3 Replies Latest reply on Dec 10, 2011 6:56 AM by Peter M

    Really Bad Infection.  Please Help.

      It started very early last Thursday.  Somewhere along the line, I've picked up some really nasty bugs and I can't seem to get rid of them.

       

      I ran McAfee three times, but it didn't find anything.  I ran the virus scan from Microsoft's website, Windows Live One Care, it found several things.  I can't remember the names, now.  It said they were worms and trojans.  But it failed to fix them permanently.  I tried a system restore, but was told on three different dates that the restore was incomplete.  I then ran Malware Bytes.  It found and fixed 14 things--rootkits, rogues, and trojans.  That was followed by Panda Anti-rootkit, which found nothing.  Then F-Secure Virus Scan, which found and fixed 21 things, including spyware, trojans, and rootkits.  Trend Micro's Housecall found nothing.  SuperAntiSpyware found 1083 things, all but two of them tracking cookies.  The other two were rogues. I ran Hijack This (I've attached the log file.  I have no idea what to do with it.)  Then I ran stinger, which found nothing.  I thought maybe I was getting somewhere.  I was wrong.  I've also reinstalled IE8 twice.

       

      I run a current version of McAfee Security Center with automatic updates.  But the antivirus and the firewall are, and were, enabled.

      Security Center v. 9.15.160

      Virus Scan v. 13.15.113

      Firewall v. 10.15.106

      Site Advisor v. 2.6.6253

      All running on Windows XP Pro with Service Pack 3.  Windows Updates also run automatically.

       

      Problems I still have:

       

      1)Most of the time when I start IE, I get a message that my last session ended unexpectedly and asking me if I want to restore my last session.

       

      2)Often, the browser will just open another instance of IE and go straight to an ad, usually for Dish Network.  (Right now, if Dish Network were the only way to watch TV, I'd listen to the radio and play DVDs.)

       

      3)Sometimes I get voices, usually for Target ads, coming from my speakers.  (Same for Target right now.  Wouldn't shop there if you paid me.)

       

      4)If I leave the computer running withoug turning on the firewall lockdown, I will come back to about 100 instances of SiteAdv.exe running and a Windows Virtual Memory error.

       

      I'm at my wits' end.  How do I fix this?  I really need to be able to send e-mails so I can look for a job.  But I don't want to send e-mails until I get this taken care of.

       

      Please help.

        • 1. Re: Really Bad Infection.  Please Help.

          Assuming you still have the various titles that you listed installed on your machine. Shut the machine down, pull the plug if you must. Disconnect from the internet, unplug the network cable from the machine. Restart in safe mode, no network just safe mode. Log in as the administrator. Accept the various warnings etc. Once you are at a desktop now run the anti virus titles you listed. Start with Malware Bytes, then Stinger, then scan the disk with your antivirus software. If you can and you know how schedule, the titles to run at startup. Once you have run all the utilities in safe mode reboot and let the scans run as the machine starts up.

           

          Usually the browser malware will not load in safe mode, usually. So this is a safe course of action to follow. That does not mean you will get everything cleaned out. Good luck.

           

           

          David Davis

          "Free advice is worth what you pay for it."

          • 2. Re: Really Bad Infection.  Please Help.

            Hi Meredith_Mansfield,

             

            From the symptoms you mentioned, it seems you have a an infected MBR (Master Boot Record on the computer).

            It is a kind of a rootkit infection. it is one of the following 2 infections - Rootkit.Boot.Sst.a or Rootkit.Boot.Sst.b  (A TDSS infection which affects the sector 0 of the hard drive)

             

             

             

            You will need to find out which one it is to fix it because both of them exhibit similar characteristics, but they technically differ.

             

            I think the best way to fix it would be checking on the internet for a solution because there are a large number of tools that you can use to remove it.

             

            There are tools like TDSS Killer and AVP tool from Kaspesky which can  fix the problem in a jiffy.

            Since you are using an XP OS, I think TDSS killer wil do the trick. You can download TDSS Killer at http://support.kaspersky.com/downloads/utils/tdsskiller.zip

             

             

            hope this fixes your problem

             

            MM

            • 3. Re: Really Bad Infection.  Please Help.
              Peter M

              Thread 2 years old so I doubt they still have the problem, but thanks for posting anyway.