Iexplore.exe virus - could not complete all 8 steps

Status
Not open for further replies.
I caught a really bad virus last night and it opens up iexplore.exe on startup and then plays ads in the background. If I kill the process, it opens another one up 30 seconds later. I tried performing all 8 steps, but I was only able to run CCleaner, update Java, and run HijackThis. I tried installing Malwarebytes and SUPERAntiSypware but the setups would not open. The virus has also disabled my McAfee VirusScan so I am unable to scan my computer. I attached the HijackThis log. Please help!
 
Problem Solved!

It turns out that I had the Rootkit.TDSS virus. I figured it was some sort of rootkit but it took me the last 2 days to actually determine which one I had. Here's the steps I went through to find and remove the virus.

1. I downloaded and ran Sophos Anti-Rootkit. The scan found the following infected files, but was unable to delete any of the registry files:
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\H8SRTd.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\H8SRTd.sys
HKEY_USERS\.DEFAULT\Software\h8srt
HKEY_USERS\S-1-5-19\Software\h8srt
HKEY_USERS\S-1-5-20\Software\h8srt
HKEY_USERS\S-1-5-21-3264940189-73936133-185295080-1005\Software\h8srt
C:\WINDOWS\Temp\H8SRT561f.tmp
C:\Documents and Settings\Kenny Aral\Local Settings\Temp\h8srtmainqt.dll
C:\Documents and Settings\Kenny Aral\Local Settings\Temp\H8SRT3180.tmp
C:\WINDOWS\system32\H8SRTmocqsgkoeb.dll
C:\WINDOWS\system32\drivers\H8SRTcntyxjiexn.sys
C:\WINDOWS\system32\H8SRTyiuxihhlpk.dat
C:\WINDOWS\system32\H8SRTkibvcbtgpt.dll
C:\WINDOWS\system32\H8SRTxfuwavubjm.dll

2. When I googled H8SRT virus the first link I found was this: http://www.myantispyware.com/2009/12/22/how-to-remove-h8srt-trojan-remove-rootkit-tdss/

3. I followed the instructions on that link -- downloading TDSSKiller -- and it was able to remove the infected registry files. On restart, my McAfee VirusScan came back to life and I was able to install Malwarebytes.

4. I scanned my computer with Malwarebytes and it removed the remaining infected files.

I'm still going to re-scan with McAfee and CCleaner but I'm pretty sure the virus is gone for good. Phew.
 
Status
Not open for further replies.
Back