Quantcast

Maximum PC

It is currently Wed Aug 20, 2014 12:59 pm

All times are UTC - 8 hours




Post new topic Reply to topic  [ 21 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: Virus Keeps reinstalling on my computer
PostPosted: Sun Jul 10, 2011 8:23 am 
8086
8086

Joined: Sat Jun 25, 2011 8:39 am
Posts: 88
I think a virus is reinstalling itself on my computer. Can anyone take a look at my HiJack This log and tell me if theres anything suspicious? Its one of those virus' that tell you your computer is infected, tells you to buy this "Windows Defender" program to delete the infected files and disables every program. The way I delete it is to go into safe mode and run rkill.exe then run malawarebyts. That will seemingly delete the virus for a few days but it always comes back. I dont think I visit any sites that will infect me virus' so I think its a hidden virus.

HiJack This Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:18:14 PM, on 7/10/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:54646
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Justin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} (WebBrowserType Class) - https://pattcw.att.motive.com/wizlet/DS ... ller64.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.co ... 4.26.0.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Toshiba Laptop Checkup Application Launcher (Norton PC Checkup Application Launcher) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14912 bytes


Top
  Profile  
 
 Post subject: Re: Virus Keeps reinstalling on my computer
PostPosted: Sun Jul 10, 2011 10:34 am 
8086
8086

Joined: Thu Jun 30, 2011 5:56 pm
Posts: 6
Hey hous I was looking at your log and saw that you have BitTorrent. You may have got a bug from a torrent you downloaded.


Top
  Profile  
 
 Post subject: Re: Virus Keeps reinstalling on my computer
PostPosted: Sun Jul 10, 2011 7:51 pm 
Maximum SpaceBot
Maximum SpaceBot
User avatar

Joined: Fri Jul 16, 2004 7:30 pm
Posts: 20
Location: anywhere but home...
Try running msconfig -> Run: 'msconfig' ....

Look in the 'Startup' tab and see of what all is listed. Google anything that looks unusual... esp anything w/ just random letters.exe or similar. You may have a program that monitors the presence of the virus program and if not found, just replaces it at startup. Try disabling (unchecking) unusual entries and restart.... see if it (virus) still shows. Also, kill off any BHOs that you do not need in your browser... they waste resources (slows system) and may be part of something unwanted/harmful.

Google the virus name (if you can identify) and search for any related files. then you can maybe find a removal tool or instructions on how to remove it manually.

Hope this helps...

[PC]Pandelirium
http://www.pandelirium.net


Top
  Profile  
 
 Post subject: Re: Virus Keeps reinstalling on my computer
PostPosted: Sun Jul 10, 2011 8:45 pm 
Coppermine
Coppermine
User avatar

Joined: Mon Sep 01, 2008 3:03 pm
Posts: 626
ok open up hijackthis again and delete these entries all except for the first one are nasties.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

then update and run Malwarebytes

also it looks like you have 2 antivirus programs running..that is a big NO..NO.

either use Avast or Norton,but dont have them both running at the same time.

IMHO i would uninstall Norton..yea..yea i know theyve come along way,and aren't quite the resource hog they once were.

Honestly ive used Avast and Norton and didn't like either one.

i do however like Microsoft Security Essentials..you can get it from here http://www.microsoft.com/security/pc-security/mse.aspx

doesnt hurt to try it..who knows you might even like it..if you dont like it the uninstall function works flawlessly :wink:


Top
  Profile  
 
 Post subject: Re: Virus Keeps reinstalling on my computer
PostPosted: Mon Jul 11, 2011 5:05 am 
Sharptooth
Sharptooth

Joined: Mon Sep 21, 2009 6:11 pm
Posts: 371
Location: Powell Wyoming
1.Have you considered running TDSS killer? Some variants of alureon/TDSS/TDL(3-5... yes there is a 5 marked as a tdl4 variant) This sounds more like a rootkit, you obviously know what your doing with the actual viral files... but the system linked files may be another story
http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Kapersky did a good thing when they put this out, give it a shot, see what you get, if it is the newer TDL5 variant, nothing will detect it at this point and a manual fixbMBR/fixboot would need to be done, the new variant does latch onto the MBR as do many rootkits... If this proggy picks up a rootkit, you should be in the clear... if not, then checking the registry in the HKLM\software\microsoft\windows\currentversion\run and runonce and HKCU\software\microsoft\windows\currentversion\run

