Jump to content

Malware - a nasty one


Recommended Posts

Hello all,

I'm new here, but have been reading and it seems these forums are very helpful.

Here's my problem: one of my PC's (not this one) got infected with Antivirus 2009 yesterday. I ran Ad-Aware, McAfee, and a-squared. A-squared pointed me to the file location and I deleted it manually. McAfee detected no viruses. Now the PC (running XP SP3) is having several annoying problems, clearly indicating infection. Not only is it re-directing any searches from google, msn, yahoo, etc. to bogus pages, but it prevents me from connecting to any anti-spyware/anti-malware sites!

I cannot use that PC to connect to this site or any other anti-spyware site (safer-networking, etc). IE 6.0 gives me the "page cannot be displayed" message and tries to tell me there is a connectivity problem. This is not the case as I can access any non-spyware related webpage and Internet connectivity otherwise is fine. It is as if this virus/malware has blacklisted every possible website that could solve the problem. I am pissed!

I even downloaded mbam-setup.exe to a USB drive from my other PC. When inserted into the infected PC, this file simply will not run (I can hit <enter> or doubleclick it or right-click-open the file and all I get is a half-second hourglass...then nothing happens.) I then installed the mbam app to the USB drive itself and attempted to run mbam.exe from the USB drive while inserted in the infected PC. No luck.

I have read through many of the typical instructions for diagnosing these issues yet I have yet to read about one where the Internet connection to sites like malwarebytes are "blacklisted."

Any ideas?? Thanks in advance.

Link to post
Share on other sites

Sounds like you're dealing with the same thing that I've been working on all day. I've tried a half-dozen approaches so far, to no avail. The XP firewall and some of the virus trackers I've tried identify sinowal.trojan (aka mebroot) but I think that its a recent variant of it. I registered Malwarebytes because the free version gave me the best identification of any of them, but now that I've registered, I'm getting Error Code 731(0,9) as soon as it identified one infected object.

Link to post
Share on other sites

For anyone still having issues, please follow AdvancedSetup's instructions here: http://www.malwarebytes.org/forums/index.p...amp;#entry35969 and see if that doesn't get it working, you should be able to scan with MBAM after that and remove the nasties, it would also be a good idea to post your logs in the Malwarebytes' HijackThis forum as lordpake suggested to make sure you are completely clean.

Link to post
Share on other sites

For anyone still having issues, please follow AdvancedSetup's instructions here: http://www.malwarebytes.org/forums/index.p...amp;#entry35969 and see if that doesn't get it working, you should be able to scan with MBAM after that and remove the nasties, it would also be a good idea to post your logs in the Malwarebytes' HijackThis forum as lordpake suggested to make sure you are completely clean.

Thanks Exile360, but I did not find TDSServ.sys or anything resembling that in my non-plug-n-play devices. Although before I found this site I found another that advised deleting a whole ton of registery values that reference TDSS*. I found only two that did contain "TDSS" and deleted both.

I would REALLY love to be able to run malwarebytes on this machine. Is there another back door?

Thanks

Link to post
Share on other sites

Excellent, I'm glad you finally nailed that nasty rootkit. To make sure you get everything cleaned up, please follow the instructions here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 and post your logs in a new topic here: http://www.malwarebytes.org/forums/index.php?showforum=7

Please be sure not to install any software or use any removal/scanning tools exept those that you are instructed to by the expert who will be assisting you as doing so can make their job much more difficult. I hope I was helpful. Good luck and safe surfing.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.