SOLVED Tons of viruses won't go away.


BetaMan

Official G33k
VIP Member
Joined
Jan 15, 2009
Messages
463
Reaction score
29
I've got a few annoying trojans that have been putting my CPU usage at 100% and popping up with some dialogs every once and a while. It's really, really annoying. I've scanned with Malware Bytes and AVG and while they both claimed to have removed the viruses, I notice no differences. The processes that seem to be the culprits are "svchost.exe", which I know about, so help me with that one and "temp.exe", which the description in task manager is "Recycler". I've gone to my friends but their solutions have had no resolution. HALP!
 

Attachments

Ad

Advertisements

draceena

That Crazy Amazon Chick!
VIP Member
Joined
Jan 17, 2009
Messages
773
Reaction score
182
Are you runing the 32 bot or 64 bit W7? From what I've read, there are some difficulties in removing viruses from 64 bit systems.

Beyond that, have you tried an online virus scanners (like Kaspersky Online Scanner) or another Malware program like A-Squared?

You might like to try Hijack-This to solve your problem. I know that most forums that help cure virus problems will have you download and run the program and just grabbing the text file it creates and posting the output. Unfortunately, I'm not very versed on going through the Hijack-This logs but others may.
 
Joined
Sep 12, 2009
Messages
133
Reaction score
29
This thread may be more appropiate in the Security section :)

Is this a x86 or x64 machine?

As draceena has already mentioned, most tools do not yet run on x64 systems due to the way they run and protect the files. For instance running HJT on x64 will not enumerate the system sevices and show them as all missing when they are not!

If this is a x86 machine then most tools will run on windows 7 but there will be very limited support from the authors of dedicated special tools needed for the removal process as testing is still ongoing in this department .

I would try running DDS by sUBs which will create two logs and give us a basic run down of your machine, this tool is non evasive and will not remove any malware, it is for evaluation purposes.

Please download DDS and save it to your desktop.

  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.


Post both logs back in your next reply

I would also advise a rootkit scan by the use of GMER

Download GMER Rootkit Scanner from here or here.

  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop and copy and paste this in your next reply


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
 

BetaMan

Official G33k
VIP Member
Joined
Jan 15, 2009
Messages
463
Reaction score
29
Hey, I'm on 64-bit. 5GB RAM wouldn't be wasted on 32-bit in my eyes. Attached are the logs from DDS, but GMER refused to launch without an error message.

The "DDS" log is too big to upload here, so it's right here on RapidShare.

Thanks guys!
 

BetaMan

Official G33k
VIP Member
Joined
Jan 15, 2009
Messages
463
Reaction score
29
Alright, so my friend suggested booting into Windows XP, which is 32-bit and doing another Malwarebytes scan and then maybe it will remove them. So greetings from XP Professional and it's already found 139 infections! I've got my fingers crossed.
 
Ad

Advertisements

clifford_cooley

VIP Member
Joined
Mar 8, 2009
Messages
5,063
Reaction score
1,185
Alright, so my friend suggested booting into Windows XP, which is 32-bit and doing another Malwarebytes scan and then maybe it will remove them. So greetings from XP Professional and it's already found 139 infections! I've got my fingers crossed.
Figured you would have given up XP by now. :)

I'll cross my fingers too
 

BetaMan

Official G33k
VIP Member
Joined
Jan 15, 2009
Messages
463
Reaction score
29
Yeah, I know. I keep telling myself to get rid of it but after this... Nah! ;)
 

BetaMan

Official G33k
VIP Member
Joined
Jan 15, 2009
Messages
463
Reaction score
29
Haha, wow, XP uses an older version of AVG and it's detecting more viruses without scanning than my x64, updated version did. That's just... Dandy!
 

BetaMan

Official G33k
VIP Member
Joined
Jan 15, 2009
Messages
463
Reaction score
29
Oh hey, are these actually viruses or are they vital system files?
 

Attachments

Joined
Sep 12, 2009
Messages
133
Reaction score
29
There is no need to boot to XP for malwarebytes, it is one of the few tools that is fully x64 compatiable :)

The files you see are crap, I can see many more in your DDS log too. Did you let MBAM delete them?

Please update and generate a fresh MBAM log for me and let it run in normal operating mode

  • Start MalwareBytes AntiMalware
  • Update Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Update
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


------------------------------------------------

Once done...

1. Download Temp File Cleaner by OldTimer to your desktop, or other location.
2. Save any unsaved work. TFC will close all open application windows.
3. Double-click TFC.exe to run the program.
4. If prompted, click "Yes" to reboot.

Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

------------------------------------------------

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner.

Please note that this may take some time to complete

**Vista users - right click IE/Firefox icon and run as administrator

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.


This animation will guide you through the process:


**Note**

To optimize scanning time and produce a more sensible report for review:
Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. You may disconnect from the internet once you begin the scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

------------------------------------------------

Post back with the MBAM log and the Kaspersky log
 
Ad

Advertisements

BetaMan

Official G33k
VIP Member
Joined
Jan 15, 2009
Messages
463
Reaction score
29
Thanks! MBAM is finally detecting those files. In XP, it wasn't. This should work.

hehehe.gif
 
Last edited:
Joined
Sep 12, 2009
Messages
133
Reaction score
29
Once the scan is complete follow through with the TFC and Kaspersky, any leftovers should show up in the scan and we should hopefully be able to deal with those leftovers via a batch file.
 

BetaMan

Official G33k
VIP Member
Joined
Jan 15, 2009
Messages
463
Reaction score
29
Alright, sweet. I'm bookmarking this post as it will serve useful for THE FUTURE!

Oh hey dude we have the same CPU!
 
Joined
Nov 4, 2009
Messages
217
Reaction score
50
Download unhackme and run it before malwarebytes. This is a trial version but fully functional and will discover rootkits that malwarebytes won't. It has pulled me out of many a problem but be cautious with what you delete.
 

BetaMan

Official G33k
VIP Member
Joined
Jan 15, 2009
Messages
463
Reaction score
29
Well... It's uhh... Kinda too late. MBAM took 12 hours to scan and found around 82,000 infections. It's now removing... Hehe, oh joy.
 
Ad

Advertisements

BetaMan

Official G33k
VIP Member
Joined
Jan 15, 2009
Messages
463
Reaction score
29
The Kaspersky website is down right now, so I'm gonna scan with AVG... Then it will hopefully be up.
 
Last edited:
Ad

Advertisements

catilley1092

Win 7/Linux Mint Lover
VIP Member
Joined
Nov 13, 2009
Messages
3,507
Reaction score
563
Avast has a virus cleaner as well as antivirus protection.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top