Jump to content

HELP! No clue..DOS Virus? Rootkit? immpossible to remove 25 gigs gone missing...mputer is doing.


Recommended Posts

HELP
    I have some kind of WinNT DOS IME Rootkit (Boot) Virus?? Not sure exactly but it switches RightToLeft and embedds everything on my computer into binary, stores it then uploads it when it does get online. Which is not often. It spreads like wildfire and took out the computer at the local repair shop in less than a minute. I have 5 computers all useless from this. Also I'm missing 25 gigs from my 500 gig hard drivewhich used to be 496 or something...now when reformatting it the maxium amount of space is 465gigs??
    What it does (after a complete wipe/reformat/reinstall of Vista from the original CD) is slowly takes over my computer to the point of just being useless. Starts with something small like no right click or notepad will have no application associated with it. My fonts start getting smaller, my drivers will be replaced by generic ones. The keyboard will get assigned a different character set making it impossible to type. The mouse will become inverted sometimes left moves right & top moves bottom. There are unexpected screen flashes, sudden power and fan surges, reboots, denied access to folders, missing folders, mismatched fonts/buttons/colors on programs & desktop. It kills the screen resolution, sound, drivers, other programs, and just basicly disables everything, After about 5 hours (after a complete reformat/reinstall) the computer will barely work at all **UNLESS IT IS ONLINE~~ Then the harddrive is SCREAMING and I presume uploading my files like crazy..meanwhile my mouse keyboard and desktop barely function
 All(5) computers are toast. I have tried **SEVERAL** Antivirus programs. And always get the same result. It work for just for a little bit, then the trouble comes right back.
    It seems to replicate thousands of hidden random .dll .inf .ini .jtp .fx .pif .sfx .ocx files and anything with "32" in the name that KINDA seem important. I can only delete a few of them and they pop right back in seconds. There seems to be a large amount of protected folders too like "JINTLGNT" "CINTLGNT" "IMEJP10" "imjptk" "Unicode" The C:\System Volume Information contains HIDDEN PARTITIONS, devices, folders,restore pionts so the virus just returns. ALso I keep noticing (only from the CMD window) that a lot of folders now have either one or two extra dots "." or a \ before or after the name...maybe this is normal??
    I used "Peek" to inspect a file and noticed this... "December  November  October  September  August  July  June  April  March  February  January" - the months of the year in reverse -and each letter was double spaced -but MAY was missing?? HUH??? I have used (not at the same time of course) the following Anti-virus Programs: Nortons, Avast, Malwarebytes/mbar/chameleon/regassassin, Sophos, Fileassassin, TDSS-RootKitKiller, FSS.exe/Aut2Exe, RKill.com, Emsisoft, Windows Defender, SilverLight,  MrT, ComboFix, Secunia PSI, PandaCloud/Panda USB, DIY DataRecovery MBRtool, Webroot SafeCore, IOBitMalware, KasperskyLabs, Along with several MBR/Boot pgms: PowerQuestBOOT32,PARTINNT, KillDiskSuite, Raxco REGISTRY CLEANER, File Scavenger, CWShredder, AShampooCoreTuner, Core Tuner, IOLO System Mechanic, NCXpress, PrivacyGuardian, PeerBlock, PerfectDisk. And regularly use a few general purpose cleaners: Wise Disk Cleaner, Piniform CCsetup, ZoneAlarm, RegistryNuke, DriverDetective, PSIAlog and Peek to look at stuff...not to mention ANY Dell/HP/Compaq/Gateway programs from the install CD's. Always get the same outcome they find lots of problems then suddenly freeze or reboot. When it is really bad some of the CD's even refuse to spin or eject!! I always have to do a total reformat and reinstall just to get gack up and running.
    I have Windows XP SP3 (32bit), and Vista SP2 (64bit) with all the updates (but I doubt that they really installed correctly.) Nothing seems to work more than once. the programs SEEM to remove something during the repair. After a reboot ...the program fails as it loads, or when you run it.
 

post-161507-0-17859500-1398135359_thumb.

post-161507-0-35110700-1398135369_thumb.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.