Hi,
I've been looking around the forums and see that you all have had much success helping others with similar issues to mine. I would be greatly appreciative if somebody could help me out.
My computer was infected by malware/virus when I clicked a bad link online. I had avast antivirus scanner (home edition freeware) running and it told me a bunch of viruses (trojans) were being detected. I got really nervous and hit "delete" in the avast window a bunch of times. This clearly did not actually remove any of the infected files. Whats worse is that my Malwarebytes was unactived. I tried to run the shortcut for the .exe on my deskt top for it and it said it could not find the executable. I realized the virus deleted it. I uninstalled Malwarebytes (stupidly). After experiencing sever slowness on the cpu, internet websites being redirected to fake sites about anti-spyware, not being able to go to some websites all together, my cpu eventually blue screened. I decided to run a repair (not reformat) with my Windows XP home edition and went to bed after doing the install. I left the computer off.
On a side note, I was unable to edit options in 'view' so that I can see file extensions, (I knew I needed to block a .sys file and couldnt tell which ones were .sys- I had a very lucky guess). It looks like I have lost access to editing settings like seeing file extensions. I also thought about restoring my system to how it was a few days ago, but also could not do this because I got an error basically saying I did not have access and I need to get in touch with my domain admin.
I woke up, restarted the computer. It started up and I was able to use it though it was very slow. I did a bunch of internet research and found that I was probably infected by a Verdumonde Trojan as users with that virus had the same symptoms (website redirects, no access to some websites, inability to install or run Malwarebytes). I discovered there was a way to get Malwarebytes to run by changing the names of the installer and exe, but it also said that I needed to block TDSSserv.sys in hidden devices too in my hardware devices. I looked and did not have TDSSserv.sys as an option, so I assume that I had a variant of verdumonde trojan. So, being frustrated, I decided to pick a process which looked most fishy and to choose it to be blocked (difficult to do because they all have weird names). It blocked the process I selected and I rebooted. I guess I made the right choice because upon reboot many of my startup programs started up (MSN Messenger, Steam, Avast). I again opened the malwarebytes exe and it actually installed and I was able to initiate a scan.
Malwarebytes removed some 115 viruses from my system, but after 3 rescans, it seems it cannot delete one. It is in my C:\WINDOWS\system32\drivers\ folder. It's a rookit.agent file (C:\WINDOWS\system32\drivers\aqnyvv.sys (Rootkit.Agent) -> Delete on reboot.) . I have also downloaded (but not yet installed) installers for Combofix, Hijackthis, SuperAntiSpywarePro-trial- and windows malicious virus tool remover. I have them saved on my flashdrive for now. I am considering downloading fileassassin or rookitrepeal, but I figured I'd come here first for help.
My infected cpu is turned on, not connected to the internet and ready to be worked on.
Thanks in advance for assisting in getting this grimy virus off of my computer. Also, I am ready to run installers for any of the programs I mentioned on my computer and get a log to show you upon suggestion. Attached are my 3 Malwarebytes scans in order. The first one shows it deleted a lot of viruses and the next two show that it keeps detecting the rookit agent and cant delete it.
I've been looking around the forums and see that you all have had much success helping others with similar issues to mine. I would be greatly appreciative if somebody could help me out.
My computer was infected by malware/virus when I clicked a bad link online. I had avast antivirus scanner (home edition freeware) running and it told me a bunch of viruses (trojans) were being detected. I got really nervous and hit "delete" in the avast window a bunch of times. This clearly did not actually remove any of the infected files. Whats worse is that my Malwarebytes was unactived. I tried to run the shortcut for the .exe on my deskt top for it and it said it could not find the executable. I realized the virus deleted it. I uninstalled Malwarebytes (stupidly). After experiencing sever slowness on the cpu, internet websites being redirected to fake sites about anti-spyware, not being able to go to some websites all together, my cpu eventually blue screened. I decided to run a repair (not reformat) with my Windows XP home edition and went to bed after doing the install. I left the computer off.
On a side note, I was unable to edit options in 'view' so that I can see file extensions, (I knew I needed to block a .sys file and couldnt tell which ones were .sys- I had a very lucky guess). It looks like I have lost access to editing settings like seeing file extensions. I also thought about restoring my system to how it was a few days ago, but also could not do this because I got an error basically saying I did not have access and I need to get in touch with my domain admin.
I woke up, restarted the computer. It started up and I was able to use it though it was very slow. I did a bunch of internet research and found that I was probably infected by a Verdumonde Trojan as users with that virus had the same symptoms (website redirects, no access to some websites, inability to install or run Malwarebytes). I discovered there was a way to get Malwarebytes to run by changing the names of the installer and exe, but it also said that I needed to block TDSSserv.sys in hidden devices too in my hardware devices. I looked and did not have TDSSserv.sys as an option, so I assume that I had a variant of verdumonde trojan. So, being frustrated, I decided to pick a process which looked most fishy and to choose it to be blocked (difficult to do because they all have weird names). It blocked the process I selected and I rebooted. I guess I made the right choice because upon reboot many of my startup programs started up (MSN Messenger, Steam, Avast). I again opened the malwarebytes exe and it actually installed and I was able to initiate a scan.
Malwarebytes removed some 115 viruses from my system, but after 3 rescans, it seems it cannot delete one. It is in my C:\WINDOWS\system32\drivers\ folder. It's a rookit.agent file (C:\WINDOWS\system32\drivers\aqnyvv.sys (Rootkit.Agent) -> Delete on reboot.) . I have also downloaded (but not yet installed) installers for Combofix, Hijackthis, SuperAntiSpywarePro-trial- and windows malicious virus tool remover. I have them saved on my flashdrive for now. I am considering downloading fileassassin or rookitrepeal, but I figured I'd come here first for help.
My infected cpu is turned on, not connected to the internet and ready to be worked on.
Thanks in advance for assisting in getting this grimy virus off of my computer. Also, I am ready to run installers for any of the programs I mentioned on my computer and get a log to show you upon suggestion. Attached are my 3 Malwarebytes scans in order. The first one shows it deleted a lot of viruses and the next two show that it keeps detecting the rookit agent and cant delete it.