Jump to content

its a binary virus that has re-written itself into my os


Recommended Posts

it was from a porn site, the original file was downloaded to my desk top. It has 6. and .7600 in all the files it brought up, it made itself an option in my permissions list 3 times in all caps: system, networking, and owner. It bsod on gmer but hijack this reports were logged. It allows me to do whatever I want online until I try to remove it. I have my malware scan log and the hijack this log. all I wrote down from the bsod was uwld and I think it had a 34 in it, not sure. Avira's new software was downloaded just before I got it, it can keep me from bringing up the boot menu and my recovery disk doesn't show all of my restore points and all it really does is delete them one by one if I touch them. My recovery disk is what repaired everything so I could get back online but it's still there, my os doesn't even say it's windows 7 anymore. hyberfil.sys is the first process that starts up and it uses the most cpu on crss. It manages to keep from being deleted by affecting how it powers down and off, I've done a couple of hard resets just to get it to stop freezing me up on scans. Windows update won't install. I've seen it several times here on your forums & other places online, but nobody has successfully deleted it from what I can tell. I can understand why, it's written itself into everything I've touched and replicated itself each time.

On my other user account it is very prominently a part of every program so I am on another user account but I took screen shots and saved them to a flash drive that had all the different files that it had written onto for about 5 pages worth of processes that were running. I got tired of doing it though, I get it's common factors. Many of them have ide in them too, but mainly you can see the trend in my start up processes. It will not allow anything to modify it and at this point I just want my media and documents pulled hopefully safely now that my drivers were repaired by my recovery disk. I don't really want to have to wipe it but I haven't seen anyone touch it for windows 7 yet and so I feel the mid-level re-installation would be necessary as it does not even give an option for a true boot from the cd drive. It has locked the hdd password (I never set it, or a system image, or a back up...its still a fairly new pc & I have been busy rebuilding from a house fire. It allows iexplore.exe but didn't fall for the gmer scanner. When I have ended it's processes myself it bsod.

it would not allow me to save the first report avira made unless I made it look really generic when i saved it in word pad. It isn't allowing me to save anything in notepad anymore at all. It used to say windows 7 version 6. whatever that crap is. Now the 7 is gone all together. Its worse w/every reboot. The below scan was one of the first things I did, but as you see, it either rewrote the time stamp or didn't log it? Idk how it works, but that's the time the scan took exactly & thats how many files it got to before my pc crashed...well, like I said, it doesn't crash it, it manages how it shuts down....hibernates it? That is the scan, just all screwed up.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4253

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

6/29/2010 4:35:38 AM

mbam-log-2010-06-29 (04-35-38).txt

Scan type: Full scan (C:\|E:\|)

Objects scanned: 224644

Time elapsed: 53 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

hijackthisark.txt

AVSCAN_20110127_004345_46DDAE3Aark.txt

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.