jamaster14

Cant get rid of trojan, cant run scans

2 posts in this topic

I have been having an issue with my computer. I seem to have gotten a trojan. It disguises it self as iexplore.exe and services.exe. Internet explorer runs in the backround and plays audio of all kinds of ads. it also causes my computer to freeze if i leave it idle. i can kill the process, but it just respawns. same with services.exe. It seems like the trojan got in through an exploit in wmp or iexplorer as i hadnt run those security updates in a while(doh!)

Anyhow, I tried running various adware/virus scans, but i am unable to. if i try and run malwarebytes,mcafee,norton,hijack this, avp, etc this trojan will stop the program from running, then make its directory read only prevent it from being run again. this also happens in safe mode.... I tried renaming the directories and executable files, but it didnt help any. I tried the web base virus scans, but the computer froze whenever i did. i tried combing through the registry, but couldnt find anything of note.

I tried following the instructions posted by prariedog

Our program, Malwarebytes' Anti-Malware can detect and remove most Malware with no further actions required for free.

Please download Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.

* At the end, be sure a checkmark is placed next to the following:

o Update Malwarebytes' Anti-Malware

o Launch Malwarebytes' Anti-Malware

* Then click Finish.

* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform quick scan, then click Scan.

* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad and if required the program will ask you to reboot to remove locked files.

i was unable to do this in either normal or safe mode. When i run malwarebytes, it is immediately shut down, and its file and directory are made read only, which prevents me from running it again. i tried re-installing and renaming the file and directory, but that didnt help, so i was unable to run the scan.

If you're still experiencing issues after running the above procedures then please follow the instructions below.

* Scan and Log ProceduresPlease download this program Trend Micro HijackThis to your desktop.

* Double-click on it to run and install it.

* Then launch the program and click on Do a system scan and save a logfile. This log file will open in Notepad.

* Please start a Newtopic here and post the most recent Malwarebytes' Anti-Malware log file and HijackThis log file using Copy/Paste.

* The Malwarebytes' Anti-Malware log file is located in the Logs tab of the program.

Someone will analyze the logs and give you further instructions.

Prompt responses to instructions and performing the required fixes as soon as possible is always best.

During this scan and cleanup process you should not install any other software unless requested to do so.

same issue with hijack this, i run it, it closes, its made read only and i can not run it again after that. same issue with mcafee, norton, and all the other stuff. running in safe mode yields the same results....

I saw another thread here with a file to check the master boot record. i ran it based on the instructions and here was the result:

C:\WINDOWS>mbr.exe -t

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net

device: opened successfully

user: error reading MBR

called modules: ntoskrnl.exe >>UNKNOWN [0x8A62AC92]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\atapi -> 0x8a6bab80

Warning: possible MBR rootkit infection !

MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

C:\WINDOWS>mbr .exe -f

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net

device: opened successfully

user: error reading MBR

kernel: MBR read successfully

not sure if that helps any, but running the mbr,.exe -f command didnt help.

Share this post


Link to post
Share on other sites

Welcome

Are you seeing this message ?

"Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item."

Download and run gmer (use the download exe button) from here >

http://www.gmer.net/#files

Double click GMER. If asked to allow gmer.sys driver to load, please consent .

If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan..

In the right panel, you will see several boxes that have been checked. Uncheck the following ...

Uncheck[ ] files

Then click the Scan button & wait for it to finish.

save the log to a handy location close gmer and post that log.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.