travlinsouth1
2008-08-11, 23:11
So it looks like I've fallen victim to these popular virii, as of last Wed (8/6/08). I seemed to get the worst of it, losing access to my desktop, C:drive, control panel, etc.
Prior to the infestation, I had an older version SBS&D (tea-timer not running) and AVG. As directed in the "before you post" procedure, I downloaded 1.6, and installed all the updates, and ran S&D again, catching a dozen or more files, and this restored some of the functionality. I got a (paraphasing here) "S&D recommends that you restart and run the search again If you want to do this, click 'yes', save your work and restart" dialogue box (twice), and clicked yes. I let it finish, closed S&D, and the machine seemed to reboot, and S&D scan ran again, catching 5 or so more files.
I've since run S&D several times from Safe mode, with each time it catching what look like the same 4 problems: 1 virtumonde .dll file, 2 virtumonde registry changes and 1 smitfraud .dll file, always with the two dialogue boxes advising to restart during the scan (both in the 131k range. the second one is at 131,438, I think, the first one in the 131200's). I've generally checked "yes" and let the scan finish, usually fixing the flagged files. My computer continues to behave as though infected, though, with a "services.exe" task taking up 95+% of my CPU time, according to my taskmanager. Because the scan takes more than an hour, and seems to be catching the same files over and over again, it seems more thorough methods are in order. I've also run it several times again in normal mode, with seemingly no progress.
When I'm in safe mode, the machine doesn't seem to restart the scan automatically, though it does when I run in normal mode. Several times in the initial run, and a few times since, I've been asked to "accept" or "decline" a registry chance, usually involving a "spybotdeleting" type entry. I've got tea-timer runing now, and presumably this is related. Unsure of what to do, I've both "accepted" and "declined", with no particular consistency.
I downloaded and tried to run HijackThis, but I've been having trouble: I get an "HijackThis.exe has generated errors and will be closed by windows. You will need to restart the program. An error log has been generated." dialogue box. Accordingly, I can't post a HijackThis log. This may be unrelated to the virus, since I occasionally got that message with other programs - notably Outlook - prior to Wednesday.
I'm running Windows 2000 5.00.2195 SP 4 on a Compaq Armada e500. I bought the machine used, and it's my understanding that the previous owner had a problem with viruses, but had the hard drive re-formatted and windows re-installed immediately before I purchased it.
Any help you can give in get my machine running more smoothly would be most grateful. Thanks in advance.
Prior to the infestation, I had an older version SBS&D (tea-timer not running) and AVG. As directed in the "before you post" procedure, I downloaded 1.6, and installed all the updates, and ran S&D again, catching a dozen or more files, and this restored some of the functionality. I got a (paraphasing here) "S&D recommends that you restart and run the search again If you want to do this, click 'yes', save your work and restart" dialogue box (twice), and clicked yes. I let it finish, closed S&D, and the machine seemed to reboot, and S&D scan ran again, catching 5 or so more files.
I've since run S&D several times from Safe mode, with each time it catching what look like the same 4 problems: 1 virtumonde .dll file, 2 virtumonde registry changes and 1 smitfraud .dll file, always with the two dialogue boxes advising to restart during the scan (both in the 131k range. the second one is at 131,438, I think, the first one in the 131200's). I've generally checked "yes" and let the scan finish, usually fixing the flagged files. My computer continues to behave as though infected, though, with a "services.exe" task taking up 95+% of my CPU time, according to my taskmanager. Because the scan takes more than an hour, and seems to be catching the same files over and over again, it seems more thorough methods are in order. I've also run it several times again in normal mode, with seemingly no progress.
When I'm in safe mode, the machine doesn't seem to restart the scan automatically, though it does when I run in normal mode. Several times in the initial run, and a few times since, I've been asked to "accept" or "decline" a registry chance, usually involving a "spybotdeleting" type entry. I've got tea-timer runing now, and presumably this is related. Unsure of what to do, I've both "accepted" and "declined", with no particular consistency.
I downloaded and tried to run HijackThis, but I've been having trouble: I get an "HijackThis.exe has generated errors and will be closed by windows. You will need to restart the program. An error log has been generated." dialogue box. Accordingly, I can't post a HijackThis log. This may be unrelated to the virus, since I occasionally got that message with other programs - notably Outlook - prior to Wednesday.
I'm running Windows 2000 5.00.2195 SP 4 on a Compaq Armada e500. I bought the machine used, and it's my understanding that the previous owner had a problem with viruses, but had the hard drive re-formatted and windows re-installed immediately before I purchased it.
Any help you can give in get my machine running more smoothly would be most grateful. Thanks in advance.