One Nasty Virus/Trojan - Kills all virus scanners

[Lynn210]

Its booting up slowly but surely (I hope)

The name of that first line went back to Windows Media Center by the way..

The resolution of the WIndows logo is much smaller than usual and it is just sitting there .. says please wait............................................



Got an hour glass but it does not seem to be doing anything..
no noise...

I removed the Install CD because the boot sequence is to disk drive first.. so
I thought I should.. was I wrong?

[edifyguy]

It's smaller than usual because it's doing its pre-first-run checklist. Always happens that way.

I'd give it a few minutes, but if it still doesn't start, just kill the power and try again. It's not supposed to stop there, but it's not unusual for repair installations to get stuck there.

EDIT: It no longer needs the CD.

[edifyguy]

This forum seems to be the most-viewed forum on here in half of forever! I guess people think this is mighty interesting! 

I'm going to be on my SmartPhone shortly, but I'll check in on you as I can.

[Tarq57]

It's like waiting for your local regional sports team to win the series.

[Omega40]

It's like waiting for your local regional sports team to win the series.

Absolutely on that. ;-)

[Lynn210]

I'm glad everyone is having a good time!! 

Its booting up .. looks like it always did... so far

OOOOPS there's all my icons.. wowwy!

and they are all in the same place they are supposed to be..

Still loading... anyone want to place some bets???

[Zyndstoff (aka Steven Gail)]

Go, Cowboys, Go !

[edifyguy]

I'm glad everyone is having a good time!! 

Its booting up .. looks like it always did... so far

OOOOPS there's all my icons.. wowwy!

and they are all in the same place they are supposed to be..

Still loading... anyone want to place some bets???

As they should be. It shouldn't look different.

Once it gets reasonably booted up, see if ComboFix will run now. It should. We definitely want it's behavior-based analysis.

[Lynn210]

warning... that darn microsoft NET .. never co-operates

error messages
1.
.NET Framework Initialization Error
Red CIrcle with white x  C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll could not be located

2.
Red CIrcle with white x    wscsvc32

3.
RUNDLL
Error loading C:\WINDOWS\system32\calc.dll
The specified module could not be found

4.
 RUNDLL
Error loading  C:\DOCUMENTS~~1\Lynn\ntuser.dll
The specified module could not be found

5.
Red CIrcle with white x   The requested lookup key was not found in any active activation context.

6.
services.exe - Application Error
Red CIrcle with white x   The instruction at "0x7792fdf1" referenced memory at "0x00000000". The memory could not be "written".
Click on OK to terminate the program
CLick on CANCEL to debug the program

7.
Security Warning
Red CIrcle with white x  
Application cannot be executed. The file wmiadap.exe is infected.
Do you want to activate your antivirus software now?

Woops.. could not get the rest of them .. Windows shut down the computer
due extreme hazard

Avast found a Root Kit virus

alot of these warnings were happening all the while the compter was infected before I tried the repair... so I guess we still have work to do...

It is rebooting now..

[edifyguy]

Try rebooting it in safe mode (F8 during initial startup)

Some of those errors were due to things we knew were malicious and removed.

Once it comes back up, update Avast and schedule a boot-time scan, if it will.

If it won't, since Avast is detecting the stuff, we'll use Avast for Linux!

How much RAM do you have in that box?

[Lynn210]

Had to shut down Avast but it looks like combofix may run.. it is updating.

win32 error keeps popping up

combofix is backing up registry (whats left of it)

Combofix is scanning.....

Now if the computer doesn't shut itself down we may get somewhere.
----------------

2 Gigs of Ram Dual Core

[Lynn210]

Combo fix completed stage 1
and now stage 2 is done
and now stage 3 is done

and we are heading for the finish line...

I hope

[YoKenny]

Maybe this topic could go down with another epic tail:
War and Peace
http://en.wikipedia.org/wiki/War_and_Peace

[edifyguy]

Good good good. Sounds like we've broken it's back......now it's just a matter of putting it down completely.

I wondered about RAM because I was curious if you'd have to make a savefile for Puppy to run Avast for Linux. Doesn't sound that way. 

With a bit of luck, ComboFix will finish what we've started, and then Avast can do final cleanup with a boot-time scan.

[BRANDONN2008]

Edifyguy, could you give us a link of your linux w/ avast!. I'd love to have a copy for the future after following this thread.