Author Topic: PLease HELP!!! (Read 8723 times)

MA · « **on:** July 16, 2009, 06:45:17 AM »

I have a laptop xp home edition:

This virus or whatever it is"

Does NOT let me use "safe mode"
Does NOT let me use my anti virus program
Does NOT let me use "system restore"
Does NOT let me download anything....it starts to but doesn't finish.

When I tried to delete something, it said that "I" do NOT have administrator rights of this computer....which is not the case.

I tried last night to go to:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

It took a while, but when I got to the page, it only said "0 % downloaded", it never moved off from the 0%.

Usually when I start up my computer, I have about 5-10 minutes to do something before the computer shuts down, only to restart again. This can go on and on . If I am quick, I can use some of my email program...until that shuts down. Even skype, but no programs that have to do with computer security.
But, I was able to do a scan with "AdAware", it said that I found some infections, and when I clicked to see these "bubbly looking icons", the infections where called "Windows". I thought it was a trick, and so I didn't want to delete them.

Please help!!!!

GR@PH;<'S · « **Reply #1 on:** July 16, 2009, 07:40:37 AM »

MA,
Please can you try at least two if not more of these On-line scans

Nod32
Kaspersky
Panda
TrendMicro
Bit Defender
Symantec
McAfee
CyberTechHelp
PC Pitstop
Stinger
Once you have done and removed any nasties that are found please see if you can then download ATF Cleaner by Atribune from. If so then save it to your Desktop.

Run ATF Cleaner

Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Shutdown/restart the computer.

Then please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad.

Please save it to a convenient location.
The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt

Please post contents of that file in your next reply.

GR@PH;<'S :Hammys pint:

Eric the Red · « **Reply #2 on:** July 16, 2009, 07:49:42 AM »

Hi MA and welcome

This sounds fairly drastic so I am going to propose a heavyweight solution to get you into a more stable position so we can work on you.

Find a friend, neighbour, colleague with a healthy computer and a DVD/CD-ROM writer.
Have them burn the following image file to a CD-ROM:-

http://dl1.pro.antivir.de/package/rescue_system/common/en/rescue_system-common-en.iso

Ensure that your laptop will boot up from CD (you may need to change the bootup order in the BIOS settings)

Insert the CD-ROM and boot the laptop from it. Follow the prompts and let the tool scan and clean your machine. When finished remove the CD and reboot the machine, post back here when you have completed that task.

MA · « **Reply #3 on:** July 16, 2009, 12:17:04 PM »

Quote

(you may need to change the bootup order in the BIOS settings)

Any help on how to do this???

Thanks

MA · « **Reply #4 on:** July 16, 2009, 06:09:28 PM »

Eric,

I am doing the scan as you said. My laptop did boot up from the disk. I am still in the middle of the scan but I see that my computer is full of the
"Windows Virus w32/Sality.Y"

MA · « **Reply #5 on:** July 16, 2009, 06:25:40 PM »

My antivirus disk is still scanning however, I think I forgot to choose the English button if there was one. Anway I think it is in Dutch??

Can anyone transalate for me the following words into English:

Funde: 541

Warnungen: 1

Durchsuchte Verzeichnisse"

Thanks...I hope I will understand the prompts to destroy these critters.

MA · « **Reply #6 on:** July 16, 2009, 07:14:24 PM »

Quote

Follow the prompts and let the tool scan and clean your machine. When finished remove the CD and reboot the machine, post back here when you have completed that task.

I don't understand. I did the entire scan successfuly, but there were NO promts to disinfect or clean anything.

At the end of the scan, the log stated how many viruses it found, and it also stated "0" removed "0" quarantined. etc. I can't believe it didn't remove or clean up anything. It seemed to have just finished the scan, and that was all.

MA · « **Reply #7 on:** July 16, 2009, 07:18:33 PM »

Quote

Follow the prompts and let the tool scan and clean your machine. When finished remove the CD and reboot the machine, post back here when you have completed that task.

I don't understand. I did the entire scan successfuly, but there were NO promts to disinfect or clean anything.

At the end of the scan, the log stated how many viruses it found, and it also stated "0" removed "0" quarantined. etc. I can't believe it didn't remove or clean up anything. It seemed to have just finished the scan, and that was all. No other prompts.

