Computer Hope

Software => Computer viruses and spyware => Topic started by: MaxGen on August 29, 2009, 11:35:02 AM

Title: Infected by extremley nasty malware, can't even run HijackThis, please help
Post by: MaxGen on August 29, 2009, 11:35:02 AM

I got infected by a nasty malware while surfing a news forum. It rebooted my computer (XP sP2). Now my situation is:
1. Even in safe mode, I canot run any anti-spyware software: Malwarebyte's will close in one second after starting scanning. SuperAntiSpeware will close after about 10 seconds of scanning. Then the .exe application file will no longer work. When I tried to run them again, it will say "Windows cannot access the specified device, path, or file. You may not have the appropriate premission to access the item." On the first scan, SAS did found a few vundo etc spywares before it got closed down. Later, when I copied another SAS.exe from another computer and tried to run, it no longer reports finding anything before it got closed down.  (I did restart computer in between though.)
2. Cannot connect to any website, it always shows trying to connect. (The wireless connection itself shows OK).
3. It removed the system restore tab from system property, and does not run system restore claiming that it is disabled by group policy. I got around and brought back that tab and enabled restore, but the restore point table shows only August and there is no restore points. I can't move to other months.
4. Worst of all, after I downloaded HijackThis using another computer, copied onto the infected desktop, and tried to run, it ended up the same as any anti-spyware software - it closes itself immediately after scanning started and become inaccessible afterwards. So I can't even post the HijiackThis logs.

There could be other symptoms I have yet to discover. Never seen this kind of nasty stuff. Please help!!!

Title: Re: Infected by extremley nasty malware, can't even run HijackThis, please help
Post by: Karnac on August 29, 2009, 01:00:03 PM

I don't see anywhere in your post that you tried renaming the exe....try rename them anything other than the regular program name.

Title: Re: Infected by extremley nasty malware, can't even run HijackThis, please help
Post by: Geek-9pm on August 29, 2009, 01:32:35 PM

Here is what I would do. In fact, it is what i do.
1. Buy a good but cheap Hard Drive. I found a 160 GB IDE on E bay for $20. Works fine for my purpose.
2. Do a full install of your system on the replacement drive. Do NOT use software on the infected drive, even device drivers. Don't even have the infected drive connected. for now.
3. Get a real good anti-virus up and running.

Now at this point you can decide how much data from the infected drive you want to import, like documents, music, photos and videos. No EXE or ZIP files or things like that. Later, format your infected drive and copy the new install using q image tool line the one from Run time Software.

http://www.runtime.org/

And next time do backups to an external or removable device.
 

Title: Re: Infected by extremley nasty malware, can't even run HijackThis, please help
Post by: MaxGen on August 29, 2009, 01:44:00 PM

To Karnac:

I did rename HijakcThis to Sniper.


Thanks,

MaxGen