Help with this tuff little Bug ger

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • MAXIMUS01CAN
    Member
    Member
    • Dec 2003
    • 79

    Help with this tuff little Bug ger

    Howdy,

    Hope someone can advise. Here's the novel about my trials with this little bugger.

    Initial
    Appears as though my daughter got a little bugger on my box that's causing me some major grief......... Sympoms include slow logging into profiles and only displays wallpaper for quite a while, won't let AVAST update or download newer version, turns off the automatic updating from Windows Security and probably a couple other things that I havn't found out yet. The problem is I logged onto windows in safe mode with networking, downloaded updates for AVAST and Spybot Seach and destroy. Proceeded to run SS&D with several trojans found and one in particular I remenber was some sort of "Windows Update Bypass" something or other. Nuked all those, immunized with the new database. Then ran Avast and it found a couple others. Set a boot time scan and it found some more stuff and Avast deleted them all, but I think the little bugger is re-installing itself with all this crap since when I log on as it seems to be back just as before with slow log on, windows update turned off, trouble getting to Avast site etc. etc. Any thoughts on where I should go from here? Takes quite a while to run all those app's just to have it reinstall all the little buggers once again.

    TRy #1

    Took Chewy's advice on Malwarebytes post:

    Started up in safe mode with networking and a pop up showed itself saying I had infections and go here and download blah, blah, blah to clean...........strange as I've never seen malware pop up from safe mode.........I had downloaded the executable MWB setup file from a different box and installed. Even though I had an internet connection and the firewall configured to for MWB to access it wouldn't let me download the updates........strange........but I'm running MWB now with the initial install rules only, but I've downloaded the newest rules from a different box. I'll update when it's finished finding whatever it finds. At present it's looking as though there's 60 infected objects and counting. Whether it gets them all without the update I don't know, but I'll run again once I install the new rules........ Any angles on the apparent malware running in safe mode would be appreciated.

    Try #2

    Initial MWB run found 80 infected objects, looked at the quarantined items, made sure they ware all checked and clicked remove. Massage came up that Regedit had been disabled and will affect quarantining pricess, but also indicated that MWB anti-malware will now enable regedit. I rebooted as requested as there were some that would be nuked on the restart. Restarted normally, then shutdown and restarted in safe mode once again. At this point MWB was able to get out and download the updates.......After the second run it found an additional 10 items........Restarted normally and it appears as though the same BS is happening again. Windows firewall disabled, automatic updates disabled, AVAST wouldn't start up like it normally does, couldn't update AVAST........So restarted again in safe mode, uninstalled Avast, downloaded and reinstalled new version of Avast, updated detection files, and now running a scan and then I'll run MWB again........don't have much faith that this is going to nuke the little bugger though. If I can't get this little bugger out of there it's probably going to be easier and quicker just to reformat.........


    Thanks for your help in advance,

    Cheers,
    Max
  • doctorhardware
    Lord of Digital Video
    Lord of Digital Video
    • Dec 2006
    • 1907

    #2
    One thing turn off the system restore off. And when you are sure that you have gotten all the crap off your computer, turn system restore back on and create a new restore point.
    Star Baby Girl, Born March,1997 Died June 30th 2007 6:35 PM.

    Comment

    • MAXIMUS01CAN
      Member
      Member
      • Dec 2003
      • 79

      #3
      I have turned off system restore, but during the last MWB scan found 3 trojans again. Can't remember the exact names, but they were Hijack regedit and a couple others so something's reinstalling them when I boot up windows........normally or possibly even in safe mode........Removed those 3 and Avast is just doing a boot time scan now, but can't say I have a whole lot of confidence it's gonna be gone.

      Cheers,
      Max

      Comment

      • MilesAhead
        Eclectician
        • Nov 2006
        • 2615

        #4
        You might look into Rootkit removers and detectors. I haven't been plagued with one myself but if it keeps putting the malware back on as fast as you take it off it might be a rootkit.

        edit: also if the malware is interfering with the applications trying to rid you of it then you might have to boot a CD so that the software on the HD never starts. Might search for a Rescue CD with malware and rootkit removers.
        Last edited by MilesAhead; 26 Apr 2009, 05:49 AM.

