|
|
#1
24th Aug 2009, 14:09
|
|||
|
|||
|
I'm running a Gateway desktop and recently my computer began acting strangely. Any time I try to run a program or executable, it asks me to select with program to open that type of file with (as if it doesn't associate a program with the extension .exe). Also, only an extremely small number of programs are actively running on startup, with none of the programs I installed (Puresight PC, Malwarebyte's, and Skype being examples) starting up even though they used to. Anyways, I tried to use antivirus programs to scan and detect if there was malicious software, and there was, so I removed it. However, the software seems to remain after a restart.
After several restarts, I managed to run Superantispyware with the recommended settings, but it found nothing. MBAM did find some and so I tried to remove them, but when I reboot there was no screen pre-boot where MBAM actually removed the items, instead windows just booted normally. Now, a bunch of the executables from programs I've installed have disappeared. For example, there is no chrome.exe in the chrome directory. I even tried to use a recovery disc to reformat and reinstall windows, however, instead of booting from my disc drive, the computer still boots from my hard drive. I even disabled booting the hard drive altogether though the bios, at which point I received a "no bootable media found, please insert a boot disc and press any key." prompt, even when the recovery disc is inside my disc drive. When I boot to windows from my hard drive and tried to access the device manager through the control panel to see if I could reinstall the drivers, I receive an error that "rundll32.exe" could not be found, which I'm assuming is caused by the same thing that causes the "please select which program to open this type of file" error. Here are my logs (No SAS since it found nothing on its first run and I can't run it any more...) Malwarebytes' Anti-Malware 1.40 Database version: 2686 Windows 5.1.2600 Service Pack 3 8/24/2009 2:52:24 PM mbam-log-2009-08-24 (14-52-24).txt Scan type: Quick Scan Objects scanned: 124131 Time elapsed: 26 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 3 Folders Infected: 1 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CLASSES_ROOT\.bat\(default) (Hijacked.BatFile) -> Bad: (csfile) Good: (batfile) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\.com\(default) (Hijacked.ComFile) -> Bad: (csfile) Good: (comfile) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (csfile) Good: (exefile) -> Quarantined and deleted successfully. Folders Infected: C:\Documents and Settings\All Users\Application Data\10987504 (Rogue.Multiple) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\All Users\Application Data\10987504\10987504 (Rogue.Multiple) -> Quarantined and deleted successfully. HJT Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:58:32 PM, on 8/24/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AskBarDis\bar\bin\AskService.exe C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\zHotkey.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Lexmark 3300 Series\lxccmon.exe C:\Program Files\OCZ Technology\Mouse\Amoumain.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\cfgmng32.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\WINDOWS\system32\lxcccoms.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\juice.exe |
|
#2
24th Aug 2009, 16:49
|
|||
|
|||
|
UPDATE: I just borrowed a DVD drive from a friend and tried out my recovery disk. Turns out both of my drives for whatever reason just wouldn't boot. I'm reinstalling windows as I type, so I won't be needing any assistance getting rid of whatever I had.
Still, thanks for looking. This web site is a wonderful resource and it's not the last time I'll be visiting it. |
|
#3
25th Aug 2009, 10:50
|
|||
|
|||
|
Thanks for letting us know... Sometimes a reformat is the best and esaiest way to take care of a bad virus issue.
For the future. I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself safe On The Web for tips and free tools to keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.
__________________
 |
