PDA

View Full Version : Stubborn malware removal suggestions needed



clh333
2018-01-10, 19:49
Recently I dusted off an XP machine that I had last used in 2013 or 2014. The machine has an Abit board, Athlon processor, 3 Gb RAM and runs Win XP SP3. It uses a Tenda USB wireless NIC and Tenda's proprietary driver to connect to a Netgear cable modem and router. The router is secured with WPA2 and AES; the machines are in star configuration and there is no sharing or networking between nodes. AVG antivirus is installed on each machine.

After starting the machine in question I ran several cycles of updates, mainly for Windows, AVG and Firefox. I began to notice strange behavior with the wifi connection: attempts to connect to unknown IP addresses outside the usual 192.168.x.x range, connections that would drop off suddenly, and browser connectivity issues. For example, I could access the browser home page and from it some web sites but if I tried eBay I could not get to the site. I tried uninstalling the Tenda utility and running Windows' wifi instead, but without improvement. I reinstalled the Tenda utility, again not much better. I tried a system restore to last week before I noticed these troubles appearing, but Windows was unable to restore to that point.

Today two observations convinced me that I have some unauthorized or "rogue" software running on the machine: First - the machine is a dual-boot with Linux Fedora 21 installed on the second hard drive, so I booted into Linux and ran the same test to access eBay, which I was able to do without difficulty. I drew the conclusion that the problem was not with the hardware, therefore. Second - I noticed the Windows CPU monitor in the system tray was pegged at 100%, presumably while nothing was going on. The LED on the Tenda NIC was lit solid, however.

I went to another machine, a Win7 64-bit, and began an Internet search using my symptoms as the search string. Eventually that led me back to this site. Reading former posts I obtained Malwarebytes, which I downloaded and transferred to the XP machine. Upon installation I got a "floating point division" error and install terminated. After more research I downloaded RogueKiller, which installed but threw an error when executed. I also ran the Malwarebytes' beta rootkit tool, which ran and found nothing.

Fortunately there is nothing valuable, information-wise, on this machine. If push came to shove I could wipe the drive and start over. I suspect I will run across this problem again, however, so if anyone has any suggestions for how to expose and remove this uninvited guest please let me know. It seems to me that a self-booting CD from which a malware scan could be launched is one avenue of attack.

Thanks for your replies,

Juliet
2018-01-11, 00:44
Couple of things you might try.

Temporarily disable AVG antivirus, try to run the tools you know that downloaded and installed. Very possible the download corrupted.

Attempt to run in safe mode?

Could you tell with task manager open if windows was trying to update?

~~~~~

Please back up your registry!

Backup the Registry:
Credit: Dakeyras

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.


Please download the installer for Registry Backup from here (http://www.bleepingcomputer.com/download/registry-backup/) or here (http://www.tweaking.com/files/setups/tweaking.com_registry_backup_setup.exe) and save to your desktop.
Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
Once the GUI(graphical user interface) has appeared/loaded:-


Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-


Close Tweaking.com - Registry Backup

Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

A tutorial for Registry Backup explaining the various features be viewed HERE (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=61325)
~~~~~~~~~~~~~~~

http://i.imgur.com/xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

Please download Farbar Recovery Scan Tool (x32) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/) or Farbar Recovery Scan Tool (x64) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/) and save the file to your Desktop.
Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
Right-Click FRST.exe / FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

Juliet
2018-01-15, 16:19
bump.....

Juliet
2018-01-19, 12:57
Due to lack of feedback this topic is closed.