Malware Problem, please help??


  1.    30 Dec 2009 #51
    Join Date : Dec 2009
    Posts : 5
    Vista
    Local Time: 08:13


     

    Re: Malware Problem, please help??


    And check out this little scam site:

    -Warning False Microsoft Site-
    Microsoft Windows Update
    http:// www .update.microsoft.com/windowsupdate/v6/thanks.aspx?ln=en&&thankspage=5

    Does that mean it could do some real harm if a windows update is triggered?
      My System SpecsSystem Spec

  2.    30 Dec 2009 #52
    Join Date : Sep 2009
    Posts : 52
    Vista Home Premium
    Local Time: 10:13


      Thread Starter

    Re: Malware Problem, please help??


    Thanks for posting, Mailbox3. Sorry to hear you're going through this ordeal too, although selfishly it is also good to know I'm not alone. If you learn anything important about this problem please let me know, and of course vice-versa if I learn anything I'll post it..

    I appreciate your support, NeverHaveMoney. Unfortunately this problem isn't resolved yet...

    I removed the following registry items:

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager
    HKEY_LOCAL_MACHINE\System\ControlSet003\Control\Session Manager
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\VSS\Diag\SystemRestore

    ....but, C:\Windows\System32\srcr.dat remains...

    "srcr.dat" has been ladled a malware file, and it keeps coming back. One person claims (link below) that "System32" files are important to the system so Windows doesn't let you remove it (or any of its files?) This would make sense, because in another case a file wouldn't let me remove it because it had CREATOR OWNER permission. I downloaded a software that made me the CREATOR OWNER, and so I removed it. In this case, it does allow me to remove the file, it just keeps coming back again!

    Either the malware is hidden somewhere else, or "srcr.dat" is the main file but it's protected by Windows. I tried to contact Microsoft on this matter earlier, but they don't make it easy. I finally found a phone number, but I was told that I'd need my Microsoft product number (apparently it's hidden somewhere in the software.) I did a Microsoft scan to "find" the number, but it said it couldn't be found. So, great! I'll have to try calling them tomorrow anyway (I won't hold my breath!)

    And I really thought it was SOLVED for a while there. If this finally does get resolved, I think I'll spend one afternoon staring at my computer screen in disbelief, waiting for those damn ad screens to start popping up again..SHEESH...

    http://www.file.net/process/system32.exe.html
      My System SpecsSystem Spec

  3.    30 Dec 2009 #53
    Join Date : Dec 2009
    Upstate NY
    Posts : 57
    Vista Ultimate & Windows 7 x64
    Local Time: 09:13
    usa us new york

     

    Re: Malware Problem, please help??


    Neurolanis, realize I said I was leaving this thread to Neverhavemoney but since he seems to be otherwise occupied, please explain why you are deleting registry entries?

    Did you locate ComboFix.txt? Have you been able to update and run Malwarebytes?
      My System SpecsSystem Spec

  4.    30 Dec 2009 #54
    Join Date : Sep 2009
    Posts : 52
    Vista Home Premium
    Local Time: 10:13


      Thread Starter

    Re: Malware Problem, please help??


    Because some worms create registry entries to serve them, so I have been carefully removing ones which I believe this malware is creating. Regular files too of course. I kind of feel like at my wits' end right now..

    I have searched for ComboFix through the files search option and through the registry and have found nothing. Maybe it was removed by one of the anti-spyware programs I've been using (or by Norton.)

    Malwarebytes will still not run (neither will SUPERAntiSpyware, except for the online scanner.)
      My System SpecsSystem Spec

  5.    30 Dec 2009 #55
    Join Date : Sep 2009
    Posts : 52
    Vista Home Premium
    Local Time: 10:13


      Thread Starter

    Re: Malware Problem, please help??


    Right now I am looking over the files created on Dec 21, 2009 (when I am very certain this all began.) There are a TON of new files on that day, and a LOT from Norton Anti-Virus. A LOT. The days before and after have only a fraction of as many files. I feel like deleting the whole damn lot, but, I'm nosing over them. I can't see the harm in removing Norton files downloaded on that night when everything went crazy anyway...I see on other sites that people are discussing these very Norton files are being malware:

    http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=57142

    http://spywarefiles.prevx.com/RRDIHD45062222/%7B0C55C096-0F1D-4F28-AAA2-85EF59112...EXE.html

    Is it possible that a Norton update may be responsible for this?
      My System SpecsSystem Spec

  6.    31 Dec 2009 #56
    Join Date : Sep 2009
    Posts : 52
    Vista Home Premium
    Local Time: 10:13


      Thread Starter

    Re: Malware Problem, please help??


