-
January 7th, 2009, 07:20 PM
#1
odd trojans
So ive been having some issues with my computer. It started about 2 days ago, i was surfing the web and i got hit. my computer started spamming pop ups and my icons and start bar dissapeared. since i have ran vs several times. i keep getting 2 trojans in C:\ WINDOWS\system32\mljGaaya.dll and C:\ system32\lsass.exe (820) My vs can not delete these and i have tried manually to remove them and get Access denied. Im running AVG anti-Virus
and its on xp media center edition. each time it boots up, it runs fine till everything is loaded, then my icons and start bar dissapear, so it is not an issue with them not being there at all, they dissapear after everything is loaded up.
Thank you for any help you can offer.
-
January 7th, 2009, 07:22 PM
#2
also i have tried running explorer.exe as i have seen in many posts and the icons and start bar come back, but only for a min or so, then they dissapear again.
-
January 7th, 2009, 07:58 PM
#3
so do i need to go get another copy of xp for this wipe?
-
January 7th, 2009, 08:10 PM
#4
Registered User
You should backup your information. However I suggest copying the lsass.exe from another pc with the same version of windows that isn't infected then on the other computer download combofix put it on a CD or a thumb drive, also download malwarebytes from www.malwarebytes.org and put that on the cd or thumbdrive. Reboot your pc in safemode and install malwarebytes, then run combofix. After that run malwarebytes. Once you are done Copy the lsass.exe file. That is if it didn't cause the pc to shut down after you removed it. If it did you need to slave the drive into another pc to replace the lsass.exe If I recall this should work as the lsass.exe isn't a picky file to replace like the other windows directory files.
One Script to rule them all.
One Script to find them.
One Script to bring them all,
and clean up after itself.
-
January 7th, 2009, 08:35 PM
#5
If you can access another comp, get Hijack This, MalwareBytes and Superantispyware downloaded to a cd and try and install them in Safe Mode.
If they install, run them.
http://www.trendsecure.com/portal/en...kthis/download
http://www.malwarebytes.org/
http://www.superantispyware.com/
edit: IF you are not familiar with these products, have them scan ONLY and then post their log files as attachments here.
Last edited by CCT; January 7th, 2009 at 08:41 PM.
-
January 7th, 2009, 09:32 PM
#6
this is a custom build, but the harddrive is from a compaq i had. It had the recovery on a seperate partition but when i tried to run it, it put me into a command/dos screen. I didnt go any futher because i did that type of recovery on my dads computer for him and it was just like installing windows again, i never saw a screen where i had to type in commands. I have already backed up files i would like to keep onto another drive, luckly the files were not infected, so my only concerns were if i had to zero out, and if i needed to get a new copy of xp. First ill try the file removal.
-
January 7th, 2009, 09:50 PM
#7
Registered User
So the xp media center is from another computer? specifically a compaq?
-
January 7th, 2009, 10:04 PM
#8
yes, i bought it in '06. is there some other way for me to post the log file? its to long for me to post, and the only formats i can upload are pics.. its a .txt file.
-
January 7th, 2009, 10:15 PM
#9
Registered User
You can break it up into multiple posts.
Sergeant WOTPP
-
January 7th, 2009, 10:16 PM
#10
!!!!!!!!!!!!!!! Thank you so much!! i ran those programs, and now there is nothing. no dissapearing icons, still have start bar! So, now that we have that squared away, should i just set it on a schedule to scan my computer? or is there any other clean up issues i need to be worried about?
Once again, thank you so much everyone!
-
January 8th, 2009, 04:22 AM
#11
Driver Terrier
Originally Posted by icehog06
yes, i bought it in '06. is there some other way for me to post the log file? its to long for me to post, and the only formats i can upload are pics.. its a .txt file.
The compaq windows was sold for use ONLY with the original compaq machine. Unfortunately you are now running an illegal copy.
As for clean up, run a hijackthis log and post it and we can have a look to see if there is anything left over.
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
January 14th, 2009, 02:43 PM
#12
Registered User
As a side not I think that UBCD for win should be a part of every technician handbag:
http://www.ubcd4win.com/
custom built with many features - easy to understand and no dependancy on host OS
I never bother of instaling spyware tools on the computer - I always clean with the CD
Cheers,
Gabriel
Real stupidity beats Artifical Intelligence
Avatar courtesy of A D E P T
-
January 17th, 2009, 05:34 AM
#13
Just an aside: CCT mentioned installing your Anti-virius apps in SafeMode. Normally Windows won't allow you to install anything in SafeMode but there is a workaround. After booting to SafeMode go to the command prompt and enter the following command :
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Mi nimal\MSIServer" /VE /T REG_SZ /F /D "Service"
(For SafeMode with Networking)
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Ne twork\MSIServer" /VE /T REG_SZ /F /D "Service"
That will enable you to install most programs in SafeMode. Comes in handy.
Taraje Solomon
-
January 17th, 2009, 11:17 AM
#14
Driver Terrier
Welcome to Windrviers Taraje and thanks for the Tip!
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
January 17th, 2009, 01:08 PM
#15
Yes Taraje, I did omit that little detail.
Thanks.
There are people working to help all the time - this site has a method of preparing some av for cut/paste (in Safe Mode);
http://forums.techarena.in/security-virus/745438.htm
Similar Threads
-
By daywalker in forum Networking
Replies: 6
Last Post: August 14th, 2007, 12:20 PM
-
By ohtheknives in forum Windows XP
Replies: 5
Last Post: August 6th, 2006, 02:21 PM
-
By Six Eyed Smily in forum Networking
Replies: 14
Last Post: June 27th, 2003, 09:51 PM
-
By obituary in forum BIOS/Motherboard Drivers
Replies: 8
Last Post: January 3rd, 2003, 08:43 AM
-
By Poseidon in forum Microsoft Office
Replies: 2
Last Post: April 1st, 2002, 02:06 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks