Most Stubborn and Annoying Virus

By romeoro1
Jul 13, 2008
Topic Status:
Not open for further replies.
  1. I can't seem to shake this virus/malware infections. I have tried all sorts of av and Spyware programs. I have formatted the harddrive and reinstalled xp serveral times. I've wiped the disk using Maxtor's dos zeroing low level format. I've flashed the bios with the latest dell update overwritting a possible flash memory infection.

    The problem is the registry appears to be overwritten during boot. I get a Registry Recovery message "One of the files containg the system's registry data had to be recovered by use of a log or alternate copy. The recovery was sucessful." Then a few days go by and we start accumulating all sorts of good stuff (trojans, bad sites visited, malware, etc) Eventually the os crashed and I have to reinstall windows.

    I've tried installing a different os like win 2003 servers but the virus seems to disallow certain files from being installed. I though perhaps the windows xp cd I use has the virus but I've installed the same cd on other machines and have not seem this virus.


    If anybody has any insight please let me know before I chuck this box onto the highway!
  2. romeoro1

    romeoro1 Newcomer, in training Topic Starter

    hjt:
    HJT:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:40:54 PM, on 7/13/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - /housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9CD15E5C-39A8-4D6E-BEC3-192ABF40A840}: NameServer = 198.6.1.195,0.0.0.0
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    --
    End of file - 3263 bytes
  3. SNGX1275

    SNGX1275 TS Forces Special Posts: 12,411   +281

    Nothing can survive like you say, especially if you are installing from legit OS disks. I'd take a look at your RAM. Back in the 9x days sometimes bad RAM would cause a corrupt registry message on boot and then the OS would attempt to repair it.
  4. Blind Dragon

    Blind Dragon TechSpot Evangelist Posts: 4,048

    Two thoughts come to mind - where did you get the XP disk? And let's scan boot sector

    First let's try something - uninstall Avast through add/remove programs

    Download Avira Antivir - only reason I suggest it is because I know it scans the boot sector and will show logs of it.

    After you update Avira - run a full system scan - at the end show report and paste or attach it here
  5. romeoro1

    romeoro1 Newcomer, in training Topic Starter

    Hi All

    Thanks for your replys. I have been asked to move this to the Security thread and go through the 15 steps they have listed first before I do anything else.

    I'll be back with my results in a few days and then we can start from that point. Thanks again,

    R
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.