New Infection?
Results 1 to 15 of 15

Thread: New Infection?

  1. #1
    Registered User Zonie's Avatar
    Join Date
    Apr 2001
    Location
    Phoenix, Arizona
    Posts
    1,461

    Question New Infection?

    Not sure what is going on, but something is different or I am missing a step. This is the second incident I have run into in the last week. Have a XP Pro, infected with malware, popups and PC optimizer to name a few. I did my normal eradication in safe mode, Combofix and Malwarebytes. Then booted into normal startup. Everything looked good. Started IE, comes up, flashes and disapears. I try firefox, ok. I try opening Outllook and get an error: Windows installer cannot be accessed. Checked to make sure you are not running in safe mode. Icons on the desktop hve to right clicked then click on open since double click does not Work.

    All in all, everything associated with the windows os is fubar and can't be opened, just get the windows installer error. Has anyone run into this as well? looks like I will have to start all over. TIA
    It's not the computers that keep having problems, it's the users!!

  2. #2
    Registered User Niclo Iste's Avatar
    Join Date
    Oct 2007
    Location
    Pgh, PA
    Posts
    2,051
    Well since we don't know what infection you have there are a few things.

    1. Can you provide a hijack this log?
    2. Have you checked for a rootkit?
    3. Can you provide a list of all of the infectors that were removed?
    4. Has this individual tried to fix it themselves using a registry cleaner? Somehow people think a marketed registry cleaner is a universal "fix me" tool.
    One Script to rule them all.
    One Script to find them.
    One Script to bring them all,
    and clean up after itself.

  3. #3
    Registered User slgrieb's Avatar
    Join Date
    Feb 2003
    Posts
    4,103
    I'd suggest running all your removal tools in Standard Mode whenever possible. I'd start with TDSSKiller, then ComboFix, followed by MBAM and the supplemental scan of your choice. This is all stuff you can install from a pendrive, even if Internet access is FUBAR. If you've no joy after this, I'd connect the drive to another computer and scan from there.

  4. #4
    Registered User Zonie's Avatar
    Join Date
    Apr 2001
    Location
    Phoenix, Arizona
    Posts
    1,461
    Thanks Nilco, been on the road till now. No hijackthis log, did not use.

    1. Combofix found and removed a rootkit and cleaned other malware. Followed up withTDSSKiller. Clean.
    2. Cannot provide list of infectors as the PC is at the clients house. All infections were mainly malware like stated above: PC Optimizer, Click to Win, Driver Updater, Internet booster, and a few others which is typical for the 10-11 year old not being watched while playing online games and jus clicking away.
    It's not the computers that keep having problems, it's the users!!

  5. #5
    Registered User Zonie's Avatar
    Join Date
    Apr 2001
    Location
    Phoenix, Arizona
    Posts
    1,461
    Hey Slgrieb, was writing and posted to discovered you had answered to. Snuck in on me. I did go back to standard mode and ran all you mentiond onlt have everything show clean. I can get on the internet with firefox no prob, just IE and other apps a prob. I even was going to restore back to a different day only to find out the system restore won't eve come up just like tring to bring up windows explorer. I have to go by way of My Computer to get access to files. Want to go to MSConfig? Forget that it won't happen either. It looks like almost a format and restart. One thing I think I will try is running the Bitdefender Recue CD I have.
    It's not the computers that keep having problems, it's the users!!

  6. #6
    Registered User slgrieb's Avatar
    Join Date
    Feb 2003
    Posts
    4,103
    I'd still try scanning the drive with a different computer. I keep an old dog around that just gets used for removals and data recovery. Even if that doesn't work, you should be able to copy data files, and make decent money even if you resort to the Nuclear Option. It happens.

  7. #7
    Registered User Niclo Iste's Avatar
    Join Date
    Oct 2007
    Location
    Pgh, PA
    Posts
    2,051
    Sorry SL but I'm going to have to disagree on a point you brought up. I wouldn't advise usb drives. It has been speculated and recently proven with a few government press releases that thumb drives can host malware and bypass securities. The malware is actually attached to the USB device once the drive is connected and the OS is live. If have had much more success with live CDs. Kaspersky's rescue CD and Parted Magic are universal with drivers for all wired and most wireless configurations. These will allow you to download and prep the programs for the machine, in addition Kaspersky's Rescue CD can help with preliminary cleanups of functions that could generally disable you from cleaning a PC correctly when you are once in the PC's installed OS. In addition these live CDs allow you to browse the drive and if you know what you are infected with or the files you are looking for you can even roll up your sleeves and manually pull the parts of the infector out you want by hand then start your cleanup once you log back onto the PC.
    One Script to rule them all.
    One Script to find them.
    One Script to bring them all,
    and clean up after itself.

  8. #8
    Registered User nunob's Avatar
    Join Date
    Oct 2002
    Location
    Washington
    Posts
    597
    You prolly have a lot of broken services and the sort from the rootkits. I would try downloading the beta Malwarebytes AntiRootkit tool and running it. After that in the folder that it extracts is a tool called fixdamage.exe it repairs alot of the things that zeroaccess rootkit family breaks. There is also a version made by eset that is near the bottom in this article called services repair.

    http://kb.eset.com/esetkb/index?page...nt&id=SOLN2895
    Can't never did anything except whine about what he couldn't do.
    Do, or do not. There is no try.


    http://www.northernaurora.com/page/index.html
    http://www.northernaurora.com/page/chat.html Free Chat

  9. #9
    Registered User Zonie's Avatar
    Join Date
    Apr 2001
    Location
    Phoenix, Arizona
    Posts
    1,461
    Well, I hope to pick up this PC today so I can work on it over the weekend and see what I can get working. I have tried qute a few of these things when I was there without much success but there is few here hat I have not. Also this will allow me to backup their data if I need to wipe and reinstall. Will keep all posted and appreciate all the input.
    It's not the computers that keep having problems, it's the users!!

