TheTechGuide Forum
General Category => Tech Clinic => Topic started by: gochi on February 13, 2009, 11:30:36 PM
-
hi guys
wel bassically this issue started about 2 weeks ago and i ignored it since i posted on two other forums and got no replies.
basically, two .tmp files, iexplorer.exe, rundl32.exe, reader_s.exe, rs32net.exe come up on porcess eveytime. I can manually terminate all but the .tmp files, however they re-appear.
also in my windows/system32 directory there are everal a1.tmp a.tmp files that i delete almost everyday and they re-appear.
i ran malware bytes and it found 42 infections and got rid of them. that was a while ago after i got infected. since then ive been doing quickscans and havent gotten many infections.
however, today i was browsing and i accidently launched a game (its not infected) and i tried to terminate it via ctrl al del, but all of a sudden i recieved BSOD error with "PAGE_FAULT_IN_NONPAGED_AREA" msg. I think this was the messgae, not sure now. So then i restarted in safemode and deleted the .tmp files again (mentioned above).
Now whenever I try to boot up, i login and it takes me to desktop. A black box titled c:docs~ somethin something \ reader_s.exe comes up and i get BSOD and cycle continues.
I really do not know what to do.
I can do stuff in safe mode so if anything is needed I can only work with safe mode.
thanks
-
download Flash_Disinfector (http://\"http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe\") and save it to your desktop
- Double on Flash_Disinfector.exe to run it. If you receive a prompt, please allow it.
- You will be prompted to plug in your flash drive. Plug it in. If you have more than one, plug them in
- Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
- When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
- Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.
[color=\"#4169E1\"]Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.[/color]
Download ComboFix from one of these locations:
[color=\"#0000FF\"]Link 1[/color] (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\")
[color=\"#0000FF\"]Link 2[/color] (http://\"http://www.forospyware.com/sUBs/ComboFix.exe\")
[color=\"#0000FF\"]Link 3[/color] (http://\"http://subs.geekstogo.com/ComboFix.exe\")
Save it ONLY to your Desktop
--------------------------------------------------------------------
[color=\"#2E8B57\"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool[/color]- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]
(http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif)
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v706/ried7/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply
NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please
-
Well numerous more probelms gave occured.
- No audio from videos, internet etc...before i could end a process in CMD withoutany system beeps, now everytime i try to end a process i get a beep
- some sort of song runs in the background
- sometimes my wifi works, when it doesnt i have to use winsock to fix it
- some of my programs do not wok, i get invalid win32 process error (winrar for example was working fine until this virus took over)
I can't run Combofix or the other program. For combofix I get "C:\32788R22FWJFW\swres.exe is an invalid Win32 process" error. I click "ok" & it kept on appearing. I kept on clicking OK until combo fix launched. However, after laucnhing it stated "Access Denied" in the blue window.
I ran housecall and it found 2000+ infections, but most of them could not be deleted/cured.
Also, i am unable to launch hijackthis due to invalid win32 process error.
-
Let's see if the following will work
Ensure you can see file extensions
Go to START>>MyComputer
TOOLS>>FOLDER OPTIONS>>VIEW
Untick "Hide extensions for know file types"
Apply and Ok it
Right click on ComboFix.exe on desktop and rename it to ComboFix.com
Try running it again and let me know if it will run
-
[quote name=\'guestolo\' post=\'457789\' date=\'Feb 14 2009, 11:27 PM\']Let's see if the following will work
Ensure you can see file extensions
Go to START>>MyComputer
TOOLS>>FOLDER OPTIONS>>VIEW
Untick "Hide extensions for know file types"
Apply and Ok it
Right click on ComboFix.exe on desktop and rename it to ComboFix.com
Try running it again and let me know if it will run[/quote]
ill try this later on this week. ill post back with results. thanks
-
[quote name=\'gochi\' post=\'457888\' date=\'Feb 16 2009, 05:37 PM\']ill try this later on this week. ill post back with results. thanks[/quote]
i have been recently advised that i may have keyloggers and such. i am currently doing specifc file scans as suggested by another individual. if the files are inefected, than the only solution would be to reinstall windows.
is it possible for combofix to get rid of such infected files?
-
From the logs I've seen, it looks like you have an infection related to Virut
That's not good
It's possible to clean the machine with a scan of Dr. Web or similiar
Run from a CD that cannot infect the scanner
Repair the computer with the XP CD afterwards
and replace most/all of your programs
It's a lot of work, and still cannot guarantee of a 100% clean machine
My suggestion is to backup any important files
but scan with an updated virus scanner to ensure that they're clean if you do back them up
DO NOT include any .EXE and .SCR extensions.
if the files are inefected, than the only solution would be to reinstall windows.
Sort of, don't confuse it with installing over the top or Repairing the system
You will want to actually Clean install the system
This includes Formatting and then installing, do you need a guide on the proper procedure to do this
It really is your best option