Jump to content

Malware or (and) virus infections.


Dei
 Share

Recommended Posts

Hello there.

First I would like to thank you for reading my post and I would greatly appreciate it if somebody is able to help me out.

I did try to find a solution on my own as best as I could but I wasnt able to get my system back to normal.

I will start off with my system description:

It is an IBM ThinkPad T41 laptop running windows xp sp3 with the critical updates installed. My main browser is Opera 10.51. My antivirus system is Nod 32, which I chose mostly because it is light and my computer is pretty old and slow now. I have the windows firewall turned on 98% of the time, and I believe I had it turned off during the time of the infection.

The software I run in background mode is the IBM software for Battery managment/MB/Touchpad/Track Point; Windows live messenger and Ati tray tools for overclocking the GPU.

I have always been careful with what programs I run on my computer and this appears to be the first time lalware gets me frustrated.

I am uploading a .txt file with a list of the software installed on my computer.

Problem description:

A few days ago I noticed IE opening itself and displaying commercial pages. Because it was not spamming me I thought that I had clicked the Windows live banner by accident. However I kept getting pages opened and then is when I saw weird processes in the task manager -

Bjowaa.exe

Bq0.exe

and

msnmengers.exe

They also had added themselves to the start up programs list in the system configuration utility.

Initial (unsuccessful) actions taken:

-My first reaction was to kill the processes in the task manager and remove them from the start up list. However the
Bjowaa.exe
starts again after a while and it kept opening pages roughly ever 30 minutes.

-I scanned the whole computer and the specific files with my updated nod32 but it found no problems.

-I ran Spybot S&D and it found something which it said was taken care of, however the problem was not in the files I listed above.

-I tried to google
Bjowaa.exe
but found nothing at all.

Today I tried to create a Hijack This report but I was not able to do it. I had a blue screen during the HJT installation, after the restart I was able to install HJT however I got a blue screen again when I tried to run it. After the restart I was able to run HJT but when I try to scan, it starts the scan process and very soon after this I get the blue screen again.

I tried multiple times without any success.

I also tried to start windows in a safe mode, however this was resulting in a blue screen.

The normal mode still works without getting me a blue screen.

Then google brought me to your site and I tried to follow the general guide i saw - I'm infected - What do I do now?, Please follow these instructions to clean your system

However i could not even get MBAM from the link provided so I googled for a download from a different place. When I had MBAM downloaded I experienced the same kind of troubles as I did with HJT. I was never able to run a MBAM scan.

I was able to download DeFogger and disable the CD Emulation drivers.

However I was not able to access any of the three links to download DDS, I was also unable to get the GMER Rootkit Scanner from the link provided.

Because I couldnt access the download link for MBAM I have a feeling that something is preventing me from doing that. I also remember that I got HJT from a mirror and not from the official site because it wouldnt load up.

Because I couldnt make a HJT report I made a real quick screen shot of the processes shown in the task manager and I am posting it here -

29034057.jpg

I hope I provided enough information, if I remember something I will try to edit this post, and if you need any further information, please let me know, I will be checking this forum every one hour.

Again, Thank you for your help, I will greatly appreciate it if someone is able to help.

-Best regards, Dei

software_list.txt

Link to post
Share on other sites

I apologize for dual posting but I wasnt able to edit my previous post.

Update 2: I managed to download GMER Rootkit Scanner from an alternative source (as their main page wouldnt load), however it behaves in the exact same way as Hijack this and MBAM - When it starts scanning it gets closed within 1-2 seconds or I get a bluescreen.

Link to post
Share on other sites

Another update:

I reinstalled nod32 and i was updated it with the newest virus definitions (from today 15th april) and I was actually able to perform a scan which this time found Bjowaa.exe as a problem, along with 150 other files which according to nod32 were cleared after a restart. However I was still unable to run MBAM or HJT, experiencing the same kind of behavior as before. Nod32 is now giving me the the previous error aswell ("Error communicating with karnel"). I cant find the log file nod32 produced before the restart, and googling isnt very effective for I believe the malware I have is blocking my access to most of the internet-security-related sites.

I cant even open malwarebytes.org, only forums.malwarebytes.org is workingfor me.

I still cant access safe mode, it gives me a blue screen.

If somebody has an idea for how i should deal with this situation, I will greatly appreciate your help.

Link to post
Share on other sites

  • 4 weeks later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.