7 replies to this topic

[RANS0M]

Hi,
I have spent days trying to figure this out, this is where I am at.
I download a small exec program, and scanned it for virii. It came up negative and I ran it. Nothing happened and I knew I was screwed. I immediatly went into my task manager and killed some stuff that was killable, one of the programs not killable was msa.exe. I was able to rename it, so I did so. I went into my msconfig and stopped any services or items in startup that looked bad.

I then downloaded malwarebytes, ran it and updated it. When I started the scan, it crashs almost immediatly. After this the program is unrunable, I get a windows message not accessable or I dont have permission. The icon is also ghosted. So I uninstalled it with revo uninstaller, and totally remove all registry entries. I then reinstall the malwarebytes after changing the installer name, and once installed, changing the name of the exe file. Same thing. I have downloaded hijackthis, same thing, and tried superantivirus, all of which do the same thing when i start the scan. Rebooting does not fix the problem. Renaming does not fix the problem. I have tried what another user posted.

* Windows Police Pro
* CLB Rootkit driver=TDSS/Seneka/GAOPDX/UAC/ovfst/kungsf/SKYNET/MSIVX
* Total-Security (FakeAlert)
* av360 (Fakealert)
* SystemSecurity

And detected nothing with all of that, and fixed nothing. I rebooted in safemode, tried all the same stuff as above, same results. I was able to delete the program msa.exe which I had renamed earlier. Booted back into normal windows xp. Tried all of the above again. Same results. I do not see any sort of malware running anymore, my virus checker has disappeared from my bar, but possibly i killed its service. I can run it and scan, it finds nothing. (Avira) There are no logs for me to post, because the scan crashs the programs immediatly, and then the program is unrunable until uninstalled and reinstalled. No malware appears to be running. Something is still wrong though, because I cannot scan to be sure. The only other symptom I seem to have is my browser was a bit hijacked, but not totally. I can do google searchs, the searchs are right, but if i click the links, they take me to the wrong places. I can paste out the links under the headings and they are fine. I can go to most other websites fine. I find nothing wrong in the internet settings.

Any ideas? LOL.
Running Winxp with the service packs.

I have had to fix very nasty malware on my kids computer and my wifes computer, and have been very sucessful. This one has me stumped.

Thanks!

[Firefox]

Greetings and Welcome .

If you're having trouble getting Malwarebytes' and other tools to update or run please review the following tutorials and see if they are helpful:

• Total-Security (FakeAlert)
  
• av360 (Fakealert)
  
• CLB Rootkit driver=TDSS/Seneka/GAOPDX/UAC/ovfst
  
• SystemSecurity

If you aren't able to use those instructions or there are other issues then please follow the instructions here:
I'm infected - What do I do now?

And post your logs in a new topic here:
Malware Removal - HijackThis Logs

Please be sure not to install any software or use any removal or scanning tools except those that you are
instructed to by the expert who will be assisting you as doing so can make their job much more difficult.

note: if for some reason you are unable to run some or any of the tools in the first link, then skip that step and move on to the next one.
If you can't even run HijackThis, then just post here: Malware Removal - HijackThis Logs describing your issues and an expert will reply with further instructions.

I hope I was helpful. Good luck and safe surfing.

[RANS0M]

Thanks Firefox,

But as I said above, I have done all those things, and I cant post a log, because I cannot make a log with any of those programs. They crash immediatly when starting a scan. I am stumped.

RANS0M

[swagger]

@RANS0M,

Read the green note... If you can't run anything, simply make a new thread stating your symptoms and the fact that you cannot run anything. Good luck!

[Flasetta]

RANS0M, on Oct 1 2009, 03:13 PM, said:

Thanks Firefox,

But as I said above, I have done all those things, and I cant post a log, because I cannot make a log with any of those programs. They crash immediatly when starting a scan. I am stumped.

RANS0M

RANSOM?
These are exactly MY problems as well. But, I have no more time to sit around and wait for someone to answer me. I'll try to find another malware forum which WILL help me. And these people say they care? Hah!

[Firefox]

@ Flasetta

I know there are folks that will help you in the Malware Removal - HijackThis Logs section. They are quite busy there because of all the threats out there, surely you can understand that one must be patient and wait your turn.

These folks are great at what they do and provide their help for free, surely you cant expect them to just drop everything and help you at a moments notice.

[noknojon]

I went back 3 pages and could not find Flasetta's post on HJT area ??

[yardbird]

noknojon, on Oct 1 2009, 09:15 PM, said:

I went back 3 pages and could not find Flasetta's post on HJT area ??

It was removed when I brought it to the ATTN: of a moderator, That user has instructions here: http://www.malwareby...showtopic=26494

see post 4 & 5, above, best that could be done since she was 13 posts down, mods call, mods instructions!