal Mode *it never stops!!!!

4)There's also a red circle w/ a X in it and it keeps putting random pop ups about my system is infected and that worms are trying to steal my credit card info and financial info.

5)there's a HUGE Black box w/ red writing w/ it on my desktop that I CAN NOT Get rid of that says *YOUR SYSTEM IS INFECTED*

6)Windows Blue screen Stop codes which are the following: 0X0000007B (0XF8A54528, 0XC0000034, 0X00000000, 0X00000000)

Page_fault_in_Nonpaged_area

0X00000050 (0XF21EC8D7, 0X00000000, 0XF21EC8D7, 0X00000000)

7)I CAN NOT load windows in the Safe Mode or Safe Mode w/ Networking b/c when I do each and everytime it goes straight to the Blue Screen Stop Codes

8)I CAN NOT even Load new Anti-Virus in Normal Mode or Safe Mode it just doesn't install I've installed it on another computer to test it and it works on other computers.

9)I can not request ctrl + atl + Delete for the task manager to kill the random webpages that come up it keeps saying in Normal Mode and even in the Windows Directory Safe Mode that the task manager has been disabled by the Administrator

10)Lastly I can only load windows in Normal Mode *w/ all of the notifications popping up and I can't really run ANYTHING at all, but I'm running windows in the Windows Directory Safe Mode.

Plz help ASAP b/c the last time I posted this topic I literally said plz help before my computer completely runs down and it DID!!! thx

SUPER!!!

[Advertisements]

Oh yah 1 last thing it's 2 am and I keep hearing LOU RAWLS playing through my computer *now I have some Lou Rawls in my music folder....but it's on my external harddrive w/ all my other music.....* + a bunch of other random things!!!???? I'm confused now!!

[BlkTebow]

Oh yah 1 last thing it's 2 am and I keep hearing LOU RAWLS playing through my computer *now I have some Lou Rawls in my music folder....but it's on my external harddrive w/ all my other music.....* + a bunch of other random things!!!???? I'm confused now!!

[chamber]

Hi,

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link HERE
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

[BlkTebow]

Hey Chamber thx for the help although I followed each and every step just like my last topic on this forum whenever I run ComboFix this pops up even when I redownload the file and try running it again:


!! Alert !! It is not safe to Continue!
The contents of Combofix package has been Compromised.
Please Download a Fresh Copy from:
http://www.bleepingc...to-use-combofix

Note: You may be infected with a file patching virus 'Virut'

Edited by BlkTebow, 04 November 2009 - 09:45 AM.

[chamber]

Hi,

• Make sure to use Internet Explorer for this
• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
  
  
  • c:\windows\system32\userinit.exe
• Click on the Upload button
• If a pop-up appears saying the file has been scanned already, please select the ReScan button.
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

Can you also please scan these files,

C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe

[BlkTebow]

