Got a serious virus

Hey everyone,

I was on my girlfriends computer last night when all hell broke loose. She has an HP Mini 110. It was on a limited internet connection and only gmail worked… no other websites work at the moment. So I think this virus has been in the computer dormant and just came to life last night. Anyway, here’s the problem. An error message appeared on the screen saying that explorer.exe had a problem and to click ok to close it. Odd as I had never seen that error before. I clicked ok, and restarted the computer. The computer got hung up on the startup screen with ¨windows XP´ and the blue bar scrolling across the screen. Hung up for about 10 minutes I’d say. Finally the computer entered windows xp and the same error message about explorer.exe appeared. Now, explorer.exe will not initiate at all. Tried starting in safemode, same problem. Another service (SVP or something, can’t remember) also crashed. I am able to navigate around the computer through the task manager, but that’s it. Avast! had been deactivated. I reactivated it and tried a scan, but it is scanning at 500 bytes/sec. Tried a boot time scan… after 8 hours, the scan had only completed 1% of it’s task. It found a bunch of file errors within microsoft office and adobe but that was it. I was able to get malwarebytes on the computer with a flashdrive and it is currently scanning. After my first quck scan with malwarebytes, a PUM.HIJACK file was found and quarantined. That was the only file it found. I also installed CCleaner and I think it cleaned up a lot of file errors and problems in the registry. I am unable to intall Superantispyware because I think the virus is preventing me from doing so. It gives me an error message. But anyway, the computer is virtually useless. Even when I try to manually initialize explorer.exe it gives me the same error (00000000c0). Any ideas on what type of virus I could possibly have and what are, if any, the proper steps toward fixing it? I would just put in the windows xp disc and go from there, but its a HP Mini with no CD drive. Thanks a bunch

Orman

If able to…

Follow this guide… http://forum.avast.com/index.php?topic=53253.0
attach the logs requested…
Then one of the trained malware removers will help you…

Thanks Pondus. I’ll let you know how it goes and get back to you.

Still don’t know exactly what the virus I have is. I’m on a second computer at work. Luckily I have a flash and a smart phone so I can copy the guide you gave me an email it to my phone along with any downloads i need on a flash

Can’t complete the guide because I cant open internet explorer or chrome. The avast scanner got stuck scanning c:/windows/explorer and crashed the scanner. Anyone have any idewa?

Malwarebytes did find 3 files. PUM.HIJACKER, Riskware.tool.ck and Trojan.fakealert

Anybody got any ideas?

Can't complete the guide because I cant open internet explorer or chrome

Does anything prevent you from opening them or was it that your PC could not connect to the Internet? You may want to check the part about Farbar Service Scanner in this link.

Hey thank you for your response arc. No, I can run thr scans fine with the exception of avast. Problem is I cant save the logs. OTL gives me a commom dialogue error (0x3002). ¡Avast scanner ASWmbr freezes while its scanning the c:/explorer file. I am unable to launch any of the web browsers I have installed, but malwarebytes d/led updates earlier so the internet is connecting in safemode. Like I said earlier, explorer isnt functioning at all so the computer is extremely limited in function. Having to navigate solely with task managee cmds. Also, cant just pop in an xp disc because this pc has no cd drive. All i’ve got is a smartphone and a flash drive. If I can get explorer running, that would be huge. The error is (0xc0000006) on startup. I also cant install superantispyware because I believe viruses are blocking it.

cant just pop in an xp disc because this pc has no cd drive
The error is (0xc0000006) on startup.

If you can get an USB CD drive, and set the BIOS to start with the USB first, then you can use the XP disc to repair.

Google gives this here: http://forums.techguy.org/windows-xp/929173-0xc0000006-error-appears-when-i.html

A malware expert will come along sometime soon.

I might be able to get a hold of a cd drive tomorrow. I also will try and get log files up here via my flashdrive. Thanks everyone for the advice and help

if you want to take the risk, there are some scanners you can run from USB

or wait for Essexboy…

What are the risks? I’m afraid I’m running out of options short of.a full reformat which I dont want to do. Girlfriends pc and she is going to murder me if I lose her itunes music!

What are the risks?
doing this yourself....or safer wait for Essexboy

I’m up for the challenge and risks. I can at least take a look at the process

These can be run from a USB stick

SUPERAntiSpyware Portable Scanner http://www.superantispyware.com/portablescanner.html?tag=SAS_HOMEPAGE

DrWeb CureIt http://www.freedrweb.com/cureit/?lng=en
how to use http://www.freedrweb.com/cureit/how_it_works/?lng=en

Norman Malware Cleaner http://www.norman.com/downloads/malware_cleaner/en-us

Thanks Pondus. About to run home and try these scans. Any idea of a tool I can download that might help repair explorer.exe and other windows critical files?

OK do you have two USB ports and two USB sticks ?

If so first we will create a PE environment boot USB and then run an analysis tool

IMPORTANT:
You will need a flash drive with a size of 512 Mb or bigger. Make sure that you do not leave anything important on the flash drive, as all data on it will be deleted during the following steps.

[*]

[*]Download OTLPEStd.exe from the following link and save it to your Desktop: mirror1.

[*]Download eeepcfr.zip from the following link and save it to your Desktop: the mirror

[*]Finally, if you do not have a file archiver like 7-zip or Winrar installed, please download 7-zip from the following link and install it: the mirror

[*]Once you have 7-zip install, decompress OTLPEStd.exe by rightclicking on the folder and choosing the options shown in the picture below. Please use a dedicated folder, for example OTLPE, on your Desktop

http://i643.photobucket.com/albums/uu158/_temp_/otlpestdsmaller.jpg

[*]Open the folder OTLPEStd which will be created in the same location as OTLPEStd.exe and right-click OTLPE_New_Std.iso. Select 7-Zip and from the submenu select Extract files… and extract the content onto your Desktop in a OTLPE folder:

http://i643.photobucket.com/albums/uu158/_temp_/otlpestdsmall2.jpg

[*]Please also decompress eeepcfr to your systemroot (usually [b]C:[/b]).

[*] Empty the flash drive you want to install OTLPE on.

Go to C:[b]eeecpfr and double-click usb_prep8.cmd to launch it.

[*] Press any key when asked to in the black window that opens.

[*]As indicated in the image, make sure you have selected the correct flash drive, before proceeding.
For Drive Label: type in OTLPE.
Under Source Path to built BartPE/WinPE Files click and select the folder OTLPE that you created on your Desktop.
Finally check Enable File Copy.

http://i643.photobucket.com/albums/uu158/_temp_/otlpe-2.jpg

[*]Click on Start, accept the disclaimers and wait for the program to finish.

Your bootable flash drive should now be ready!

You can boot now from that USB and inspect the files copy them or back them up and you should have net access

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

Whilst the Reatogo desktop is up and running
Plug the second flashdrive into the infected PC.

[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select “Computer” and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Thank you both. Running the Superantispyware portable scan right now to see if it can find anything that might give me a little more funcionality before starting your process Essex. Think it could make it a little easier for me if I can get a little more funcionality. I’ll get a hold of a second flash today or tomorrow and get back to you with the logs. Thanks again!

No problem, anything you are unsure about then just shout…

If need be I can use FRS to reset you back to an old restore point