Antivirus XP 08, Rootkit, Trojan.gaslide. PC infested.

[patrick713]

Antivirus XP 08 somehow installed itself in my father's computer, and apparently has brought a lot of other bugs with it.
I have downloaded and activated Spyware Doctor on his pc, and it has found several instances of AVXP08, rootkit viruses, trojan.gaslide, others....
It removed them, but more keep appearing, so it obviously isn't gone...
I'm attaching a HJT log... hopefully someone can help.
Thanks!

 

[xxdanielxx]

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version. Then reboot into safe mode by rebooting then start tapping the F8 key you will get the advance option select safe mode then load run the program
• Once the program has loaded, select "Perform Full Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


==============================

ComboFix

• Download ComboFix to your desktop.
• Double click combofix.exe & follow the prompts.
• A window will open with a warning.
• When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt

than post a fresh hijackthis log

 

[patrick713]

I have booted into safemode, and am running the scan right now.
However, I was unable to log in as administrator...as this is not my computer, i cannot be entirely sure that the password was never changed, but am pretty sure it wasn't.. I tried the password he had written down, as well as the other 4-5 he uses for everything--no good.
Is this another symptom, or do we simply not know the password?
I also was never prompted with an option of a password clue, even though i tried, and failed, to log in about 30 times. Would i normally have gotten a hint?
Just wondering.

 

[patrick713]

*&*^!
blue screen of death, about 9min 40some seconds into scan.

 

[patrick713]

followed by another blue screen of death....

and another....

and a third...

and a fourth... it gets to the windows XP screen ,and immediately brings up the blue screen of death.

HELP!

 

[patrick713]

i hit f8 during the last reboot, and it took me back to exactly where it left off--Malwarebytes antimalware, with 7 minutes added to the time elapsed...the scan is now continuing. weird.

 

[patrick713]

I think i might have just realized something---is the blue screen of death a fake screen saver?
its the only thing i could think of that would make sense.
if it is, i have to say, thats fairly brilliant. actually, i have to say the antivirus xp virus as a whole is pretty brilliant. someone put a lot of thought into this one....

 

[patrick713]

the MWBAM scan has been running for almost 5 and a half hours now.... it detected 156 infected objects in the first 10 minutes, and has found no more since... it has scanned 44,400 items, but for the last 3 to 4 hours has seemed incredibly slow, and seems to have just been repeatedly going though all the music files on the computer....its on its second or third time throught the alphabet of itunes artists..... has something gone wrong?!?

 

[xxdanielxx]

how much information do you have EX: 50 GB

 

[xxdanielxx]

if it still has problems cancel and go onto the combofix run it in regular mode then attach the log

Will go back to MBAM later

 

[patrick713]

in itunes? three people were using it, i'm guessing around 50GB.

 

[patrick713]

there was also a lot of other files on the pc... i'm guessing around 80GB total

 

[patrick713]

I cant get combo fix to work. I clicked the link to download, and got the file download security warning, clicked run, then IE displays a security warning saying the publisher could not be verified. I click run, a little box that says "combo fix" appears, and then I get an error message saying "you cannot rename combofix as combofix[1], please use another name, preferably made up of alphanumeric characters" I click the only option, yes, and then nothing happens. At the same time this happens, Spyware doctor displays a message saying a threat has been blocked.
when I click the message, it brings up the history, saying
"system even blocked"
Threat name- trojan-PWS.bancos
details- SD has blocked an application from attempting to access a file.
Risk level- high
Infection- C:\327882R2FWJFW\PV.CFEXE

 

[xxdanielxx]

you need to save it to your desktop then run it. Also you need to disable any protection you have

list your antivirus, antispyware and firewall if you have any

 

[patrick713]

AVG (free), Spyware Doctor, Windows firewall

 

[patrick713]

I shutdown the PC after my post about combo fix not working, and now I cannot get it to restart. Every time it gets as far as the "Microsoft Windows XP" screen, and then goes to a black screen, and after a few seconds it reboots itself. It keeps continually doing this.

 

[xxdanielxx]

when you reboot start tapping the F8 key when you get to the advance menu select

Last know good configuration and post back

 

[patrick713]

it still did the same exact thing.

 

[xxdanielxx]

hmm try booting into safe mode if you get in go to

Start>run>cmd> and type chkdsk c: /f /r

 

[xxdanielxx]

Sorry do not run the command above instead try a system restore

 

[patrick713]

no luck the first try, it stayed on the adavanced options page, then rebooted again.
i thinks its working this time....

 

[patrick713]

nevermind, didn't work. I got to the page thats a listing of system32 files, then it rebooted again.

 

[xxdanielxx]

ok looks like it corrupted your registry do you have your xp cd we need to get into the recovery console or also if you have that installed it would be listed where safe mode and all of the others are

 

[patrick713]

no, its not listed.
I think i have what you were asking for-- do you mean the System Recovery CD/DVD? because thats all I have.

 

[xxdanielxx]

Hey I have to go to sleep I will be on tomorrow go to the link below for more info also can you post if your computer has a floppy drive

http://support.microsoft.com/kb/307545