File information
File Name : userinit.exe
File Size : 46592 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : c790813bf714941cdbd8046a31b47b79
SHA1 : e58f570a42845d19b9199806c8dcc6a6e1eeab55
Scanner results
Scanner results : 41% Scanner(s) (15/37) found malware!
Time : 2009/11/04 09:38:33 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
a-squared 4.5.0.8 20091104213127 2009-11-04 - 0.079
AhnLab V3 2009.11.05.00 2009.11.05 2009-11-05 - 0.079
AntiVir 8.2.1.53 7.1.6.189 2009-11-04 W32/Virut.Gen 0.136
Antiy 2.0.18 20091104.3209957 2009-11-04 - 0.118
Arcavir 2009 200911041238 2009-11-04 - 0.040
Authentium 5.1.1 200911041337 2009-11-04 W32/Virut.AI!Generic (Heuristic) 1.181
AVAST! 4.7.4 091104-0 2009-11-04 Win32:Vitro 0.007
AVG 8.5.288 270.14.49/2480 2009-11-04 Win32/Virut 0.507
BitDefender 7.81008.4481134 7.28738 2009-11-04 Win32.Virtob.Gen.12 3.887
CA (VET) 35.1.0 7101 2009-11-03 - 0.082
ClamAV 0.95.2 9984 2009-11-04 - 0.015
Comodo 3.12 2837 2009-11-04 - 0.079
CP Secure 1.3.0.5 2009.11.04 2009-11-04 - 0.054
Dr.Web 4.44.0.9170 2009.11.04 2009-11-04 Win32.Virut.56 6.335
F-Prot 4.4.4.56 20091104 2009-11-04 Possible W32/Virut.AI!Generic 1.194
F-Secure 7.02.73807 2009.11.04.12 2009-11-04 Virus.Win32.Virut.ce [AVP] 2.002
Fortinet 2.81-3.120 11.20 2009-11-04 - 0.082
GData 19.8720/19.535 20091104 2009-11-04 - 0.081
Ikarus T3.1.01.74 2009.11.04.74452 2009-11-04 Gen.Malware 3.988
JiangMin 11.0.800 2009.11.03 2009-11-03 - 0.082
Kaspersky 5.5.10 2009.11.04 2009-11-04 Virus.Win32.Virut.ce 0.064
KingSoft 2009.2.5.15 2009.11.4.20 2009-11-04 - 0.080
McAfee 5.3.00 5791 2009-11-03 W32/Virut.n.gen 3.463
Microsoft 1.5202 2009.11.04 2009-11-04 - 0.082
Norman 6.01.09 6.01.00 2009-11-04 W32/Virut.DX 2.008
nProtect 20091104.02 6101314 2009-11-04 - 0.080
Panda 9.05.01 2009.11.03 2009-11-03 - 0.081
Quick Heal 10.00 2009.11.04 2009-11-04 - 0.081
Rising 20.0 21.54.24.00 2009-11-04 - 0.082
Sophos 3.00.1 4.46 2009-11-04 W32/Scribble-B 2.883
Sunbelt 5486 5486 2009-11-03 - 0.080
Symantec 1.3.0.24 20091031.035 2009-10-31 - 0.004
The Hacker 6.5.0.2 v00060 2009-11-03 - 0.082
Trend Micro 8.700-1004 6.604.01 2009-11-04 PE_VIRUX.J 0.038
VBA32 3.12.10.11 20091103.1333 2009-11-03 - 2.096
ViRobot 20091104 2009.11.04 2009-11-04 - 0.082
VirusBuster 4.5.11.10 10.113.7/2002497 2009-11-04 Win32.Virut.AB.Gen 3.203
■Heuristic/Suspicious ■Exact
NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.

[BlkTebow]