It found alot of the "Windows Virus (w32/sality.Y),and also VBS scriopt virus (VBS/Autorun.AGY) Trojan horse (TR/Crypt.ZpACK.GEN), Trojan Horse Downloader (TR/DownLoader.Gen), Dangerous Backdoor Program (BDS/Backdoor.GEN), Backdoor Server Program, Trojan Horse TR/spy.Gen...

What should I do now???

MA · « **Reply #8 on:** July 16, 2009, 07:27:59 PM »

I am scanning all over again. I see that "before" the scan I was supposed to open up the "configuration" button in order to choose, "fix infected files"... It is also now in English.....

MA · « **Reply #9 on:** July 16, 2009, 09:52:40 PM »

I finished the scan.

In addition to what I had written above; i.e .It found alot of the "Windows Virus (w32/sality.Y),and also VBS scriopt virus (VBS/Autorun.AGY) Trojan horse (TR/Crypt.ZpACK.GEN), Trojan Horse Downloader (TR/DownLoader.Gen), Dangerous Backdoor Program (BDS/Backdoor.GEN), Backdoor Server Program, Trojan Horse TR/spy.Gen...

I also had many many (worm/VB.AS.53)- These could not be removed so the program changed their file names. There was also a large section that it said it could NOT scan since it is encrypted?

What's next?

MA · « **Reply #10 on:** July 16, 2009, 10:29:54 PM »

Here is the update:

Inspite of using this rescue system, and all of the window viruses removed, etc. (the worms had their file names changed), my computer is functioning NO better than it was before. I tried going to the site for the ATF cleaner....I can't download, I only get "0"% downloaded....then the sytem shuts down again. No change? Help!

GR@PH;<'S · « **Reply #11 on:** July 17, 2009, 07:41:52 AM »

MA,
Not that it matters now as you have rescaned but it was Greman the first time

Quote

I think it is in Dutch

Found: 541
Warnings: 1
Searched Directories
-
Can you download ATF Cleaner, Malwarebytes' Anti-Malware and HijackThis to a CD on a friends PC then put them on your PC that way and then run then as in ATF 1st then MBAM [Note you will not be able to update it at this stage] making sure that you run a full scan.
Then please run HJT and post both log files here,
The MBAM log can be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt

GR@PH;<'S

MA · « **Reply #12 on:** July 17, 2009, 09:48:32 AM »

Thank you for answering me. I was wondering where everyone went.

I did download, ATF, and malwarebytes to a cd, and I DID manage to run the programs BEFORE my laptop shut down. BUT, event though they found tons of infections. worms, trojans, password stealer, rogue multiple, etc, and it did say they deleted everything, BUT still big problems. When I reboot, about 12 windows come up that " this program can't do this, and you can send a report, or debug, and then another window, that "this program........" debut,and/or send report etc.. Like a deck of cards each one comes up on top of the other one.
I can't send you my log, since it is in the infected computer, and it is just not up for such a task. Any other ideas?

MA · « **Reply #13 on:** July 17, 2009, 10:32:48 AM »

UPDATE:

I am doing once again this dl1 pro.antivirus.rescuesytem that boots up my computer via the CD.

It has found alot of this worm/VB.AS.53

and after each find it says,

"Alert, contains detection patter of the worm/VB.AS.53.....NOT REMOVEABLE."

MA · « **Reply #14 on:** July 17, 2009, 10:35:53 AM »

So far I see about 152 of these, "Alert, contains detection patter of the worm/VB.AS.53.....NOT REMOVEABLE."

Then of course there is the entire section that was not scanned because it is encrypted.

Any ideas friends?

LandzDown Forum

News:

Author Topic: PLease HELP!!! (Read 8723 times)

MA

PLease HELP!!!

GR@PH;<'S

Re: PLease HELP!!!

Eric the Red

Re: PLease HELP!!!

MA

Re: PLease HELP!!!

MA

Re: PLease HELP!!!

MA

Re: PLease HELP!!!

MA

Re: PLease HELP!!!

MA

Re: PLease HELP!!!

MA

Re: PLease HELP!!!

MA

Re: PLease HELP!!!

MA

Re: PLease HELP!!!

GR@PH;<'S

Re: PLease HELP!!!

MA

Re: PLease HELP!!!

MA

Re: PLease HELP!!!

MA

Re: PLease HELP!!!