    Well, another long night spent labouring over a seemingly unsolvable problem. Again, I really thought I had it beat...I removed a ton of files that were downloaded onto my computer on the day the problem occurred—srcr, spp.dll, inprocserver32, system32 and a whole bunch of wuclient files. I had to download the “take control” software in order to remove many of these files (link below.) I also hunted down more of these files that appeared after the day the problem began.

    https://www.vistax64.com/tutorials/112795-context-menu-take-ownership.html

    Windows\System32\srcr.dat (known as "Rogue.SmartProtector") still returns at every restart. I looked up the folder that it is enclosed in (System32) and apparently it is considered a serious malware threat (link below.) The problem is that I have three such files, and I believe at least one of them must be part of Windows. I tried deleting the folder that houses “srcr” but it warned me that it would harm the computer, and indeed some of the files in the folder do appear important (while others are also threats.) Sigh...

    http://www.liutilities.com/products/wintaskspro/processlibrary/system32/

    So I ran a couple online scans and rebooted, hoping for the best. For a few minutes, nothing—then WHAM! On comes the same old crap, as if all the hard work I did accounted for nothing! This malware is indeed “smart.” Someone out there has waayyy too much time on his hands...and it’s taking ALL my spare time to try to stop this thing. Can it be stopped??
      My System SpecsSystem Spec

  7.    31 Dec 2009 #57
    Join Date : Dec 2009
    Upstate NY
    Posts : 57
    Vista Ultimate & Windows 7 x64
    Local Time: 09:13
    usa us new york

     

    Re: Malware Problem, please help??


    Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
    There are 6 different versions. If one of them won't run then download and try to run the other one.

    Windows Vista and Windows 7 users need to right-click and choose Run as Admin.

    You only need to get one of them to run, not all of them.
    1. rkill.exe
    2. rkill.com
    3. rkill.scr
    4. rkill.pif
    5. WiNlOgOn.exe
    6. uSeRiNiT.exe


    Now try to install and run Malwarebytes.
      My System SpecsSystem Spec

  8.    31 Dec 2009 #58
    Join Date : Sep 2009
    Posts : 52
    Vista Home Premium
    Local Time: 10:13


      Thread Starter

    Re: Malware Problem, please help??


    Every time I downloaded (to desktop) and ran one of those, one to three other icons appear and then something happens--the screen sort of blinks as a black box briefly appears, and then the extra icons disappear and the "Windows Help" file on "Safe Mode" reappears. And nothing happens.

    UPDATE: Yes! Malwarebytes is working!!
      My System SpecsSystem Spec

  9.    31 Dec 2009 #59
    Join Date : Dec 2009
    Upstate NY
    Posts : 57
    Vista Ultimate & Windows 7 x64
    Local Time: 09:13
    usa us new york

     

    Re: Malware Problem, please help??


    Yes, that was supposed to happen -- and the best is that MBAM is working!!! Yippee!!! That should get you started on the cleanup.
      My System SpecsSystem Spec

  10.    31 Dec 2009 #60
    Join Date : Sep 2009
    Posts : 52
    Vista Home Premium
    Local Time: 10:13


      Thread Starter

    Re: Malware Problem, please help??


    It found two Trojan.FakeAlert files and removed them (although it's prompting me to restart now, so I will.) They were found in globalroot\systemroot\H8SRT.

    The log:

    31/12/2009 3:49:34 PM
    mbam-log-2009-12-31 (15-49-34).txt
    Scan type: Full Scan (C:\|D:\|E:\|)
    Objects scanned: 202744
    Time elapsed: 27 minute(s), 8 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    \\?\globalroot\systemroot\System32\H8SRTjtjrujllua.dll (Trojan.FakeAlert) -> Delete on reboot.
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    \\?\globalroot\systemroot\System32\H8SRTjtjrujllua.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      My System SpecsSystem Spec

Page 6 of 7 FirstFirst ... 4567 LastLast
Malware Problem, please help??

Similar Threads
Thread Forum
Malware Removal Guide 2011: How to Get Rid of All The Latest Malware
Read more at: Maximum PC | Malware Removal Guide 2011: How to Get Rid of All The Latest Malware
System Security
Desktop problem following malware infection
Hi Guys, scored myself a beaut little program called Windows Recovery, it's awesome, like being boiled in acid. Anyway after a day of stuffing...
Crashes and Debugging
problem with malwarebyte's anti malware software
hi guys I'm having problems with malwarebyte software from this site Malwarebytes I had this software before and it was running good until I...
System Security
malware
Hey guys, I'm new at this so sorry if this has already been posted and answered. Basically I was hacked by vista antispyware 2010 a couple of times...
System Security
Help with Vista 32bit malware/virus problem?
I have a pretty big problem although it seems to be fixable with the proper guidance. If there is anyone out there that can help me, it'd be much...
System Security
Malware Detections of Free Anti-Malware/Anti-Spyware
Donna over at Calendar of Updates has posted a second test regarding the viability of free anti-malware and free anti-spyware programs - Malware...
System Security
Problem with Malware
This is an answer to your question in very simple terms (cause I am simple <G). While the typical Trojans,etc are still out there, up until...
Vista General

Our Sites
  • Ten Forums
  • Eight Forums
  • Seven Forums
  • Help Me Bake
  • Site Links
  • Contact Us
  • Privacy and Cookies
  • About Us
    Windows Vista Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

    Designer Media Ltd
    All times are GMT -5. The time now is 08:13.
    .