File information
File Name : explorer.exe
File Size : 1054208 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : f1069ed57d5f94afc38567353e3dfd96
SHA1 : 2c803374b584b347ceb86329b034048814a57c83
Scanner results
Scanner results : 41% Scanner(s) (15/37) found malware!
Time : 2009/11/04 09:44:26 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
a-squared 4.5.0.8 20091104213127 2009-11-04 - 0.081
AhnLab V3 2009.11.05.00 2009.11.05 2009-11-05 - 0.080
AntiVir 8.2.1.53 7.1.6.189 2009-11-04 W32/Virut.Gen 0.521
Antiy 2.0.18 20091104.3209957 2009-11-04 - 0.120
Arcavir 2009 200911041238 2009-11-04 - 0.062
Authentium 5.1.1 200911041337 2009-11-04 W32/Virut.AI!Generic (Heuristic) 1.208
AVAST! 4.7.4 091104-0 2009-11-04 Win32:Vitro 0.055
AVG 8.5.288 270.14.49/2480 2009-11-04 Win32/Virut 0.424
BitDefender 7.81008.4481134 7.28738 2009-11-04 Win32.Virtob.Gen.12 3.905
CA (VET) 35.1.0 7101 2009-11-03 - 0.080
ClamAV 0.95.2 9984 2009-11-04 - 0.169
Comodo 3.12 2837 2009-11-04 - 0.080
CP Secure 1.3.0.5 2009.11.04 2009-11-04 - 0.412
Dr.Web 4.44.0.9170 2009.11.04 2009-11-04 Win32.Virut.56 6.376
F-Prot 4.4.4.56 20091104 2009-11-04 Possible W32/Virut.AI!Generic 1.196
F-Secure 7.02.73807 2009.11.04.12 2009-11-04 Virus.Win32.Virut.ce [AVP] 0.121
Fortinet 2.81-3.120 11.20 2009-11-04 - 0.080
GData 19.8720/19.535 20091104 2009-11-04 - 0.081
Ikarus T3.1.01.74 2009.11.04.74452 2009-11-04 Trojan.Win32.Patched 3.996
JiangMin 11.0.800 2009.11.03 2009-11-03 - 0.080
Kaspersky 5.5.10 2009.11.04 2009-11-04 Virus.Win32.Virut.ce 0.065
KingSoft 2009.2.5.15 2009.11.4.20 2009-11-04 - 0.080
McAfee 5.3.00 5791 2009-11-03 W32/Virut.n.gen 3.470
Microsoft 1.5202 2009.11.04 2009-11-04 - 0.081
Norman 6.01.09 6.01.00 2009-11-04 W32/Virut.DX 2.004
nProtect 20091104.02 6101314 2009-11-04 - 0.079
Panda 9.05.01 2009.11.03 2009-11-03 - 0.081
Quick Heal 10.00 2009.11.04 2009-11-04 - 0.080
Rising 20.0 21.54.24.00 2009-11-04 - 0.080
Sophos 3.00.1 4.46 2009-11-04 W32/Scribble-B 2.915
Sunbelt 5486 5486 2009-11-03 - 0.080
Symantec 1.3.0.24 20091031.035 2009-10-31 - 0.004
The Hacker 6.5.0.2 v00060 2009-11-03 - 0.079
Trend Micro 8.700-1004 6.604.01 2009-11-04 PE_VIRUX.J 0.040
VBA32 3.12.10.11 20091103.1333 2009-11-03 - 2.105
ViRobot 20091104 2009.11.04 2009-11-04 - 0.080
VirusBuster 4.5.11.10 10.113.7/2002497 2009-11-04 Win32.Virut.AB.Gen 3.630
■Heuristic/Suspicious ■Exact
NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.

[BlkTebow]

