Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Need help with virii/malware on my PC
New Posts  All Forums:Forum Nav:

Need help with virii/malware on my PC

post #1 of 23
Thread Starter 
Yesterday I did something extremely foolish, i let my guard down and accidentally got a trojan, within seconds it had infected my PC, disabled a lot of things, and downloaded even more trojans with it.

Anywho, i quickly pulled out my ethernet cable and then installed Kaspersky Trial edition (and quickly replugged my ethernet cable back for a moment in to download updates).

I then ran Kaspersky, it took 5 hours (the first scan is slow, but the ones after are much quicker) with maximum security protection enabled, searching both rookits and using heuristics etc. Anyway, Kaspersky can find the malware, but can't seem to get rid of it. It has buried itself into System Restores and Windows logon (winlogon.exe?) and Explorer.exe. When i try to clean the system restores kaspersky can no longer find the malware, and although Kaspersky can clean Explorer.exe it soon becomes infected again. With the windows logon, kaspersky can't clean it. I believe this is because the windows logon must be essential to windows running.

Anywho, I have no idea what to do. I'm willing to format my harddrive but i have a good deal of data on there that i'd rather like to keep. I was thinking of downloading HijackThis but I'm not sure there would be any point as the malware activates itself before I even get into Windows. I also don't know what it does (HijackThis that is, not the malware).

I was also thinking of downloading a program like this: http://www.download.com/Process-Expl...dlPid=10847734 to help me bypass the Task Manager being disabled (the malware has also disabled a lot of start menu stuff, but they can be reenabled easily via rightclicking the taskbar and messing with the properties).

So yeah, any help you guys could give would be great, because I'm kind of at a loss here.

Thanks,
Voice.
post #2 of 23
turn off system restore, run your virus protection in safe mode.

use: smitfraudfix, combofix and hijackthis

You might have to dive deep into your computer but you can fix everything that has been corrupted

dont let anybody tell you that you have to reformat, thats the lazy way out
    
CPUMotherboardGraphicsRAM
x3210 @ 3360@1.328v after vdroop Asus P5k3 xFx 8800gt Alpha Dog + Galaxy 8800gt gskill DDR3 pc8500 
Hard DriveOSPower
120gb + 1tb xpp Cm 500 mod 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
x3210 @ 3360@1.328v after vdroop Asus P5k3 xFx 8800gt Alpha Dog + Galaxy 8800gt gskill DDR3 pc8500 
Hard DriveOSPower
120gb + 1tb xpp Cm 500 mod 
  hide details  
Reply
post #3 of 23
Get a process explorer and search for any mischievous looking file names running.

Disable System Restore in Windows. Either by the service or by Windows System Properties.

You can try to look at registry fixers, such as CC Cleaner, Spybot S&D, etc.

Definitely use HiJack This, AV, CC Cleaner, S&D,
Definitely run Windows in Safe Mode for a good amount of time while trying to get rid of all of the things that are infected. Like discjockey said.

Another good thing, try killing explorer.exe from the tree and then shut down the computer.


As a last resort, you can do a format and reinstall. But Only as a last resort. It really just comes down to manually finding and removing them yourself.

Do you happen to know what the Virus is called?
Gaming
(23 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X6 1090T Crosshair IV Formula GTX 560 GTX 580 
RAMRAMRAMRAM
G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI  G. Skill F3-12800CL6D-4GBPI 
Hard DriveHard DriveHard DriveOptical Drive
Seagate Hard Drive Seagate Hard Drive Crucial M4 SSD Sony Optiarc 
CoolingOSMonitorMonitor
Corsair H70 Windows 7 Professional x64 ASUS VH242H 23" Monitor ASUS VH242H 23" Monitor 
MonitorKeyboardPowerCase
Samsung SyncMaster 906BW 19" Monitor Logitech G15 Corsair 1K PSU Lian-Li 70A 
MouseMouse PadAudio
Logitech Performance MX Razer Vespula HT Omega Pro+ 
  hide details  
Reply
Gaming
(23 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X6 1090T Crosshair IV Formula GTX 560 GTX 580 
RAMRAMRAMRAM
G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI  G. Skill F3-12800CL6D-4GBPI 
Hard DriveHard DriveHard DriveOptical Drive
Seagate Hard Drive Seagate Hard Drive Crucial M4 SSD Sony Optiarc 
CoolingOSMonitorMonitor
Corsair H70 Windows 7 Professional x64 ASUS VH242H 23" Monitor ASUS VH242H 23" Monitor 
MonitorKeyboardPowerCase
Samsung SyncMaster 906BW 19" Monitor Logitech G15 Corsair 1K PSU Lian-Li 70A 
MouseMouse PadAudio
Logitech Performance MX Razer Vespula HT Omega Pro+ 
  hide details  
Reply
post #4 of 23
safe mode is the key. boot into it using f8 i believe then run all your virus scaners and spyware scanners from there. good luck!
Bravo
(13 items)
 
  
CPUMotherboardGraphicsRAM
X4 955 @ 3.6 Asus M479T 4870 1GB 8 GB DDR3 
Hard DriveOSPowerCase
160 GB Win 7 Antec 750w Antec 300 
  hide details  
Reply
Bravo
(13 items)
 
  
CPUMotherboardGraphicsRAM
X4 955 @ 3.6 Asus M479T 4870 1GB 8 GB DDR3 
Hard DriveOSPowerCase
160 GB Win 7 Antec 750w Antec 300 
  hide details  
Reply
post #5 of 23
Thread Starter 
Quote:
Originally Posted by GH0 View Post
Get a process explorer and search for any mischievous looking file names running.

Disable System Restore in Windows. Either by the service or by Windows System Properties.

You can try to look at registry fixers, such as CC Cleaner, Spybot S&D, etc.

Definitely use HiJack This, AV, CC Cleaner, S&D,
Definitely run Windows in Safe Mode for a good amount of time while trying to get rid of all of the things that are infected. Like discjockey said.

Another good thing, try killing explorer.exe from the tree and then shut down the computer.


As a last resort, you can do a format and reinstall. But Only as a last resort. It really just comes down to manually finding and removing them yourself.

Do you happen to know what the Virus is called?
I'll get right on it.

Quote:
Originally Posted by deskjockey View Post
turn off system restore, run your virus protection in safe mode.

use: smitfraudfix, combofix and hijackthis

You might have to dive deep into your computer but you can fix everything that has been corrupted

dont let anybody tell you that you have to reformat, thats the lazy way out
Thanks for the advice. I'll go download those now.

Quote:
Originally Posted by stanrc View Post
safe mode is the key. boot into it using f8 i believe then run all your virus scaners and spyware scanners from there. good luck!
I tried that, but even then Kaspersky was unable to get rid of the malware.

Back in a bit guys, thanks for all the help so far.
Edited by voice - 6/20/08 at 10:18am
post #6 of 23
Definietely just had a complete take over of my own computer.

Did a registry restore, then used those four computers, and I was back online in less then twenty minutes.

Though, I am still scanning through every file at the moment, to make sure I got everything.
Gaming
(23 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X6 1090T Crosshair IV Formula GTX 560 GTX 580 
RAMRAMRAMRAM
G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI  G. Skill F3-12800CL6D-4GBPI 
Hard DriveHard DriveHard DriveOptical Drive
Seagate Hard Drive Seagate Hard Drive Crucial M4 SSD Sony Optiarc 
CoolingOSMonitorMonitor
Corsair H70 Windows 7 Professional x64 ASUS VH242H 23" Monitor ASUS VH242H 23" Monitor 
MonitorKeyboardPowerCase
Samsung SyncMaster 906BW 19" Monitor Logitech G15 Corsair 1K PSU Lian-Li 70A 
MouseMouse PadAudio
Logitech Performance MX Razer Vespula HT Omega Pro+ 
  hide details  
Reply
Gaming
(23 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X6 1090T Crosshair IV Formula GTX 560 GTX 580 
RAMRAMRAMRAM
G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI  G. Skill F3-12800CL6D-4GBPI 
Hard DriveHard DriveHard DriveOptical Drive
Seagate Hard Drive Seagate Hard Drive Crucial M4 SSD Sony Optiarc 
CoolingOSMonitorMonitor
Corsair H70 Windows 7 Professional x64 ASUS VH242H 23" Monitor ASUS VH242H 23" Monitor 
MonitorKeyboardPowerCase
Samsung SyncMaster 906BW 19" Monitor Logitech G15 Corsair 1K PSU Lian-Li 70A 
MouseMouse PadAudio
Logitech Performance MX Razer Vespula HT Omega Pro+ 
  hide details  
Reply
post #7 of 23
what happened to you GHO???
    
CPUMotherboardGraphicsRAM
x3210 @ 3360@1.328v after vdroop Asus P5k3 xFx 8800gt Alpha Dog + Galaxy 8800gt gskill DDR3 pc8500 
Hard DriveOSPower
120gb + 1tb xpp Cm 500 mod 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
x3210 @ 3360@1.328v after vdroop Asus P5k3 xFx 8800gt Alpha Dog + Galaxy 8800gt gskill DDR3 pc8500 
Hard DriveOSPower
120gb + 1tb xpp Cm 500 mod 
  hide details  
Reply
post #8 of 23
Not really sure. But it is fixed now.
Gaming
(23 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X6 1090T Crosshair IV Formula GTX 560 GTX 580 
RAMRAMRAMRAM
G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI  G. Skill F3-12800CL6D-4GBPI 
Hard DriveHard DriveHard DriveOptical Drive
Seagate Hard Drive Seagate Hard Drive Crucial M4 SSD Sony Optiarc 
CoolingOSMonitorMonitor
Corsair H70 Windows 7 Professional x64 ASUS VH242H 23" Monitor ASUS VH242H 23" Monitor 
MonitorKeyboardPowerCase
Samsung SyncMaster 906BW 19" Monitor Logitech G15 Corsair 1K PSU Lian-Li 70A 
MouseMouse PadAudio
Logitech Performance MX Razer Vespula HT Omega Pro+ 
  hide details  
Reply
Gaming
(23 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X6 1090T Crosshair IV Formula GTX 560 GTX 580 
RAMRAMRAMRAM
G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI  G. Skill F3-12800CL6D-4GBPI 
Hard DriveHard DriveHard DriveOptical Drive
Seagate Hard Drive Seagate Hard Drive Crucial M4 SSD Sony Optiarc 
CoolingOSMonitorMonitor
Corsair H70 Windows 7 Professional x64 ASUS VH242H 23" Monitor ASUS VH242H 23" Monitor 
MonitorKeyboardPowerCase
Samsung SyncMaster 906BW 19" Monitor Logitech G15 Corsair 1K PSU Lian-Li 70A 
MouseMouse PadAudio
Logitech Performance MX Razer Vespula HT Omega Pro+ 
  hide details  
Reply
post #9 of 23
Thread Starter 
Kaspersky identified the malware as:
Code:
Trojan.Win32.Small.fb
The one embedded in two system restores was identified as:
Code:
Heur.Trojan.Generic
I wouldn't be surprised if the Small.fb trojan implanted itself into those system restores so if i tried to system restore it would still be there.

The trojan is listed here on the viruslist.com:

http://www.viruslist.com/en/viruses/...?virusid=89116


EDIT: Also, i just dl'd all the programs that deskjockey listed, they're now on a usb stick about to be moved to my virus ridden PC, should i be worried at all about the virus copying itself onto the USB drive or anything like that? I know it may sound silly but I'm a bit of a paranoid.
Edited by voice - 6/20/08 at 12:38pm
post #10 of 23
I have done that too, didnt have a problem with the virus "jumping" to my thumb drive


you are in safe mode right?
    
CPUMotherboardGraphicsRAM
x3210 @ 3360@1.328v after vdroop Asus P5k3 xFx 8800gt Alpha Dog + Galaxy 8800gt gskill DDR3 pc8500 
Hard DriveOSPower
120gb + 1tb xpp Cm 500 mod 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
x3210 @ 3360@1.328v after vdroop Asus P5k3 xFx 8800gt Alpha Dog + Galaxy 8800gt gskill DDR3 pc8500 
Hard DriveOSPower
120gb + 1tb xpp Cm 500 mod 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Need help with virii/malware on my PC