PUP.Bundle.Installer.OI

[teejy]

Windows XP 32 bit sp3
On Friday the 13th,
Windows update asked to load 7 of 7 updates.
It loaded 21 updates instead of 7.
Immediately after, internet started acting funny, keyboard stopped working, no mouse, flickering screen, crazy spinning hard disk drive
I ran MBAM and it deleted 2 instances of Trojan PUP.Bundle.Installer.OI

Since that time:
I cannot use system restore.
Antivirus folder is in Program Files but is empty.
Some programs open but act like they are opening for first time and no history
Dropbox icon and links are gone, but folder still intact
Cannot establish an internet connection. says it can't find a valid tcp/ip address

I have run MBAM several times since and all clean.
Using flash drive I ran FRST, Rkill and ComboFix.
Also ran DDS. I have all logs ready to post if needed
Any advice on how to get system back to working normally?
Thanks.

[AdvancedSetup]

Hello and

 

Please post all the mentioned logs you've run so that we can see what you've done.

 

Thanks

[teejy]

See attached files.

thank you.

dds.txt

attach.txt

Rkill.txt

[teejy]

Here is combofix log and FRST attachments

...tj

log.txt

FRST.txt

Addition.txt

[AdvancedSetup]

Where is your antivirus?  The logs show that the computer was running AVG at one time and BitDefender as well at one time but now neither one appear to be installed or at least functional on the system.

 

Please install an antivirus and update it and do a Full System scan and send me back it's log please.   Then we'll look at fixing up the left over damage.

 

You can install Microsoft Security Essentials for now if you like as it's free and lightweight - then when we're done we can look at installing a better antivirus product.

[teejy]

I had the same question about Antivirus.

The AVG must have been accidentally loaded with one of those sneaky Adobe updates. To my knowledge it was never activated.

Bitdefender is / was my antivirus and was working prior to virus attack. Virus appears to have deleted program folder contents entirely.

I cannot establish an internet connection and am able to access this forum from another computer though from the same internet portal.

With infected computer, currently only has flash drive to download from internet.

 

Booting from Windows CD causes consistently Blue Screen o' Death

 

Currently trying to re-upload Bitdefender from flash drive.

Bitdefender scans takes several hours (7-10). Please bear with me.

..tj

[AdvancedSetup]

Okay, please do the following.  Copy the files over via CD or USB stick if needed.
 
 
STEP 01

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1
Link 2

• On Windows XP double-click on the Rkill desktop icon to run the tool.
• On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• If the tool does not run from any of the links provided, please let me know.
• Do not reboot the computer, you will need to run the application again.

 

STEP 02

Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

• RogueKiller 32-bit | RogueKiller 64-bit
• Quit all running programs.
• For Windows XP, double-click to start.
• For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
• Read and accept the EULA (End User Licene Agreement)
• Click Scan to scan the system.
• When the scan completes Close the program > Don't Fix anything!
• Don't run any other options, they're not all bad!!
• Post back the report which should be located on your desktop.

 

STEP 03

Please download Malwarebytes Anti-Rootkit from HERE
If needed there is a self help tutorial here: MBAR tutorial

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

[teejy]

Thanks for help.

It constantly cycles to blue screen of death when trying to open windows.

Installation disk also crashes.

Safe-mode does not work either.

I am ready to wipe it.

....tj

[AdvancedSetup]

Well if it's giving a BSOD on Safe Boot as well then it may have a hard disk issue.  Does the computer have a built-in hardware test utility to test the hard drive?

[teejy]

Not to my knowledge.

I ran chkdsk several times before bsod started up and said everything was fine, but it seems to get progressively worse with every reboot.

I am going to take it to a friend with more resources and do some bench testing.

Sorry to have taken up your time.

..tj

[AdvancedSetup]

No problem.  I'll go ahead then and close your topic but if you or your friend do need further assistance please post back and let us know.

 

Take care and good luck.

 

 

[AdvancedSetup]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.