File information
File Name : svchost.exe
File Size : 34816 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : dea3ab80e4ec0d5b6c7d3e7e120fab5d
SHA1 : a14c15a7aa00424a48a6f150c83fd6df08667b87
Scanner results
Scanner results : 35% Scanner(s) (13/37) found malware!
Time : 2009/11/04 09:46:36 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
a-squared 4.5.0.8 20091104213127 2009-11-04 - 0.079
AhnLab V3 2009.11.05.00 2009.11.05 2009-11-05 - 0.079
AntiVir 8.2.1.53 7.1.6.189 2009-11-04 W32/Virut.Gen 0.353
Antiy 2.0.18 20091104.3209957 2009-11-04 - 0.120
Arcavir 2009 200911041238 2009-11-04 - 0.040
Authentium 5.1.1 200911041337 2009-11-04 W32/Virut.AI!Generic (Heuristic) 1.193
AVAST! 4.7.4 091104-0 2009-11-04 Win32:Vitro 0.006
AVG 8.5.288 270.14.49/2480 2009-11-04 Win32/Virut 0.456
BitDefender 7.81008.4481134 7.28738 2009-11-04 Win32.Virtob.Gen.12 3.891
CA (VET) 35.1.0 7101 2009-11-03 - 0.079
ClamAV 0.95.2 9984 2009-11-04 - 0.013
Comodo 3.12 2837 2009-11-04 - 0.079
CP Secure 1.3.0.5 2009.11.04 2009-11-04 - 0.054
Dr.Web 4.44.0.9170 2009.11.04 2009-11-04 Win32.Virut.56 6.337
F-Prot 4.4.4.56 20091104 2009-11-04 Possible W32/Virut.AI!Generic 1.186
F-Secure 7.02.73807 2009.11.04.12 2009-11-04 Virus.Win32.Virut.ce [AVP] 8.877
Fortinet 2.81-3.120 11.20 2009-11-04 - 0.079
GData 19.8720/19.535 20091104 2009-11-04 - 0.079
Ikarus T3.1.01.74 2009.11.04.74452 2009-11-04 - 4.053
JiangMin 11.0.800 2009.11.03 2009-11-03 - 0.081
Kaspersky 5.5.10 2009.11.04 2009-11-04 Virus.Win32.Virut.ce 0.065
KingSoft 2009.2.5.15 2009.11.4.20 2009-11-04 - 0.080
McAfee 5.3.00 5791 2009-11-03 W32/Virut.n.gen 3.462
Microsoft 1.5202 2009.11.04 2009-11-04 - 0.081
Norman 6.01.09 6.01.00 2009-11-04 - 2.007
nProtect 20091104.02 6101314 2009-11-04 - 0.081
Panda 9.05.01 2009.11.03 2009-11-03 - 0.079
Quick Heal 10.00 2009.11.04 2009-11-04 - 0.079
Rising 20.0 21.54.24.00 2009-11-04 - 0.080
Sophos 3.00.1 4.46 2009-11-04 W32/Scribble-B 2.904
Sunbelt 5486 5486 2009-11-03 - 0.079
Symantec 1.3.0.24 20091031.035 2009-10-31 - 0.003
The Hacker 6.5.0.2 v00060 2009-11-03 - 0.078
Trend Micro 8.700-1004 6.604.01 2009-11-04 PE_VIRUX.J 0.038
VBA32 3.12.10.11 20091103.1333 2009-11-03 - 1.965
ViRobot 20091104 2009.11.04 2009-11-04 - 0.079
VirusBuster 4.5.11.10 10.113.7/2002497 2009-11-04 Win32.Virut.AB.Gen 3.087
■Heuristic/Suspicious ■Exact
NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.

[chamber]

I hate to be the bearer of bad news,

You are infected with a polymorphic file infector. This infection can and will infect all the machine's executable files .exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.

Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain .exe, .scr, .rar, .zip, .htm, .html files.

• Backup all your documents and important items only.
• DO NOT backup any executable files (,exe .scr .html or .htm)
• DO NOT back up compressed files (zip/cab/rar) that may contain .exe or .scr files
• Reformat and Reinstall as outlined HERE

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

[BlkTebow]

Well God Dang chamber LOL wow I knew it was bad man but not this freaking bad ok then I'll follow that reformat and reinstall link how long do you think it will take?? Oh also yah I do banking and paypal and all of that on my laptop but I haven't had a problem w/ someone stealing my money or identity over the net but I will def. do all that you say in changing my pw's and stuff thx!!

[BlkTebow]

oh one last thing chamber before I get this party started I have some files on my external harddrive like limewire/itunes etc do I need to delete all of that stuff as well since they are exe files??

[chamber]

You would be best doing that.

As for the Limwire, ditch it completely, more than likely the reason you became infected.

If the reformat goes well it shouldn't take too long, i'll keep this thread open until you give me the ok.

Sorry again,

[BlkTebow]

AWESOME yah I'm fixing to go to school right now to the library and start working on it!!! As for the Limwire man I haven't used that thing in 6 or 7 months never had this problem until about 2 months ago but I'll def. ditch it! thx again CHAMBER ur the best brother!!

[chamber]

Ok.

Let me know how it goes.

[BlkTebow]

Hey chamber since my computer didn't come w/ a reinstallation disc do you think I can still do a fresh install w/ a installation disc that has SP3 instead of SP2??? I don't have the disc but one of my friends do.