Author Topic: 4 days into the virus- really need some help!  (Read 13202 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 4 days into the virus- really need some help!
« Reply #30 on: September 25, 2013, 09:37:01 PM »
That is correct....

Right lets try a clean boot and see if OTL will then run

Next we will check for driver conflicts

Step 1: Start MSConfig

Click Start, type msconfig in the Start Search box, and then press ENTER.
If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation.

Step 2: Configure Selective Startup options

1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.



2.Click to clear the Load Startup Items check box.
Note The Use Original Boot.ini check box is unavailable.

3.Click the Services tab.



4.Click to select the Hide All Microsoft Services check box.
5.Click Disable All, and then click OK.
6. When you are prompted, click Restart.

Once back in windows then try OTL once more

Zionstrat

  • Guest
Re: 4 days into the virus- really need some help!
« Reply #31 on: September 25, 2013, 10:12:03 PM »
Sorry, I forgot to tell you that I already did this earlier today- so everything we have done so far is with the following settings:

Nothing is currently selected in selective start up
And nothing is selected in services (including microsoft)

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 4 days into the virus- really need some help!
« Reply #32 on: September 25, 2013, 10:17:37 PM »
Can you enter safe mode ? 

If so could you try OTL from there please.  No script initially just a quick scan with all users selected

Zionstrat

  • Guest
Re: 4 days into the virus- really need some help!
« Reply #33 on: September 25, 2013, 10:59:08 PM »
I'm running now in safe, but OTL got hung up again pattern searching in the winsxs folder- As before it hangs on a file until the computer reads from cd, and then the search continues for a short while before the crash. It actually made it all the way to complete this last time, but it apparently had frozen the ability to write a report because there are no reports on the desktop when I reboot-

It is also apparently aware of OTL specifically because it hides the file in safe mode- it no longer appears on the desktop or in file view, so I copied it into a folder and then copied it out of the folder once I was in safe mode- but the file is still there- when I copied a file a second time it told me that it would make a (2) file as at some level, the system obviously knew that the file is still there, but I cant see it to run it.

It has only let me do that trick once, now it is locking down when I come in as that user- I seem to have fooled it by coming in as another user (running that scan right now), but then it did the slow down when it hits a file it doesn't like' and then crashed.


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 4 days into the virus- really need some help!
« Reply #34 on: September 25, 2013, 11:01:09 PM »
Do you have the full path of the file that it is crashing on ?

Download the GMER Rootkit Scanner. to your Desktop, it will be a randomly named .exe file .
 
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
 
Double-click the file you downloaded. The program will begin to run.
 

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!
 
If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt
  • Save it where you can easily find it, such as your desktop.
Attach the contents of GMER.txt in your next reply.

Zionstrat

  • Guest
Re: 4 days into the virus- really need some help!
« Reply #35 on: September 26, 2013, 12:01:56 AM »
Good news-
1. I think we have a log from GMER- It crashed soon afterwords, but I hope we have something in the attached file-

As far as files that crashed-
2. Combo crashed as soon as it reached:

system file is infected!! attempting to restore c:windows\syswow64\cftmon.exe

I ran the following and I dont know of you saw it-

SystemLook 30.07.11 by jpshortstuff
Log created at 15:07 on 25/09/2013 by MXS Asus
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "cftmon.exe"
No files found.
 
3.
OTL seemed to crash during pattern matching per the following-

pattern search looking at file c\windows\winsxs\amd64_microsoft-windows-wow64.resources_31bf3856ad364e35_!

Zionstrat

  • Guest
Re: 4 days into the virus- really need some help!
« Reply #36 on: September 26, 2013, 03:22:28 AM »
Thanks for all input thus far and hope we can revisit tomorrow-
Cheers,
ZS

Zionstrat

  • Guest
Re: 4 days into the virus- really need some help!
« Reply #37 on: September 26, 2013, 02:22:19 PM »
Hello all-

I wanted to touch bases to see if that last report was of any use, or is it time for me to take the PC into the shop?

Thanks!
ZS

Zionstrat

  • Guest
Re: 4 days into the virus- really need some help!
« Reply #38 on: September 26, 2013, 03:01:59 PM »
 I hate to say, I think it is over-

Computer now goes straight to bios and doesn't run when I leave the screen-

End of game, right?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 4 days into the virus- really need some help!
« Reply #39 on: September 26, 2013, 03:26:48 PM »
Ah you replied after I had gone for the night

Looking at the full path now for that file, it is almost legitimate apart from the ! at the end. This  would mark it as malware.  Now if I tried to move it none of my tools would function.  I would recommend a reformat and re-install with this.  Do you have the windows CD ?

Zionstrat

  • Guest
Re: 4 days into the virus- really need some help!
« Reply #40 on: September 26, 2013, 03:49:28 PM »
Thanks Essexboy-
The Asus didnt come with disks, but it had me make a whole bunch of DVDs that I assume are the reinstal- The problem is I littlerally have a year of configuration invested in the machine (It's why I did restore ppoints all the time) because it's a digital audio worksation and the every app needs lots of tweeks to work correctly-

Have one other apprach with a Karpasky rescue disc-

So if I have to start all over, here's the big question- I am almost certain that this is the same virus that killed my last PC- Exact same symptoms, the closer you get the more it shuts down, I don't go to questionable sites, etc...

I was running AVG on that computer and had switched to Avast on this computer, so clearly they cant handle this particular virus and assuming I brought it over to the new system when I reloaded the files.

So what do I do? When I rebuild this computer, I have all my files on my network drive, but the last thing I want to do is to copy them back and start the process all over. Is there a super powerful system or process that I can use to scan those files on my network drive?

 I am a musician not a software guy, so I'm over my head most of the time and am scared to death of another rebuild-

Thanks again for the help and I hope this might help someone else in the future-
ZS

Zionstrat

  • Guest
Re: 4 days into the virus- really need some help!
« Reply #41 on: September 26, 2013, 04:11:58 PM »
also, just realized that  my other computer must be infected as well as they share a network drive and I move files back and forth- Good news is it is still running ok, and we have learned that this virus is smart enough to shut the system down when we start looking for it-

Ideas on how to go after it before i hook all of this back together?

Thanks!
M

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3645
Re: 4 days into the virus- really need some help!
« Reply #42 on: September 26, 2013, 04:18:48 PM »
You can give that a try, maybe you can copy your files from the disk.

Download and Manual to run it from a USB Drive:

http://support.kaspersky.com/8092
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: 4 days into the virus- really need some help!
« Reply #43 on: September 26, 2013, 07:44:18 PM »
At this stage no, it was a bit difficult to determine from the other thread

Zionstrat

  • Guest
Re: 4 days into the virus- really need some help!
« Reply #44 on: September 26, 2013, 08:32:32 PM »
Yep, on the other thread Kaspersky is the first thing that is keeping the computer from crashing, however, the infected drive is apparently hiding itself so that it cant be scanned:(

Anyway, thanks so much for your time!
ZS