2.If this virus comes up... say when you run a program... its probably something like antivirus 2012... or a variant which latches ontu the registry(executables/ internet explorer shell commands) (this would hide in the prefetch as a 3 letter executable)

At that point you would have to break the registry inserting a "exe fix" to stop it, then run any exe you want without it opening(obviously not Internet explorer, you would have to clean the internet explorer shell still)

Mind you i think 2 is less likely as you can run Rkill and it magically disappears for a few days... its prob a rootkit, if i was a bettin man... thats what i would bet on


Top
  Profile  
 
 Post subject: Re: Virus Keeps reinstalling on my computer
PostPosted: Mon Jul 11, 2011 5:50 am 
Willamette
Willamette
User avatar

Joined: Sun Nov 21, 2004 7:26 am
Posts: 1458
You need to disable system restore before cleaning the virus out as it's hiding there and then reinfecting you.KOMMANDER


Top
  Profile  
 
 Post subject: Re: Virus Keeps reinstalling on my computer
PostPosted: Mon Jul 11, 2011 8:23 am 
Sharptooth
Sharptooth

Joined: Mon Sep 21, 2009 6:11 pm
Posts: 371
Location: Powell Wyoming
If that were the case, there are still many registries that need to be cleaned good sir, We would need to know the exact virus name and everything in order to resolve that... meaning a mass dump of your restore points wouldnt help... he would have internal errors that wouldnt pop up, but could cause problems


Top
  Profile  
 
 Post subject: Re: Virus Keeps reinstalling on my computer
PostPosted: Mon Jul 11, 2011 12:07 pm 
Little Foot
Little Foot

Joined: Wed Jul 07, 2004 1:16 pm
Posts: 173
Location: Chicago Metro
armyof1ne wrote:
If that were the case, there are still many registries that need to be cleaned good sir, We would need to know the exact virus name and everything in order to resolve that... meaning a mass dump of your restore points wouldnt help... he would have internal errors that wouldnt pop up, but could cause problems


A machine infected like this, you absolutely DO want to dump any restore points. Use SR to get to things, if it helps, while you're fighting the malware, then come cleaning time turn of SR and run the tools. You're right, there's clean up to do. So you turn off SR then you start the cleanup.

But as Kommander says, some malware can and do use SR to hide out and then re-establish itself after a cleanup.


Top
  Profile  
 
 Post subject: Re: Virus Keeps reinstalling on my computer
PostPosted: Mon Jul 11, 2011 12:33 pm 
Sharptooth
Sharptooth

Joined: Mon Sep 21, 2009 6:11 pm
Posts: 371
Location: Powell Wyoming
Without him knowing all the information on the virus, killing the SR will do nothing but make the process much longer... those executables do not put the reg information in... hell most viruses are pathetically coded... but some of the newer ones are becoming quite difficult to fully remove... Knowing the linking files in the SR will point to others, down the line til you get full removal, Especially when code is hidden within shell commands and everything else, it would create alot of time in searching the registry manually instead of having something to go off of...


Top
  Profile  
 
 Post subject: Re: Virus Keeps reinstalling on my computer
PostPosted: Mon Jul 11, 2011 3:24 pm 
8086
8086

Joined: Sat Jun 25, 2011 8:39 am
Posts: 88
I just had it reinstall.

I closed it before the "malware scan" started. Here is what rkill found.

C:\Users\Justin\AppData\Local\Temp\0.02738909426105529.exe

Avast also had an alert that it blocked trojan horse 0.02738909426105529.exe, but it installed itself on my computer anyways.


Top
  Profile  
 
 Post subject: Re: Virus Keeps reinstalling on my computer
PostPosted: Mon Jul 11, 2011 8:10 pm 
Sharptooth
Sharptooth

Joined: Mon Sep 21, 2009 6:11 pm
Posts: 371
Location: Powell Wyoming
hous wrote:
I just had it reinstall.

I closed it before the "malware scan" started. Here is what rkill found.

C:\Users\Justin\AppData\Local\Temp\0.02738909426105529.exe

Avast also had an alert that it blocked trojan horse 0.02738909426105529.exe, but it installed itself on my computer anyways.

Did this happen after running the tdss killer and mbr fix and all that posted above?


Top
  Profile  
 
 Post subject: Re: Virus Keeps reinstalling on my computer
PostPosted: Tue Jul 12, 2011 2:38 pm 
Thunderbird
Thunderbird
User avatar

Joined: Sun Dec 30, 2007 6:17 pm
Posts: 841
Location: Phoenix, AZ
IMHO: Pay someone to remove it or wipe the drive (the best soln.). If it shows up a week later, look in a mirror.