        Comment

        • MAXIMUS01CAN
          Member
          Member
          • Dec 2003
          • 79

          #5
          I think I may have finally nuked the little bugger with an Avast scan in safe mode, another MWB scan and nuke and then a boot time Avast scan.........Avast is now running and Windows security stays enabled. I don't see any of the other issues that were obviously from malware either.

          Cheers and thanks for the help,

          Max

          Comment

          • gonwk
            Lord of Digital Video
            Lord of Digital Video
            • Dec 2005
            • 1500

            #6
            Originally Posted by MAXIMUS01CAN
            ... and then a boot time Avast scan...
            Hi Max,

            Is your Avast "Trial" version? And since I have never used Avast ... what is "Boot Time Avast"!?!?

            Thanks,

            G!

            Comment

            • PurpleDemon
              Digital Video Expert
              Digital Video Expert
              • Mar 2006
              • 716

              #7
              Originally Posted by gonwk
              Hi Max,

              Is your Avast "Trial" version? And since I have never used Avast ... what is "Boot Time Avast"!?!?

              Thanks,

              G!
              Hi G,

              I've used Avast for over a year now.

              Avast is freeware for home users. You just need to sign for a free registration key for a year at a time.

              Boot time scan means to scan for viruses etc. before windows loads up and before the viruses load.

              Comment

              • Chewy
                Super Moderator
                • Nov 2003
                • 18971

                #8
                Please download Malwarebytes Anti-Malware (v1.36) and save it to your desktop.
                alternate download link 1
                alternate download link 2
                If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
                • Make sure you are connected to the Internet.
                • Double-click on mbam-setup.exe to install the application.
                • When the installation begins, follow the prompts and do not make any changes to default settings.
                • When installation has finished, make sure you leave both of these checked:
                  • Update Malwarebytes' Anti-Malware
                  • Launch Malwarebytes' Anti-Malware
                • Then click Finish.
                MBAM will automatically start and you will be asked to update the program before performing a scan.
                • If an update is found, the program will automatically update itself.
                • Press the OK button to close that box and continue.
                • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
                On the Scanner tab:
                • Make sure the "Perform Quick Scan" option is selected.
                • Then click on the Scan button.
                • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
                • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
                • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
                • Click OK to close the message box and continue with the removal process.
                Back at the main Scanner screen:
                • Click on the Show Results button to see a list of any malware that was found.
                • Make sure that everything is checked, and click Remove Selected.
                • When removal is completed, a log report will open in Notepad.
                • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
                • Copy and paste the contents of that report in your next reply and exit MBAM.
                Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

                post those MBAM logs

                Comment

                • gonwk
                  Lord of Digital Video
                  Lord of Digital Video
                  • Dec 2005
                  • 1500

                  #9
                  Originally Posted by burrell84601
                  Hi G,

                  I've used Avast for over a year now.

                  Avast is freeware for home users. You just need to sign for a free registration key for a year at a time.

                  Boot time scan means to scan for viruses etc. before windows loads up and before the viruses load.
                  Hi Burrell ... THANKS.

                  Burrell ... when you say it does Boot Time Scan ... how do you envoke that feature so the program start the Scan in Boot time!?!?

                  Thanks,

                  G!

                  Comment

                  • PurpleDemon
                    Digital Video Expert
                    Digital Video Expert
                    • Mar 2006
                    • 716

                    #10
                    Hi G,

                    THIS explains it very well. Better than I could explain it. Good luck.

                    Comment

                    • gonwk
                      Lord of Digital Video
                      Lord of Digital Video
                      • Dec 2005
                      • 1500

                      #11
                      Hi Burrell,

                      You're My HERO!

                      Thanks,

                      G!

                      Comment

                      Working...