HELP! major worm hidden partition, dual fifo

Status
Not open for further replies.
Since you have recently reformated and reinstalled, I find it hard to fathom why your system is infected, but it is. This could be because you didn`t disconnect from the net during the reinstallation process. Never connect to the net without having at least an active firewall programme installed. Another possible reason for your reinfection is some of the software you`re reinstalling could possibly be infected.

Another thing that`s not quite right, is your Windows installation seems to be on your D drive, rather than the customary C drive. Can you explain why that is?

Given the problems you are having, I recommend you disconnect from the net and reformat and reinstall from scratch. Do not reconnect to the net until after you have installed some firewall software. This is because your system can be compromised in seconds without an active firewall.

Free antivirus and firewall software can be found below.

AVG free or Avast antivirus programmes.

Zonealarm Kerio or Comodo free firewall programmes.

Once you`ve done that, post a fresh HJT log only from normal mode and we`ll look to see if it`s clean.

Regards Howard :)

This thread is for the use of logikz only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
howard_hopkinso said:
Given the problems you are having, I recommend you disconnect from the net and reformat and reinstall from scratch. Do not reconnect to the net until after you have installed some firewall software.
...

Once you`ve done that, post a fresh HJT log only from normal mode and we`ll look to see if it`s clean.
I second that opinion.
Let us know your decision.

Regards,
Your friendly momok =)

This thread is for the use of logikz only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
as i said i am on winxp 64bit. no combofix or avg. i have done as you asked, but plug and play is hard to get rid of, had to disable with msnconfig.
 
Hi,

Grisoft has recently released a version of AVG Anti-spyware which is compatible with 64 bit Windows. You can download it from HERE.

Run it with a full system scan, and quarantine any infections. Attach your log (after quarantine) in your next reply.

Also, I would recommend that you uninstall Prevx immediately from your system. It has a known history of detecting certain legitimate system files as false positives.

Attach the AVG anti spyware log and a fresh HijackThis log in your next reply.


Regards,
Your friendly momok =)

This thread is for the use of logikz only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
\do you have any clue what the hywave file protector is? or possibly the reason why my bytes dont coincide with my gigabytes? I always seem to lose about 10% in the transition. It says i have 320000000 bytes but only 298 gigs. This is infecting a number of computers that i have access to, and i believe it has something very fradulent around it. I have put in a CD burned from my computer into a clean computer and without even running a file on it, the new computer is also infected. I need help with this bad, there is major problems. My internet at home is not quite set up again, so I will have to wait a little bit before I can post the new results. These services start all the time after a complete format. I used files from Ultimate Boot CD to write bad blocks to one of my harddrives but none of them register bytes and gigabytes accordingly. Is this also going to be able to do this with dollars and cents? Is there anything major i can do to wipe a complete harddrive, boot sector, ram, and BIOS? My RAM is also formatted very funny, it comes up under a very suspisious name. The page file never seems to go away, even after a supposed "low level format" via hard drive killer, along with many other programs. I need complete system erasure, so i can atleast make some clean boot CD's to kill this off. I am very afraid someone is trying to do somting major effecting both my, and my family's financial situtation. If you have information on reporting these offenses I would also be all ears, I have certain suspects who used my computer and all of a sudden this rash infection was obtained.

thanks, i will post those logs as fast as possible.
 
Hi,

1 kb = 1024 b; 1mb = 1024 kb; 1gb = 1024mb.

I am very concerned about the fact that you and your family's financial situation may be compromised because of a lapse in your computer system security. Based on that I would suggest you actually do a full reformat and inform any financial authorities on the situation. Please read this thread HERE.


Regards,
Your friendly momok =)

This thread is for the use of logikz only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
are you not hearing me man? I HAVE REFORMATTED 10000000000000000000000000000000000 TIMES. I need something that will REALLY kill my harddrive. I have an SCVHOST file that is dated from 2005 and i purchased the computer in 06. There is security logs from 2005, and i reformatted LAST NITE. There is no way to get rid of my page file even. I need to get rid of the whole operating system. and boot sectors, and MBR, and also BIOS. Is it possible for someone to put a CD into a computer and without even opening it, become completely infected with a virus like this? I have redbook windows service, i have all these audio drivers like MDM crystal audio codecs and stuff, and I use ACL audio, from an asus motherboard. When i flash my bios, there is always a few blocks that dont get updated, I just dont see what i can do.. please help me.........
 
Hi,

I'm sorry about that.
Just to check, could you explain the exact steps on how you went about your reformat of your hard-disk?

With regards to BIOS, you can read this thread HERE to check if you've done everything properly.


Regards,
Your friendly momok =)

This thread is for the use of logikz only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
logs you wanted, plus others. and to format i did f3 at the startup of windows setup, then i deleted all partitions. did format C: /FS:NTFS. here is another fresh install but 32 bit.

another thing. i do to install anti-spyware from avg, and it states that im in 64 bit still. Also, it says that i cant run certain programs in NT, but im in windows xp home

gmer log here it is. thanks
 
Hi,

I did not ask for those logs. I have thus merged your posts together and deleted the logs.
Please download a firewall and antivirus from the following choices:

AVG free
Avast

Zonealarm
Kerio
Comodo

Save the setup files on an external drive or CD.

