Worm or Virus Attack, PLEASE HELP!

G

Guest

I have always used my router as firewall. Had to temp disconnect it and
something absolutely insidious has grabbed my computer. I can use IE or
Outlook Express but most everything else is blocked. Especially everything
that would enable me to find this terrible file. I cannot run MSCONFIG to
check the startup. I cannot use CTL - ALT - DEL to see what processes are
running. I cannot run Hijack This. I cannot use SYS Restore to return to
earlier Windows because it tells me that nothing has changed. I cannot start
up any type of McAfee. When I try to run exe files like Hijack This, they
briefly flash on the screen then end. I am at my wits end. Any advice would
be greatly appreciated.
 
D

David H. Lipman

From: "MAL" <[email protected]>

| I have always used my router as firewall. Had to temp disconnect it and
| something absolutely insidious has grabbed my computer. I can use IE or
| Outlook Express but most everything else is blocked. Especially everything
| that would enable me to find this terrible file. I cannot run MSCONFIG to
| check the startup. I cannot use CTL - ALT - DEL to see what processes are
| running. I cannot run Hijack This. I cannot use SYS Restore to return to
| earlier Windows because it tells me that nothing has changed. I cannot start
| up any type of McAfee. When I try to run exe files like Hijack This, they
| briefly flash on the screen then end. I am at my wits end. Any advice would
| be greatly appreciated.


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://harrisonrj.home.comcast.net/step_by_step_pc_cleaning_process.htm#Step_3_%96_Getting_Help


* * * Please report back your results * * *
 
G

Guest

Those files won't execute either, including get.exe. I get the download menu
but it won't go beyond. I also cannot use registry editor or safe mode
either.
 
D

David H. Lipman

From: "MAL" <[email protected]>

| Those files won't execute either, including get.exe. I get the download menu
| but it won't go beyond. I also cannot use registry editor or safe mode
| either.



Download and execute HiJack This! (HJT)
http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Create a HJT log file and post it in one of the below locations...

Forums where you can get expert advice for HiJack This! (HJT) logs.
NOTE: Registration is REQUIRED before posting a log
NOTE: Web sites NOT listed in any particular order

http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/security
http://castlecops.com/forum67.html
http://www.wilderssecurity.com/forumdisplay.php?f=24
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.iamnotageek.com/f-130.html
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://boards.cexx.org/viewforum.php?f=1
http://www.malwarebytes.biz/forums/index.php?showforum=5

{ borrowed from the alt.privacy.spyware News Group }
 
L

Leythos

Those files won't execute either, including get.exe. I get the download menu
but it won't go beyond. I also cannot use registry editor or safe mode
either.
Click to expand...

If you can't boot in safe mode and run David's tools, then it's time to
wipe and reinstall.
 
D

David H. Lipman

From: "Leythos" <[email protected]>

|
| If you can't boot in safe mode and run David's tools, then it's time to
| wipe and reinstall.
|

Or better still...
Image the system using Norton Ghost and then wipe and reinstall.
Subsequently restoring data from the Ghost image.
 
K

kurttrail

David said:
Download and execute HiJack This! (HJT)
http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Create a HJT log file and post it in one of the below locations...

Forums where you can get expert advice for HiJack This! (HJT) logs.
NOTE: Registration is REQUIRED before posting a log
NOTE: Web sites NOT listed in any particular order

http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://www.dslreports.com/forum/security
http://castlecops.com/forum67.html
http://www.wilderssecurity.com/forumdisplay.php?f=24
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.iamnotageek.com/f-130.html
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://boards.cexx.org/viewforum.php?f=1
http://www.malwarebytes.biz/forums/index.php?showforum=5

{ borrowed from the alt.privacy.spyware News Group }
Click to expand...

He said he couldn't run HJT in his OP. This infected install sounds
like it may not be totally recoverable, and even if it may be
recoverable with a lot of hard work, I would never trust it.

At this point if he needs to recover files, I'd get another temp
harddrive, and unplug the old one. Install XP and install all updates
and install AV and all updates on the temp harddrive, including the one
you mentioned that scans with multiple AV engines. Then plug in the old
one, and scan the crap out of it. repair what is possible, delete what
cannot be repaired. Image and/or compress the files I'd want to save,
to the temp harddrive. Then unplug the temp harddrive, format and clean
install XP on the original harddrive, install all AV . . . . and
basically redo what was just done.

--
Peace!
Kurt Kirsch
Self-anointed Moderator
http://microscum.com
"It'll soon shake your Windows
And rattle your walls
For the times they are a-changin'."
 
D

David H. Lipman

From: "kurttrail" <[email protected]>


|
| He said he couldn't run HJT in his OP. This infected install sounds
| like it may not be totally recoverable, and even if it may be
| recoverable with a lot of hard work, I would never trust it.
|
| At this point if he needs to recover files, I'd get another temp
| harddrive, and unplug the old one. Install XP and install all updates
| and install AV and all updates on the temp harddrive, including the one
| you mentioned that scans with multiple AV engines. Then plug in the old
| one, and scan the crap out of it. repair what is possible, delete what
| cannot be repaired. Image and/or compress the files I'd want to save,
| to the temp harddrive. Then unplug the temp harddrive, format and clean
| install XP on the original harddrive, install all AV . . . . and
| basically redo what was just done.
|

Yepper ! :)
 
P

paulmd

MAL said:
I have always used my router as firewall. Had to temp disconnect it and
something absolutely insidious has grabbed my computer. I can use IE or
Outlook Express but most everything else is blocked. Especially everything
that would enable me to find this terrible file. I cannot run MSCONFIG to
check the startup. I cannot use CTL - ALT - DEL to see what processes are
running. I cannot run Hijack This. I cannot use SYS Restore to return to
earlier Windows because it tells me that nothing has changed. I cannot start
up any type of McAfee. When I try to run exe files like Hijack This, they
briefly flash on the screen then end. I am at my wits end. Any advice would
be greatly appreciated.
Click to expand...

Sometimes you can run sfc /scannow from the command prompt to give you
some basic functionality back. Do NOT reboot after. Try to run
hijackTHIS and the other goodies again.
 
G

Guest

THANKS ALL OF YOU FOR YOUR HELP. I was trying to avoid having to wipe out my
whole drive and start over. I will try the suggestions listed and if not I
will have to take my medicine.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Please Help-- Cannot Remove Virus Scan 10
Unknown case: virus, worm or probably a windows bug 6
Please Help! Virus? Avast, Firefox, Windows update quit working 4
XP + MSN + Worm - System now unstable 5
Blaster Worm Relapse????? 7
Need help with apparent virus damage 4
worm/virus crash, now cannot get to repair console-keyboard freezes 2
Running a DOS Program in SP3 6

Top