TechSpot

Most Stubborn and Annoying Virus

By romeoro1
Jul 13, 2008
  1. I can't seem to shake this virus/malware infections. I have tried all sorts of av and Spyware programs. I have formatted the harddrive and reinstalled xp serveral times. I've wiped the disk using Maxtor's dos zeroing low level format. I've flashed the bios with the latest dell update overwritting a possible flash memory infection.

    The problem is the registry appears to be overwritten during boot. I get a Registry Recovery message "One of the files containg the system's registry data had to be recovered by use of a log or alternate copy. The recovery was sucessful." Then a few days go by and we start accumulating all sorts of good stuff (trojans, bad sites visited, malware, etc) Eventually the os crashed and I have to reinstall windows.

    I've tried installing a different os like win 2003 servers but the virus seems to disallow certain files from being installed. I though perhaps the windows xp cd I use has the virus but I've installed the same cd on other machines and have not seem this virus.


    If anybody has any insight please let me know before I chuck this box onto the highway!
     
  2. romeoro1

    romeoro1 TS Rookie Topic Starter

    hjt:
    HJT:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:40:54 PM, on 7/13/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - /housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9CD15E5C-39A8-4D6E-BEC3-192ABF40A840}: NameServer = 198.6.1.195,0.0.0.0
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    --
    End of file - 3263 bytes
     
  3. SNGX1275

    SNGX1275 TS Forces Special Posts: 10,682   +393

    Nothing can survive like you say, especially if you are installing from legit OS disks. I'd take a look at your RAM. Back in the 9x days sometimes bad RAM would cause a corrupt registry message on boot and then the OS would attempt to repair it.
     
  4. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Two thoughts come to mind - where did you get the XP disk? And let's scan boot sector

    First let's try something - uninstall Avast through add/remove programs

    Download Avira Antivir - only reason I suggest it is because I know it scans the boot sector and will show logs of it.

    After you update Avira - run a full system scan - at the end show report and paste or attach it here
     
  5. romeoro1

    romeoro1 TS Rookie Topic Starter

    Hi All

    Thanks for your replys. I have been asked to move this to the Security thread and go through the 15 steps they have listed first before I do anything else.

    I'll be back with my results in a few days and then we can start from that point. Thanks again,

    R
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...