Bugger of a virus!

[Neil]

While doing my monthly check on my brother's P.C (if I don't, it ends up
with all kinds of crap!) I found that I couldn't access MSConfig. Since
then, I've been battling against something which so far has got me beat!

As well as MSConfig, RegEdit & Task Manager are also inaccessable, I am
unable to access any Admin services, Norton Anti-virus 2005 has been
disabled and blocked (and can't be re-installed), anti-virus websites are
blocked (apart from one which allowed me to start an online scan, but was
shut down after a while) and all of this even when booted into safe mode! I
have tried an up-to-date Spybot S&D but although it finds and removes DSO
Exlpoits, they return on the next scan. The same with AdAware - finds,
removes, then they return. I've even tried a virus remover file from
McAfee's website called "Stinger", but this is prevented from running.

After 2 nights of trying, I am even at the stage where I don't even
know the name of the virus, as it is so well embedded.

If anyone has any ideas, I would appreciate it as it is now become a battle
of wills and I don't want to give up and re-format.....yet!

TIA

 

[pete]

While doing my monthly check on my brother's P.C (if I don't, it ends up
with all kinds of crap!) I found that I couldn't access MSConfig. Since
then, I've been battling against something which so far has got me beat!

As well as MSConfig, RegEdit & Task Manager are also inaccessable, I am
unable to access any Admin services, Norton Anti-virus 2005 has been
disabled and blocked (and can't be re-installed), anti-virus websites are
blocked (apart from one which allowed me to start an online scan, but was
shut down after a while) and all of this even when booted into safe mode! I
have tried an up-to-date Spybot S&D but although it finds and removes DSO
Exlpoits, they return on the next scan. The same with AdAware - finds,
removes, then they return. I've even tried a virus remover file from
McAfee's website called "Stinger", but this is prevented from running.

In the old days PCs had 3.5" drives. You could have run Stinger from floppy.

 

[Gabriele Neukam]

On that special day, Neil, ([email protected]) said...

As well as MSConfig, RegEdit & Task Manager are also inaccessable, I am
unable to access any Admin services, Norton Anti-virus 2005 has been
disabled and blocked (and can't be re-installed), anti-virus websites are
blocked (apart from one which allowed me to start an online scan, but was
shut down after a while) and all of this even when booted into safe mode!

Try to download and run Process Viewer from www.systernals.com, and kill
the offending process. Maybe this gives you a head start from which you
can get your hands on this elusive malware.


Gabriele Neukam

(e-mail address removed)

 

[kurt wismer]

Gabriele Neukam wrote:
[snip]

Try to download and run Process Viewer from www.systernals.com, and kill
the offending process. Maybe this gives you a head start from which you
can get your hands on this elusive malware.

process viewer? did they change process explorer's name?

 

[Ian Kenefick]

Gabriele Neukam wrote:
[snip]

Try to download and run Process Viewer from www.systernals.com, and kill
the offending process. Maybe this gives you a head start from which you
can get your hands on this elusive malware.

process viewer? did they change process explorer's name?

lol @ Kurt, in Ireland we refer to this as knit picking - I'm sure
Pete got the picture from Gabrieles post.

Regards,
Ian Kenefick
http://www.IK-CS.com

 

[Guest]

| While doing my monthly check on my brother's P.C (if I don't, it ends up
| with all kinds of crap!) I found that I couldn't access MSConfig. Since
| then, I've been battling against something which so far has got me beat!
|
| As well as MSConfig, RegEdit & Task Manager are also inaccessable, I am
| unable to access any Admin services, Norton Anti-virus 2005 has been
| disabled and blocked (and can't be re-installed), anti-virus websites are
| blocked (apart from one which allowed me to start an online scan, but was
| shut down after a while) and all of this even when booted into safe mode!
I
| have tried an up-to-date Spybot S&D but although it finds and removes DSO
| Exlpoits, they return on the next scan. The same with AdAware - finds,
| removes, then they return. I've even tried a virus remover file from
| McAfee's website called "Stinger", but this is prevented from running.
|
| After 2 nights of trying, I am even at the stage where I don't even
| know the name of the virus, as it is so well embedded.
|
| If anyone has any ideas, I would appreciate it as it is now become a
battle
| of wills and I don't want to give up and re-format.....yet!
|

Try HiJackThis: http://www.merijn.org/downloads.html

SB

 

[kurt wismer]

lol @ Kurt, in Ireland we refer to this as knit picking - I'm sure
Pete got the picture from Gabrieles post.

actually, i was serious... it's not like process explorer was it's
first name - i remember when it was HandleEx...

i was also being a lazy bum, i asked instead of going to look myself
and see if they changed it...

 

[Ian Kenefick]

actually, i was serious... it's not like process explorer was it's
first name - i remember when it was HandleEx...

ok :|

i was also being a lazy bum, i asked instead of going to look myself
and see if they changed it...

Ah yes, the sarcastic approach ) j/k


Regards,
Ian Kenefick
http://www.IK-CS.com

 

[Gabriele Neukam]

On that special day, kurt wismer, ([email protected]) said...

actually, i was serious... it's not like process explorer was it's
first name - i remember when it was HandleEx...

i was also being a lazy bum, i asked instead of going to look myself
and see if they changed it...

sigh...

I can just too easily mistake it for Igor Nys' "PrcView".

Sorry


Gabriele Neukam

(e-mail address removed)