Computer taken over by Virus?

[qim]

I am gradually losing the computer. First Avast disappeared and eventually found that it had been disativated. I cannot get cMalawarebytes to open and now not ven any IE page.  I cannot open Java in the ControlPanel.  I can no longer go into safe mode... I tried to do a systen«m restore but can't open the necessary page, etc,

E

What do I do now?

Thanks~

[superhacker]

1.Get dr.web cure it and scan your computer with it
http://www.freedrweb.com/cureit/?lng=en
2.After doing that download mbam and do a full scan after updating it.
http://www.malwarebytes.org/mbam.php
3.Do a hijack hunter log and post it.
http://www.novirusthanks.org/products/hijack-hunter/
Those are the first steps

[Left123]

could we have a picture of your taskmngr?Also msconfig.Click start>run>msconfig>Start

[Omid Farhang]

Hi qim

If you are totally unable access your computer to scan your computer, you will need to a Bootable Antivirus to scan and remove all malwares, Here is manual how to use one: http://www.omidfarhang.com/computer/security/avira-rescuecd (You will need to Burn the disc using a clean computer)

And then return to windows and scan your computer using Hitman Pro:
How to use it: Download Hitman Pro (or Hitman Pro 64 Bit) to your desktop, Hold the Left Ctrl Key on your keyboard and double click on Hitman Pro to run it, keep Ctrl key holding until Hitman Pro screen appear. then click on next and let it scan your computer, let it remove the malwares it find, if it ask you for license active the 30 Days trial version. after removal, restart your computer.

if you have windows installation disc, after reboot your computer, insert the disc in drive, open 'Run' and type 'sfc /scannow' to let windows restore damaged or missing windows files from installation disc.

Now repair avast by going to control panel -> Add/remove programs (Program and Features in Vista/7) -> select avast, click change, in the opened windows scroll down to find repair, select it and follow setup to repair avast.

[qim]

Thank you everybody

Meanwhile, after a good night sleep the computer has regained most of what it had lost, for reasons I cannot understand.  Yesterday, I still managed to run Malawarebytes which did not show any problems, but got an error when I tried to update.  Thjis morning, it updated and ran without problems.  Last night, I managed to run Avast boot scan and again without finding anything. One puzzling fact: yesteday I had trouble opening MyComputer/Proiperties and when I did the tab about SystemRestore was missing; I also could not get to SystemRestore through SystemTools. This morning I accessed both. I still cannot open Java in the ControlPanel. Finally, I ran OTL twice but did not get the Extras.txt. I am attaching the OTL.txt.

[qim]

hello Superhacker

I managed to download Dr Web Cure it.  The first scan found nothing, but the second FULL scan found Dellth.txt in c:\I386\compdata\dellth.txt, infected with modification to IRC.sleeper.

Unfortunately, my problem has returned and at times I am unable to do anything once the system restarts: unresponsice Start, Mycomputer\Properties, Ctrl-Alt-Del, or even the power-down button, forcing me to disconnect by pressing the power button for about 4 seconds.

Right now I am doing a Spybot scan (I am using a different computer to send you this message).  I wonder if something drastic like ComboFix might do the trick.  Can you help, please?

Thank you

qim

[Omid Farhang]

qim, did you read my post?

[Pondus]

Right now I am doing a Spybot scan

SpyBot is usless, the only thing it can remove is tracking cookies....

[qim]

Hi Omid

Yes, I did read your post. Thank you very much.  However, I managed to get the computer going again and I am starting to understand what is going on. I expect that I have some sort of virus that installs itself when the computer restarts.  When it does Comodo Firewall alerts me to a Services.exe that is about to change the registry.  I assumed this was essential to the system so I allowed it and lost virtually all control.  I have just seen EventViwewer and most services were denied access as I restarted.

Last time I told Comodo not to accept the change and the computer now seems to be responding normally.  However, the virus is still there, I think, and would like to get rid of it.

I ran avast boorscan, Malawarebytes, Spybot, Bitdefender and Dr Web. They showed a clean computer except for Dr Web that found IRC.sleeper.

If you can help me get rid of whatever is lurking I would be very grateful.

Regards

qim

[Omid Farhang]

I ran avast boorscan, Malawarebytes, Spybot, Bitdefender and Dr Web. They showed a clean computer except for Dr Web that found IRC.sleeper.

It won't hurt try my manual that I said above

[qim]

Helo Ormid

I had a look at the manual re rescue disks.  I will try and do one.  But my problem now is to sort out the computer.  It is nearlu normal but only nearly.  For instance, I am unable to edit Msconfig/start.  When I try to save nothing happens.  Either I have a virus lurking or the Firewall is blocking something, possible through my own errors.

I need to make sure the computer is clean while I have reasonable access.

Thanks

qim

[Omid Farhang]

qim, I'm not using comodo so I'm not sure if blocking something by Comodo caused that you have not full access over your computer configuration? you may try reset all rules in comodo and start using your computer again (after making sure your computer is clean).

[qim]

Hello Superhacker

Finally, I managed to do the HijackHunter. Log attached.

Thanks

qim

[mikaelrask]

i would suggest you try superantispyware also and see if it comes up with anything. sometimes it detects things malwarbytes don't and vice versa.

http://superantispyware.com/

if you have internet access again of course.

good luck

[superhacker]

Sorry for late i had to study a lot yesterday.
Even the only suspect item in the report is not a malware

Code: [Select]

C:\WINDOWS\system32\ckldrv.sys
So i think you are clean and th your problem caused by comodo firewall which may sandbox essential processes so i suggest:
1.Uninstall comodo"restart"
2.activate windows firewall from control panel
3.after doing that do a dr.web scan.
I think you wont get the problem again.
4.Reinstall comodo firewall and i suggest a more easy one like outpost free firewall.