Jump to content

Infected with an unknown bug


Recommended Posts

I've been at this for 2 weeks now.  What was (supposedly originally identified as win32/virut) has become a mystery bug, despite a reformat and reinstall of Windows 7 Ultimate x64.

 

The behavior of my computer goes as the following: At random times, my free RAM drops to near zero.  Checking Resource Monitor reveals random system files systematically scouring the computer, accessing all known executables for unknown reasons.

 

If I forcibly end task the offending program, the computer will be quiet for 5-30 minutes before another program will suddenly fire up and start scanning the computer.

 

Typically the offending programs are: iexplore.exe; daemonu.exe; svchost.exe; dllhost.exe; acrobat_sl.exe; mbamschedular.exe

 

I'm literally at a loss.  I'm extremely proficient at computers, and the last time I had something this severe was 14 years ago, (win95.cih)

 

I can't kill it, and I'm almost prepared to zero-write the hard drives.

mbam-log-2013-07-25 (06-40-49).txt

Attach.txt

DDS.txt

comsurrogate.txt

ComboFix.txt

Link to post
Share on other sites

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Please upload c:\windows\SysWOW64\dllhost.exe and c:\windows\SysWOW64\msiexec.exe here:

 

 

http://www.bleepingcomputer.com/submit-malware.php?channel=156

Link to post
Share on other sites

I have very bad news for you.

 

You are infected with a variant of Expiro, a polymorphic file infector that infects .exe files. It has now own files but injects its code into the files to be launched.

 

Best you can do is the following:

 

-Backup your files to CD/DVD (don´t backup .exe files as they would infect the new machine immediately.

 Note: You have to backup to CD/DVD as the virus would spread via usb devices.

-Format the infected disk (full format, not the quick version) completely and

-Reinstall Windows.

 

I´m sorry that I can´t provide better news.

 

 

How to protect yourself
 

  • System Updates
    Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
    Windows XP | Windows Vista |
    Windows 7 | windows 8
  • Protection
    What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
    Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
  • Up to date Software
    Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:
  • Backups
    There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice.
  • Brains
    It's no joke! You really need one of those things. :) It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.