Please see HERE and follow the instructions to the letter for a full format. Correct me if I'm wrong, but I do not quite understand your explanation of "f3 on windows setup" as that simply exits the installation. I take it that your format was not done properly since previous files can still be found and windows remain 64-bit when you chose 32-bit.

Also, do not use your previously corrupted windows CD; use a clean original windows CD.

Once you have completed the full format, do not connect to the internet. Install both the firewall and antivirus softwares and leave them on for protection. Then visit this site again and download AVG antispyware from my signature and run it.

Post only a HijackThis and AVG antispyware log. List out the exact problems which occur after this sequence of steps I've given you.


Regards,
Your friendly momok =)

This thread is for the use of logikz only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
after another fresh reinstall / updating

i keep reinstalling things, but this is current scan. do you not see anything out of ordinary? My page file never changes. i need to CLEAN not to format please.
 
Hi,

You have not updated your Windows to the latest patch. Please do so immediately.

You are also running an outdated version of HijackThis.
You can obtain the latest version from the link in my signature. Please rename the executable file as certain malware are known to hide from it.

I assume those logs are from your latest scans after a reformat.

Download the attached "CFScript.txt" (from my attachment) and save it to the same folder as Combofix.

Referring to the image below, drag the CFScript.txt that you downloaded earlier over on to Combofix.exe and release.

CFScript.gif


This will ask Combofix to execute the instructions within my file. Let Combofix run normally and do its job. Attach the resultant log in your reply.

Thereafter, please post fresh HJT and AVG Antispyware logs from normal mode and the ComboFix log from the safe mode instructions as attachments into this thread.


Regards,
Your friendly momok =)

This thread is for the use of logikz only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Hi,

You have not posted your AVG antispyware and HijackThis logs as requested. I really need you to follow the instructions and not post anything else other than needed logs too.

Also, could you clearly state the problems that are occurring on your system right now?


Regards,
Your friendly momok =)

This thread is for the use of logikz only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
hey, i have some more scans coming, i wanted this right away. Is from kaspersky online scan.

this is gmer scan, going to safe mode. sorry multi posts
 
Hi,

Please provide details of the following:
  • What problem are you facing, with programs or system processes?
  • When does it occur, or is it an ongoing thing?
  • What is so abnormal about it?
You are running an outdated version of HijackThis.
You can obtain the latest version from the link in my signature.
Also, you have not renamed the HijackThis executable. Please rename it to Analyze.exe and save it in its own folder, for eg, C:\HijackThis\.

Please download and run CCleaner via step 9 of the instructions HERE.

You may wish to copy and paste these instructions on notepad for easier reference later.

Boot into safe mode under your normal user name. See how HERE
Next turn on "Show all files and folders, including hidden and system". See how HERE

Navigate in Windows Explorer and delete the following files and folders in bold.

C:\DOCUME~1\friz\LOCALS~1\Temp\XCP2.tmp

C:\Program Files\ras\New Folder (3)\playtoadgeneralfree.exe
C:\Program Files\ras\New Folder (3)
C:\Program Files\ras\playtoadgeneralfree.exe

Reboot into normal mode and rehide your protected OS files.

Thereafter, please post fresh HJT, ComboFix and AVG Antispyware logs from normal mode as attachments into this thread.


Regards,
Your friendly momok =)

This thread is for the use of logikz only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
I had this problem with a gnarly boot sector virus I got once. Kept replicating to all discs I inserted (USB etc).

Basically, throw away any CD or DVD you have burned. Floppy disks. Everything. Go to another PC, download a program that will write 0s to the drive.

Write 0s. Shut off PC for 30 seconds. If you have any USB drives conneced that are infected, boot using a disc like minipe and write to those also. I disconnected my HD while booting to minipe just to make sure the virii wouldnt go to the hard disk (since i was at wits end ready to shoot the computer and external HD). Basically, write 0s to everything. Re-install.

DO NOT USE INFECTED DISCS. THEY ARE DONE FOR.

This, of course, being last resort. Certain viruses can survive a format. Also continue on with Momok's suggestions. He is very knowledgeable in this area.
 
here is a comp that has same problem. TIME AFter time it reinstalls onto other computers thru network and burnt cds and other things. HELP ME TO KILL IT. please dont just blow it off man, lots of people do these logs and give other thing to do, like win2xpfind and ****. help me
 
I would suggest other things to do except it would be exactly what they are telling you.

Take the network down. You need to contain this thing or you're never going to get rid of it. Like mentioned before, don't use infected CDs/DVDs. If you use floppy disks, make sure you create them in a clean computer and write protect them if you boot on an infected computer.

If this thing is replicating itself through the network, I would be going straight to salvage meaning I would shut the entire network down and complete wipe the computers that are infected.

My boot sector virus (maybe it wasnt even that but it was a gnarly thing) spread through my network also. After working on it for a week I realized that data salvage was IMPOSSIBLE since it would just replicate itself to any network drives, backup media, or removable devices plugged in. I ended up losing everything I've ever done on around 5 computers and external drives.

I wouldn't risk using any CDs you question as clean. I will help you but if your going to continue to use infected media and bringing yourself back to square one time after time, I can't suggest anything else.
 
Status
Not open for further replies.
Back