  10. #10
    Registered User Zonie's Avatar
    Join Date
    Apr 2001
    Location
    Phoenix, Arizona
    Posts
    1,461
    Well after a lot of scanning with various programs with no success, I decided it was time to bite the bullet for these 2 machines. I formated and started all ove. Now they run good and ready to take them back. Thanks all for your help.
    It's not the computers that keep having problems, it's the users!!

  11. #11
    Registered User Niclo Iste's Avatar
    Join Date
    Oct 2007
    Location
    Pgh, PA
    Posts
    2,051
    Sorry to hear that you had to do a re-install. I was hoping that you'd have gotten an angle in on fixing it, though I do realize that in many cases it's far more efficient to blow away a system than to invest too many hours on it. Thanks for the update.
    One Script to rule them all.
    One Script to find them.
    One Script to bring them all,
    and clean up after itself.

  12. #12
    Registered User Poseidon's Avatar
    Join Date
    Jan 2001
    Location
    Knoxville, TN USA
    Posts
    1,762
    Too late now, but for future reference in addition to running MBAM and their AntiRootKit, I have found Emisisoft's Emergency Kit to be a good tool as well.
    Last edited by Poseidon; February 6th, 2013 at 09:22 PM. Reason: typo
    The early bird may get the worm; but the second mouse gets the cheese!

  13. #13
    Registered User Niclo Iste's Avatar
    Join Date
    Oct 2007
    Location
    Pgh, PA
    Posts
    2,051
    Quote Originally Posted by Poseidon View Post
    Too late now, but for future reference in addition to running MBAM and their AntiRootKit, I have found Emisisoft's Emergency Kit to be a good tool as well.
    I agree with Poseidon, I haven't been pushing the A-Squared topic for a while since it seemed to fall on deaf ears but I find it to be a great way to get started on cleaning a system since a lot of infectors appear to not be able to hide from it. My typical approach is, the emsisoft first, if the issues still persist then I go with, combofix, tdsskiller, emsisoft, mbam. It's generally effective but there still are infectors out there that you may have to get creative with.
    One Script to rule them all.
    One Script to find them.
    One Script to bring them all,
    and clean up after itself.

  14. #14
    Registered User Zonie's Avatar
    Join Date
    Apr 2001
    Location
    Phoenix, Arizona
    Posts
    1,461
    Well, I did run all of those plus Bit Defender Rescue disk, and although there were items found and removed, in both cases there were too many system files damaged. I went as far as to do a repair install with no success, so , format city here I come was the moto for the day.
    It's not the computers that keep having problems, it's the users!!

  15. #15
    Registered User slgrieb's Avatar
    Join Date
    Feb 2003
    Posts
    4,103
    Quote Originally Posted by Niclo Iste View Post
    I agree with Poseidon, I haven't been pushing the A-Squared topic for a while since it seemed to fall on deaf ears but I find it to be a great way to get started on cleaning a system since a lot of infectors appear to not be able to hide from it. My typical approach is, the emsisoft first, if the issues still persist then I go with, combofix, tdsskiller, emsisoft, mbam. It's generally effective but there still are infectors out there that you may have to get creative with.
    It isn't that no one is paying attention, but more to the point, I believe that the most common infections aren't new and sophisticated, but mostly just the same old same old. I still sometimes use GMER, some of the Sysinternals Tools and other stuff to see what's going on with infected, or potentially infected systems. But, I believe that most of the bad guys have realized that the average computer user is so clueless regarding security that creativity isn't required to deliver popup ads, bogus toolbars, or create botnets. "Yo! Bozo! Click this link, and have an instant orgasm!" I'm not saying is that there isn't decent security software around, but most users deploy third or forth tier junk and don't have very safe browsing habits.

    Also, when I do run into nasties where removal isn't straightforward, there seems to be a very high chance that the system is so broken that even if I kill the bug, it's fresh installation time anyway. Let me emphasize that I haven't had to go this route more than about 3-4 times in the last two years. I want to get back to this thread later, but I'm out of time.

Similar Threads

  1. Worst infection to date: Beware
    By pbolduc in forum Spyware & Antivirus - Security
    Replies: 23
    Last Post: April 17th, 2010, 05:27 PM
  2. Slight virus infection?
    By Cyphrr in forum Tech Lounge & Tales
    Replies: 15
    Last Post: May 4th, 2004, 10:44 PM
  3. Exchange: mass-email infection
    By tk421 in forum Networking
    Replies: 15
    Last Post: March 8th, 2004, 05:57 PM
  4. possible virus infection - please help!!
    By gutted in forum Spyware & Antivirus - Security
    Replies: 6
    Last Post: January 12th, 2002, 01:18 AM
  5. [RESOLVED] CD RW wont format disks after virus infection
    By restless in forum CD-ROM/CDR(-W)/DVD Drivers
    Replies: 1
    Last Post: January 14th, 2001, 10:47 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •