Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › I believe im infected, need to delete this and NOT reformat
New Posts  All Forums:Forum Nav:

I believe im infected, need to delete this and NOT reformat - Page 4

post #31 of 66
Not all viruses could be easily found by AV's especially rootkits.
I have no other methods to recommend further than what I posted earlier. ComboFix does have a rootkit scanner but yeah..
run it at your own risk..

Edit: Didn't saw your post earlier about the hanging.. The Program usually stops the explorer process then runs it back..

Try manually "End Process"-ing explorer.exe in your task manager. This should leave your screen bare wallpaper if not close all windows.
Then on the task manager > file > new task > browse > go look for combofix and run it. Run explorer.exe in the task manager after.
When I clean for viruses I turn off system restore, but that's just me.
Edited by ConradTP - 4/24/11 at 8:07am
post #32 of 66
Thread Starter 
im going into safemode and going to scan and stuff there.
    
CPUMotherboardGraphicsRAM
Intel ATOM N450 @ 1.66Ghz <unknown> Intel GMA3150 256mb 2GB DDR2-800 
Hard DriveOSMonitorKeyboard
160GB 5,400RPM 2.5" Windows XP Professional SP3 LED (Non-gloss) 1024x600 intergrated 
PowerCaseMouseMouse Pad
6 cell battery Samsung Wireless mouse 3000 / touchpad anything 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel ATOM N450 @ 1.66Ghz <unknown> Intel GMA3150 256mb 2GB DDR2-800 
Hard DriveOSMonitorKeyboard
160GB 5,400RPM 2.5" Windows XP Professional SP3 LED (Non-gloss) 1024x600 intergrated 
PowerCaseMouseMouse Pad
6 cell battery Samsung Wireless mouse 3000 / touchpad anything 
  hide details  
Reply
post #33 of 66
Thread Starter 
nice ESET thinks EVERY file of kal online is a virus XDD this is going to be fun
    
CPUMotherboardGraphicsRAM
Intel ATOM N450 @ 1.66Ghz <unknown> Intel GMA3150 256mb 2GB DDR2-800 
Hard DriveOSMonitorKeyboard
160GB 5,400RPM 2.5" Windows XP Professional SP3 LED (Non-gloss) 1024x600 intergrated 
PowerCaseMouseMouse Pad
6 cell battery Samsung Wireless mouse 3000 / touchpad anything 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel ATOM N450 @ 1.66Ghz <unknown> Intel GMA3150 256mb 2GB DDR2-800 
Hard DriveOSMonitorKeyboard
160GB 5,400RPM 2.5" Windows XP Professional SP3 LED (Non-gloss) 1024x600 intergrated 
PowerCaseMouseMouse Pad
6 cell battery Samsung Wireless mouse 3000 / touchpad anything 
  hide details  
Reply
post #34 of 66
Quote:
Originally Posted by jdcrispe95 View Post
nice ESET thinks EVERY file of kal online is a virus XDD this is going to be fun
Honestly, you might have 100% less headaches if you did just wipe it. ESET does have some false positives at times, but I'd rather have false positives than not picking up the actual infected files.

Anyway, if those programs that have been listed don't take care of the issue for you, it does indeed sound like a rootkit infection. If that was the case, Combofix would be about your only real hope of an easy fix.
Junkyard
(18 items)
 
NAStradamous
(12 items)
 
HTPC01
(16 items)
 
CPUMotherboardGraphicsRAM
Intel i5 2320 @ 3.1GHz MSI B75MA-E33 HIS HD7970 3GB @ 1050 / 1700, 1.17v Patriot 2x4GB DDR3-1066 
Hard DriveHard DriveOptical DriveCooling
Crucial MX100 256GB WD Green 2TB DVDRW Corsair H50 Push / Pull 
CoolingOSMonitorMonitor
NZXT 120mm fans strapped to stock 7970 cooler Windows 10 Pro Dell 3007WFP Dell 2007FP 
MonitorKeyboardPowerCase
Dell 2007FP Cheap Toshiba (R.I.P. Ducky) PC Power & Cooling Silencer MKIII 950w Cheap Garbage (free) 
MouseAudio
Logitech G602 Yardsale Special 
CPUMotherboardGraphicsRAM
Intel Core i5 3330 Asus H61 MSI GTX 750Ti Low Profile 2x4GB Hynix DDR3-1333 
Hard DriveHard DriveOptical DriveCooling
60GB Kingston SSD 1TB Seagate Samsung DVDRW CoolerMaster Gemin II 
OSMonitorKeyboardPower
Windows 8.1 + Steam Big Picture / Plex HT 50" Insignia LED 1080p Logitech Rosewill Green 530w 
CaseMouseAudioOther
Silverstone HTPC Logitech Pioneer 2.0 tower speakers + 135w RMS Rosewill MCE Remote 
  hide details  
Reply
Junkyard
(18 items)
 
NAStradamous
(12 items)
 
HTPC01
(16 items)
 
CPUMotherboardGraphicsRAM
Intel i5 2320 @ 3.1GHz MSI B75MA-E33 HIS HD7970 3GB @ 1050 / 1700, 1.17v Patriot 2x4GB DDR3-1066 
Hard DriveHard DriveOptical DriveCooling
Crucial MX100 256GB WD Green 2TB DVDRW Corsair H50 Push / Pull 
CoolingOSMonitorMonitor
NZXT 120mm fans strapped to stock 7970 cooler Windows 10 Pro Dell 3007WFP Dell 2007FP 
MonitorKeyboardPowerCase
Dell 2007FP Cheap Toshiba (R.I.P. Ducky) PC Power & Cooling Silencer MKIII 950w Cheap Garbage (free) 
MouseAudio
Logitech G602 Yardsale Special 
CPUMotherboardGraphicsRAM
Intel Core i5 3330 Asus H61 MSI GTX 750Ti Low Profile 2x4GB Hynix DDR3-1333 
Hard DriveHard DriveOptical DriveCooling
60GB Kingston SSD 1TB Seagate Samsung DVDRW CoolerMaster Gemin II 
OSMonitorKeyboardPower
Windows 8.1 + Steam Big Picture / Plex HT 50" Insignia LED 1080p Logitech Rosewill Green 530w 
CaseMouseAudioOther
Silverstone HTPC Logitech Pioneer 2.0 tower speakers + 135w RMS Rosewill MCE Remote 
  hide details  
Reply
post #35 of 66
Thread Starter 
Quote:
Originally Posted by pioneerisloud View Post
Honestly, you might have 100% less headaches if you did just wipe it. ESET does have some false positives at times, but I'd rather have false positives than not picking up the actual infected files.

Anyway, if those programs that have been listed don't take care of the issue for you, it does indeed sound like a rootkit infection. If that was the case, Combofix would be about your only real hope of an easy fix.
seriously dude, wiping it would be like being born again, i would lose everything. i have too much stuff to loose (700GB+ of data, not porn or anything like that) i will probably just install every antivirus i can think of if things get that bad.
    
CPUMotherboardGraphicsRAM
Intel ATOM N450 @ 1.66Ghz <unknown> Intel GMA3150 256mb 2GB DDR2-800 
Hard DriveOSMonitorKeyboard
160GB 5,400RPM 2.5" Windows XP Professional SP3 LED (Non-gloss) 1024x600 intergrated 
PowerCaseMouseMouse Pad
6 cell battery Samsung Wireless mouse 3000 / touchpad anything 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel ATOM N450 @ 1.66Ghz <unknown> Intel GMA3150 256mb 2GB DDR2-800 
Hard DriveOSMonitorKeyboard
160GB 5,400RPM 2.5" Windows XP Professional SP3 LED (Non-gloss) 1024x600 intergrated 
PowerCaseMouseMouse Pad
6 cell battery Samsung Wireless mouse 3000 / touchpad anything 
  hide details  
Reply
post #36 of 66
Run combofix and then share the TXT file after the run so we can peruse it for info (Problems),

If you dont mind.
RIG 1
(16 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX 8350 ASUS CH-V 990FX EVGA GTX 980 G-SKILL F3-14900 SNIPER 
Hard DriveHard DriveOptical DriveCooling
Samsung 840 Pro WD Black² PIONEER BDR-205 XSPC Raystorm 
OSMonitorKeyboardPower
WIN 8.1 MCE Nec 463 MX5500 DARK POWER PRO 1200 - P10 
CaseMouseMouse PadAudio
CoolerMaster Cosmos II REVO DIRTY ASUS HDAV 1.3 Deluxe 
  hide details  
Reply
RIG 1
(16 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX 8350 ASUS CH-V 990FX EVGA GTX 980 G-SKILL F3-14900 SNIPER 
Hard DriveHard DriveOptical DriveCooling
Samsung 840 Pro WD Black² PIONEER BDR-205 XSPC Raystorm 
OSMonitorKeyboardPower
WIN 8.1 MCE Nec 463 MX5500 DARK POWER PRO 1200 - P10 
CaseMouseMouse PadAudio
CoolerMaster Cosmos II REVO DIRTY ASUS HDAV 1.3 Deluxe 
  hide details  
Reply
post #37 of 66
also you can go and download TDSSKiller which will scan for rootkits as well. Personally I would just use MSE and Malwarebytes as well as ComboFix. TDSSKiller might be a little easier to use first.

edit: If you download Autoruns and run it it will show you a more complete list of things loading at startup than msconfig will
Edited by selectstriker2 - 4/24/11 at 8:23am
ShadowForge
(12 items)
 
Defiant
(14 items)
 
CarbonCat
(13 items)
 
CPUMotherboardGraphicsRAM
Phenom II x6 1405T (unlocked Athlon II X4 640T) ASUS M5A99X EVO AM3+ Asus ENGTX470/2DI/1280MD5/V2 16 GB (4x4GB) G.Skill DDR3 1600 CAS9 1.35v 
Hard DriveHard DriveOptical DriveCooling
WD Caviar Blue 250 2.5" Laptop Drive WD Caviar Black 1TB 3.5" Pioneer BDR-203 BluRay Burner Corsair H60 push 
OSOSMonitorPower
Windows 7 Pro x64 Ubuntu 11.10 Samsung 40" 60hz  ANTEC NEO ECO 520W 
CaseMouse
NZXT Gamma Microsoft Bluetooth Notebook Mouse 5000 
CPUMotherboardGraphicsRAM
i7 - 2600k [5.0 1.42v] ASUS P8Z68 Deluxe Sapphire HD6950 2gb Dirt 3 Edition 8GB G.Skill DDR3 2133 CAS11 
Hard DriveOSMonitorKeyboard
60GB G.Skill Sniper + 2x1TB Spinpoint F3 Raid0 Win 7 Pro x64 ASUS VW266H Razer Blackwidow 
PowerCaseMouse
Seasonic X750 Gold Corsair Carbide 500R White G9 
  hide details  
Reply
ShadowForge
(12 items)
 
Defiant
(14 items)
 
CarbonCat
(13 items)
 
CPUMotherboardGraphicsRAM
Phenom II x6 1405T (unlocked Athlon II X4 640T) ASUS M5A99X EVO AM3+ Asus ENGTX470/2DI/1280MD5/V2 16 GB (4x4GB) G.Skill DDR3 1600 CAS9 1.35v 
Hard DriveHard DriveOptical DriveCooling
WD Caviar Blue 250 2.5" Laptop Drive WD Caviar Black 1TB 3.5" Pioneer BDR-203 BluRay Burner Corsair H60 push 
OSOSMonitorPower
Windows 7 Pro x64 Ubuntu 11.10 Samsung 40" 60hz  ANTEC NEO ECO 520W 
CaseMouse
NZXT Gamma Microsoft Bluetooth Notebook Mouse 5000 
CPUMotherboardGraphicsRAM
i7 - 2600k [5.0 1.42v] ASUS P8Z68 Deluxe Sapphire HD6950 2gb Dirt 3 Edition 8GB G.Skill DDR3 2133 CAS11 
Hard DriveOSMonitorKeyboard
60GB G.Skill Sniper + 2x1TB Spinpoint F3 Raid0 Win 7 Pro x64 ASUS VW266H Razer Blackwidow 
PowerCaseMouse
Seasonic X750 Gold Corsair Carbide 500R White G9 
  hide details  
Reply
post #38 of 66
well tbh it sounds like you've tried everything, why not re install windows, it'll give you the option of saving everything on a windows.old folder saved in the C drive, I did this last night, might be a hassle but at least everything is saved, you just have to reinstall the programs you had previously. If all the suggestions don't help, you might want to think about reinstalling, as it may be your only hope, and as I said before, your data will be saved in the folder mentioned above so a simple drag and drop is all that's needed to put the files where you wish.
Ivy-E Defined
(17 items)
 
  
CPUMotherboardGraphicsRAM
4930K @ 4.5ghz w/ 1.336v RAMPAGE IV FORMULA GTX 980 Jetstream  G.Skill Ripjaws 16GB 1600mhz 
Hard DriveCoolingOSMonitor
120GB Samsung 840 EVO + 6TB (Storage) Corsair H80i w/ 2 x SP120 Windows 7 Ultimate 64-Bit Asus VG278HE  
KeyboardPowerCaseMouse
Ducky Shine 3 - Brown Cherry MX Switch - Green LED Corsair AX860  Fractal Design Define R4 Black Pearl w/ Window  Razer DeathAdder 2013 
Mouse PadAudioAudioAudio
Overclockers Medium Mouse Mat KRK ROKITS Fiio E10K  Audio Technica ATH-M50 
  hide details  
Reply
Ivy-E Defined
(17 items)
 
  
CPUMotherboardGraphicsRAM
4930K @ 4.5ghz w/ 1.336v RAMPAGE IV FORMULA GTX 980 Jetstream  G.Skill Ripjaws 16GB 1600mhz 
Hard DriveCoolingOSMonitor
120GB Samsung 840 EVO + 6TB (Storage) Corsair H80i w/ 2 x SP120 Windows 7 Ultimate 64-Bit Asus VG278HE  
KeyboardPowerCaseMouse
Ducky Shine 3 - Brown Cherry MX Switch - Green LED Corsair AX860  Fractal Design Define R4 Black Pearl w/ Window  Razer DeathAdder 2013 
Mouse PadAudioAudioAudio
Overclockers Medium Mouse Mat KRK ROKITS Fiio E10K  Audio Technica ATH-M50 
  hide details  
Reply
post #39 of 66
Thread Starter 
Quote:
Originally Posted by macca_dj View Post
Run combofix and then share the TXT file after the run so we can peruse it for info (Problems),

If you dont mind.
will do.

Quote:
Originally Posted by selectstriker2 View Post
also you can go and download TDSSKiller which will scan for rootkits as well. Personally I would just use MSE and Malwarebytes as well as ComboFix. TDSSKiller might be a little easier to use first.

edit: If you download Autoruns and run it it will show you a more complete list of things loading at startup than msconfig will
okay ill try TDSSkiller

Quote:
Originally Posted by trojan92 View Post
well tbh it sounds like you've tried everything, why not re install windows, it'll give you the option of saving everything on a windows.old folder saved in the C drive, I did this last night, might be a hassle but at least everything is saved, you just have to reinstall the programs you had previously. If all the suggestions don't help, you might want to think about reinstalling, as it may be your only hope, and as I said before, your data will be saved in the folder mentioned above so a simple drag and drop is all that's needed to put the files where you wish.
Reformatting the windows is out of the question, if I back everything up i will just be backing up the virus too.
    
CPUMotherboardGraphicsRAM
Intel ATOM N450 @ 1.66Ghz <unknown> Intel GMA3150 256mb 2GB DDR2-800 
Hard DriveOSMonitorKeyboard
160GB 5,400RPM 2.5" Windows XP Professional SP3 LED (Non-gloss) 1024x600 intergrated 
PowerCaseMouseMouse Pad
6 cell battery Samsung Wireless mouse 3000 / touchpad anything 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel ATOM N450 @ 1.66Ghz <unknown> Intel GMA3150 256mb 2GB DDR2-800 
Hard DriveOSMonitorKeyboard
160GB 5,400RPM 2.5" Windows XP Professional SP3 LED (Non-gloss) 1024x600 intergrated 
PowerCaseMouseMouse Pad
6 cell battery Samsung Wireless mouse 3000 / touchpad anything 
  hide details  
Reply
post #40 of 66
Quote:
Originally Posted by jdcrispe95 View Post
seriously dude, wiping it would be like being born again, i would lose everything. i have too much stuff to loose (700GB+ of data, not porn or anything like that) i will probably just install every antivirus i can think of if things get that bad.
This is EXACTLY why any important data should always be backed up externally, and only when you know the machine isn't compromised.

I've got 200GB free on my 2TB RAID1 on my i5 rig. And I know that I will NEVER lose it. My i5 rig doesn't even work right now, so I'm running off the backup.

Seriously, this is exactly why I always say this:
The data doesn't exist unless it exists in 3 places at once.
Junkyard
(18 items)
 
NAStradamous
(12 items)
 
HTPC01
(16 items)
 
CPUMotherboardGraphicsRAM
Intel i5 2320 @ 3.1GHz MSI B75MA-E33 HIS HD7970 3GB @ 1050 / 1700, 1.17v Patriot 2x4GB DDR3-1066 
Hard DriveHard DriveOptical DriveCooling
Crucial MX100 256GB WD Green 2TB DVDRW Corsair H50 Push / Pull 
CoolingOSMonitorMonitor
NZXT 120mm fans strapped to stock 7970 cooler Windows 10 Pro Dell 3007WFP Dell 2007FP 
MonitorKeyboardPowerCase
Dell 2007FP Cheap Toshiba (R.I.P. Ducky) PC Power & Cooling Silencer MKIII 950w Cheap Garbage (free) 
MouseAudio
Logitech G602 Yardsale Special 
CPUMotherboardGraphicsRAM
Intel Core i5 3330 Asus H61 MSI GTX 750Ti Low Profile 2x4GB Hynix DDR3-1333 
Hard DriveHard DriveOptical DriveCooling
60GB Kingston SSD 1TB Seagate Samsung DVDRW CoolerMaster Gemin II 
OSMonitorKeyboardPower
Windows 8.1 + Steam Big Picture / Plex HT 50" Insignia LED 1080p Logitech Rosewill Green 530w 
CaseMouseAudioOther
Silverstone HTPC Logitech Pioneer 2.0 tower speakers + 135w RMS Rosewill MCE Remote 
  hide details  
Reply
Junkyard
(18 items)
 
NAStradamous
(12 items)
 
HTPC01
(16 items)
 
CPUMotherboardGraphicsRAM
Intel i5 2320 @ 3.1GHz MSI B75MA-E33 HIS HD7970 3GB @ 1050 / 1700, 1.17v Patriot 2x4GB DDR3-1066 
Hard DriveHard DriveOptical DriveCooling
Crucial MX100 256GB WD Green 2TB DVDRW Corsair H50 Push / Pull 
CoolingOSMonitorMonitor
NZXT 120mm fans strapped to stock 7970 cooler Windows 10 Pro Dell 3007WFP Dell 2007FP 
MonitorKeyboardPowerCase
Dell 2007FP Cheap Toshiba (R.I.P. Ducky) PC Power & Cooling Silencer MKIII 950w Cheap Garbage (free) 
MouseAudio
Logitech G602 Yardsale Special 
CPUMotherboardGraphicsRAM
Intel Core i5 3330 Asus H61 MSI GTX 750Ti Low Profile 2x4GB Hynix DDR3-1333 
Hard DriveHard DriveOptical DriveCooling
60GB Kingston SSD 1TB Seagate Samsung DVDRW CoolerMaster Gemin II 
OSMonitorKeyboardPower
Windows 8.1 + Steam Big Picture / Plex HT 50" Insignia LED 1080p Logitech Rosewill Green 530w 
CaseMouseAudioOther
Silverstone HTPC Logitech Pioneer 2.0 tower speakers + 135w RMS Rosewill MCE Remote 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Windows
Overclock.net › Forums › Software, Programming and Coding › Operating Systems › Windows › I believe im infected, need to delete this and NOT reformat