Top
  Profile  
 
 Post subject: Re: Virus Keeps reinstalling on my computer
PostPosted: Wed Jul 13, 2011 7:12 pm 
8086
8086

Joined: Sat Jun 25, 2011 8:39 am
Posts: 88
1. TDSS scan found nothing.
2. I clicked the "Fix" button on HiJack This and it said it deleted the files that dtischerd recommended, however when I run the HiJack This scan a second time, they are still there. Is there a delay or something?
3. I didnt mess with SR

After I deleted the registery files with HiJack This I ran a scan of Malawarebytes and it found 3 infections. I have never seen these infections but I quarentined them.

We'll see how the laptop fares.

Thanks for all your help.


Top
  Profile  
 
 Post subject: Re: Virus Keeps reinstalling on my computer
PostPosted: Wed Jul 13, 2011 7:13 pm 
8086
8086

Joined: Sat Jun 25, 2011 8:39 am
Posts: 88
armyof1ne wrote:
hous wrote:
I just had it reinstall.

I closed it before the "malware scan" started. Here is what rkill found.

C:\Users\Justin\AppData\Local\Temp\0.02738909426105529.exe

Avast also had an alert that it blocked trojan horse 0.02738909426105529.exe, but it installed itself on my computer anyways.

Did this happen after running the tdss killer and mbr fix and all that posted above?


It was before, but Im caught up now on trying everything. Only time will tell if the virus comes back.


Top
  Profile  
 
 Post subject: Re: Virus Keeps reinstalling on my computer
PostPosted: Mon Jul 18, 2011 8:21 am 
Willamette
Willamette
User avatar

Joined: Sat Jul 03, 2004 6:19 am
Posts: 1420
Location: Malware Removal GOD
Run combofix


Top
  Profile  
 
 Post subject: Re: Virus Keeps reinstalling on my computer
PostPosted: Mon Jul 18, 2011 9:05 am 
Coppermine
Coppermine
User avatar

Joined: Mon Sep 01, 2008 3:03 pm
Posts: 626
i didnt think Combofix worked with Win7.


Top
  Profile  
 
 Post subject: Re: Virus Keeps reinstalling on my computer
PostPosted: Mon Jul 18, 2011 9:29 am 
Coppermine
Coppermine
User avatar

Joined: Mon Sep 01, 2008 3:03 pm
Posts: 626
hmm..guess it does..my bad :shock:


Top
  Profile  
 
 Post subject: Re: Virus Keeps reinstalling on my computer
PostPosted: Mon Jul 18, 2011 12:56 pm 
Sharptooth
Sharptooth

Joined: Mon Sep 21, 2009 6:11 pm
Posts: 371
Location: Powell Wyoming
"Know thine enemy" I personally dont like using tools, except for removing linking files... i manually destroy them so they cant activate due to the fact that alot of the new ones hide from scanners for the first few weeks... some old tdl4 variants are still not detected... along with 1000 different others across 10 different scanners... Manual will always be the best way to remove viruses


Top
  Profile  
 
 Post subject: Re: Virus Keeps reinstalling on my computer
PostPosted: Tue Jul 19, 2011 5:44 pm 
Thunderbird
Thunderbird
User avatar

Joined: Sun Dec 30, 2007 6:17 pm
Posts: 841
Location: Phoenix, AZ
hous wrote:
It was before, but Im caught up now on trying everything. Only time will tell if the virus comes back.


If it does, nuke the drive: Kill all partitions, recreate a partition and quick reformat.. It is the only way to be 100% sure.


Top
  Profile  
 
 Post subject: Re: Virus Keeps reinstalling on my computer
PostPosted: Tue Jul 19, 2011 5:49 pm 
Thunderbird
Thunderbird
User avatar

Joined: Sun Dec 30, 2007 6:17 pm
Posts: 841
Location: Phoenix, AZ
armyof1ne wrote:
"Know thine enemy" I personally dont like using tools, except for removing linking files... i manually destroy them... Manual will always be the best way to remove viruses


amen

Process Explorer, Autoruns and a couple of other cleanup editors are my friends. Nothing escapes the spamish inquisition. ;-)

usually


Top
  Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 21 posts ]  Go to page 1, 2  Next

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 19 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group