Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Fighting a Sophisticated malware for weeks [Closed]

persistent malware

  • This topic is locked This topic is locked

#1
Virussker

Virussker

    New Member

  • Member
  • Pip
  • 1 posts

Hello everyone. I am an experienced user, hanging around since good old Windows 3.1 / MSDOS times.. But all my experiences yielded nothing against this [bleep] malware I got.. I reinstalled Windows at least 50 times, while trying some Linux distros. The malware infects newly created bootdisks, not limiting to Windows, also including most Linux distros! It is also spreading over network. [bleep], it even added some fake devices to my BIOS, making a complete HDD Wipe useless.. Not to mention it is  capable of perfectly hiding itself, turning most of Antivirus software useless.

There should be a way to get out that [bleep] thing out of my home network! I need your expertise please..

 

PS: It creates a proxy server on infected machines, making hundreds of PCs connect to Internet through your IP.

.

I am ready to attach any logs you prefer.


  • 0

Advertisements


#2
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I wanted to preface my Greeting (below) with a few thoughts.  I'm certainly willing to try and help you, but we have to go about this in a measured manner. By way of example, I can't clean multiple machines on a network, with shares, all at the same time. So, let's start with one (1) machine, connected to the Internet or not is fine, but not connected to an infected network or using infected file shares, etc.  

 

Assuming that your in agreement with this, then pick one machine and we'll work on that and see how it goes.

 

Hi there Virussker, wavey.gif.pagespeed.ce.4AQn4GwL8t.gif Welcome back to the forums!
welcome.gif.pagespeed.ce.jM2aDq5TfO.gif. My name is Biscuithd and I will be assisting you with your Computer issues.

I know how upsetting it can be when one's computer is experiencing problems. I will try to help get things squared away. For a start please make sure that you...

  • Carefully read every post completely before doing anything.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • Do not run any other scans or other software on your computer unless asked as it may make this repair more difficult.

Ok, let's get started.

 

I saw your posted OTL scan. You should also have a file called Extras.txt that was produced at the same time that OTL.txt was produced. I you have that, please post it. I you don't, I'll need you to re-run OTL to produce the file. And, it you're going to re-run OTL, I'd like you to do it a little differently than you did the first time. There are instructions for a Custom script below along with instructions. Do this ONLY if you can't find the Extras.txt.

 

Download 'OTL by OldTimer' and save it to your desktop or move your existing copy into the said location.

  • Simply double-click the program icon to run it. It will ask for administrator privileges.

    SNBlQhy.png.pagespeed.ce.2gZp1nIL3G.png
  • Copy and paste the following into the Custom Scans/Fixes box:

 

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C
/md5start
rpcss.dll
/md5stop
CREATERESTOREPOINT

 

  • Click Run Scan.
  • Files are being searched and it may take some time. Once done, two Notepad windows will appear, named OTL.txt and Extras.txt.
  • Alternatively, you can also find these at your desktop.
  • Copy and paste (CTRL + A and CTRL + C) the content of these logs in your next reply.

  • 0

#3
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP