Page 1 of 3 123 LastLast
Results 1 to 10 of 30

Thread: Test your skill and impress me with this one...

  1. #1
    Junior Member
    Join Date
    Sep 2011
    Posts
    14

    Default Test your skill and impress me with this one...

    Hi there. I'm going to apologize in advance for my lack of technical lingo.

    I have an older model HP laptop, and I recently acquired a virus that is meant to look like it's some sort of windows security feature, only I'm smarter than that! and I've seen 'em before, so what I would normally do is reboot in safe mode and do a system restore or run spybot to get rid of it.

    well, not this time. I can reboot the computer fine normally, except nothing works except for this fake windows security.

    I reboot in safe mode, and it goes fine until I open up system restore or spybot - the computer shuts off.

    I'm trying to see if there's anything I can do before having to wipe it clean.

    Thank you! this is a tricky little bugger - at least I think so!!

  2. #2
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello meglamb and

    My name is JonTom

    • Malware Logs can sometimes take a lot of time to research and interpret.
    • Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
    • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
    • Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
    • PLEASE NOTE: If you do not reply after 5 days your thread will be closed.


    I'm trying to see if there's anything I can do before having to wipe it clean
    Lets take a look and see what we can do

    Are you able to connect to the Internet using the infected machine?

    Also, please let me know what operating system you are running (XP, Vista, Win 7 - 32 or 64 bit) and we'll take it from there
    Proud Graduate of the WTT Classroom

  3. #3
    Junior Member
    Join Date
    Sep 2011
    Posts
    14

    Default

    Hi! thanks for your help -

    no, I cannot connect to the internet, or run any programs at all.

    and it's XP.

  4. #4
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello meglamb

    Thanks for letting me know.

    If you are unable to connect to the net with the infected machine you will need to copy the required tools to a flash drive and transfer them to the infected system. Lets try the following to begin with:

    If the machine you use to download the tools runs on XP, please run the following tool first to reduce the chance of cross-infection.

    1. Please download Flash Disinfector


      • Click here to download Flash Disinfector and save the file (called Flash_Disinfector.exe) to your desktop.
      • Double click on the Flash_Disinfector.exe icon to run the program and follow any prompts that may appear.
      • The program may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so if prompted.
      • Wait until Flash disinfector has finished scanning and then exit the program.
      • Reboot your computer.


      If it runs on Vista/Win 7, use this one:

    2. AutoRun Eater


      • Download Autorun Eater and save it to your desktop.
      • Plug all of your removable storage devices into the machine (USB sticks etc) and run the tool.



      Once you have done that, download the following tools and transfer them to the infected machine:

    3. Please perform the following scan


      • Please download DDS from here and save it to your desktop.
      • Disable any script blocking protection (How to Disable your Security Programs)
      • Double click on the DDS icon to run the tool (may take up to 3 minutes to run).
      • When done, DDS.txt will open.
      • After a few moments, attach.txt will open in a second window.
      • Save both reports to your desktop.
      • Please post the contents of the DDS.txt and Attach.txt logs in your next reply.


    4. Please scan your system with GMER



      Download GMER Rootkit Scanner from here or here.
      • Extract the contents of the zipped file to desktop.
      • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent.
      • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
      • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
        • IAT/EAT
        • Drives/Partition other than Systemdrive (typically C:\)
        • Show All (don't miss this one)
      • Then click the Scan button & wait for it to finish.
      • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
      • Save it where you can easily find it, such as your desktop, and post it in your reply.


      **Caution**
      Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries


      Please post the DDS logs and the GMER log in your next reply. If you encounter any problems with the scans, just come back and let me know.
    Proud Graduate of the WTT Classroom

  5. #5
    Junior Member
    Join Date
    Sep 2011
    Posts
    14

    Default

    I downloaded both of those things and put the .exe files on a disc to bring over to my infected computer - but my computer will not open the files, it says that they are infected by a w32/blaster.worm, and that I have to activate security protection to get rid of it.

    so, no programs can be opened.

  6. #6
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello meglamb

    Are you able to run the tools from Safe Mode?


    1. Reboot Your System in Safe Mode


      • Restart your computer.
      • As soon as BIOS is loaded begin tapping the F8 key until the "Advanced Options" menu appears.
      • Use the arrow keys to select the Safe mode menu item.
      • Press Enter.


      If you are able to scan the system from safe mode, please make sure to save the logs created, then boot back into Normal mode to transfer the logs back to flash drive to post back here.

      Let me know how you get on
    Proud Graduate of the WTT Classroom

  7. #7
    Junior Member
    Join Date
    Sep 2011
    Posts
    14

    Default

    Nope - when I go to run the anti virus from safe mode, the computer shuts off. it's a tricky devil, I'm telling you!

  8. #8
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello meglamb

    Nope - when I go to run the anti virus from safe mode, the computer shuts off.
    I am a little confused here. What anti virus are you trying to run? All we need at the moment are the diagnostic system scans provided by DDS and GMER.

    If the infection is interfering with our tools (and it certainly sounds as though it is) lets try the following:


    1. rkill


      • You will need to download each of these versions and transfer them to the infected machine.
      • Please download rkill (Courtesy of Bleepingcomputer.com).
      • There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
      • Note: You only need to get one of the tools to run, not all of them.






      • Note: You will likely see a message from the infection telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message.

        Run rkill repeatedly until it's able to do it's job. This may take a few tries.

        You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.


      Once rkill has been run try running DDS and GMER again.
    Proud Graduate of the WTT Classroom

  9. #9
    Junior Member
    Join Date
    Sep 2011
    Posts
    14

    Default

    I can't get that far - no .exe files will run, the virus says they are all infected files, when I go into safe mode and try and run anything the computer shuts off.

  10. #10
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello meglamb

    I can't get that far
    Okay, thanks for letting me know. I realise that this is frustrating for you but there are still a few things we can try

    no .exe files will run
    Did you try all of the rkill files I provided? The reason I ask is that two of them are not executable files (rkill.com and rkill.scr).

    Please let me know in your next reply.
    Proud Graduate of the WTT Classroom

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •