TechSpot

My system is badly infected with malware - black monitor problem

By amlinbtr
Nov 24, 2007
  1. (Hoping to contact howard_hopkinso)

    I have an older system, a Thinkpad T41p notebook running Windows XP SP2 with 1.7GHz processor, 1Gb RAM and 40 GB HD.

    I developed a problem with my monitor recently and have since discoved that my system has been overrun with spyware/malware/adware etc. after research and reading the topic 58138 thread on your site (sorry for lack of link--I am unable to post urls because I am a newbie to the site)

    I had over 9000 ugly entries written to my Windows hosts file, 2 variants of New.net, and a variety of other malware, some of which could be removed and some of which could not.

    My monitor goes black after the Windows logo splash screen and/or the Windows login screen. I can faintly detect the regular screens, but the monitor is so dark that I cannot read them.

    I am able to control the laptop in question using LogMeIn remote access software, however I cannot port to an external monitor or view anything on the laptop's screen. Everything on the system runs fine for now using remote access, except for the monitor problems....

    I have followed the instructions in the post entitled "Virus/Spyware/Malware, preliminary removal instructions" but am unable to complete them in their entirety. The problem lies in the safe reboot or safe reboot with networking capabilities.

    Because I only have access to the system via remote control, I cannot reboot and perform any tasks in safe mode, because I cannot read the screen.

    When I reboot in safe mode + networking, the machine hangs on the attempt to obtain network access, so I cannot get online to remotely control the machine.

    Running in safe mode appears to be out of the question unless you have some other suggestions. I have backups of my data files, so I don't mind trying anything you might suggest. I would prefer to format the drive and reinstall Windows only as a last resort, because it will take me several days to reinstall all of my programs from disk and safely restore my data files.

    Please let me know any suggestions you might have and whether you would like me to post the latest logs from HJT, Combofix, and AVG Antispyware.

    Please note that I am unable to run Smitfraud in safe mode, but it finds things...

    AVG finds things, but vundo, virtumundo, Panda Antirootkit do not.

    The latest Symantec Corporate edition does not find anything.

    Spybot does not find anything, but I notice it has a nasty habit of adding or enabling about 8000 adware/malware hosts to my hosts file everytime I run it...I edited the hosts file thru AVG once I discovered this was occurring.

    All real-time protection programs are currently off.

    Thank you in advance for your help and I look forward to hearing from you.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Apart from your malware problems, it sounds to me like you have a monitor problem as well.

    That is a job for a professional and you would need to take the laptop in for repair.

    If you can get the monitor problem sorted, then we may have a chance of solving the malware problem.

    Having said all that, if you could post the requested log files from normal mode, I may be able to help.

    Regards Howard :wave: :wave:

    This thread is for the use of amlinbtr only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. amlinbtr

    amlinbtr TS Rookie Topic Starter

    HJT, Combofix and AVG Antispyware log files attached

    Dear Howard,

    Thanks for replying so quickly. Attached are the 3 main log files. Also, here are results from my latest run of the Viruses/Spyware/Malware, preliminary removal instructions:

    1. and 2. Real time protection programs have been disabled. My anti-virus is Symantec Corporate Edition 10.1.6.6000 with 11/24/2007 v. 3 definitions. Firewall is Windows Firewall. Both have been disabled, as well as my other real-time programs, such as Windows Defender, Spybot, etc etc.

    3. Trend Micro Housecall results

    Adware: Sidesearch

    Cookies in Internet Explorer Cache:
    citi.bridgetrack.com
    msnportal.112.2o7.net
    server.iad.liveperson.net
    tacoda.net
    tribalfusion.com

    Freeloader: Smitfraud located in
    c:\windows\system32\dumphive.exe

    4, 5, 6, 7, and 8. Done

    9. Completed scan with Ccleaner. No findings.

    10. Smitfraud - unable to run in safe mode due to problems mentioned in my first post
    Virtumundo - no findings
    Vundo - no findings

    11. Panda Antirootkit - no findings

    12. Combofix log attached

    13. Ran Symantec Antivirus Corporate Edition with today's virus definitions - no findings

    14. Ran Spybot - no findings
    Ran Ad-Aware - no findings
    Ran AVG Anti-Spyware - found Tracking Cookie 2o7 - I then messed up and deleted the cookie rather than quarantining and failed to get a copy of log. Re-ran AVG - no findings on this second run

    15. Ran HiJackThis - don't think I found anything

    Also, for whatever it may be worth, I think I should elaborate further on the monitor issue before going to repair the hardware. The monitor on the infected machine is perfectly fine until I select OK to log into Windows, i.e., machine boots up OK, I get the usual Thinkpad splash screen in color, the usual Windows splash screen in color, and then the Windows log in screen in color.

    It is only when I click OK to log into Windows that the monitor is dimmed. You can tell there are very faint dialog boxes but they are practically impossible to discern unless you already know the order that the items are loading in Windows. Also, running diagnostics pre-Windows start on this machine reveals no problems with any part of system, monitor,etc etc. and those screens are perfectly legibile. Monitor diagnostics go thru lots of colors and patterns, and no problems there.

    It is when I log into Windows that I have the problem, and I can only use the system via remote control once logged into Windows. While working under remote control, I have checked out the Thinkpad diagnostics, as well as the various drivers, and deleted and reinstalled all related system components under Device Manager. Monitor, display adapter, etc are all working fine according to Device Manager.

    Hope this helps...

    Best regards,

    Ann Michele
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I can`t see anything obviously nasty in your HJT log. However, can you tell me what this is?

    O23 - Service: AdLib FMR - Unknown owner - C:\PROGRA~1\AdLib\ADLIBE~1\AdLibFMR.exe (file missing)

    Can`t see anything nasty in your Combofix log either.

    Have you tried doing a Windows repair as per this thread HERE?

    Regards Howard :)

    This thread is for the use of amlinbtr only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...