Severe Virus problem I have been fighting

Microsoft 3pk winxp home/plus! dme sp2 e...
November 10, 2010 at 21:51:49
Specs: Windows XP, one /2gigs
I have spent 2 weeks cleaning my system after work and weekends.
5 harddrives infected, all Restores infected. Recycled infected. Many Viruses reinstalled after every cleaning even in safemode. Mail Server infected, Apache infected, Winfirewall and AntiVirus deleted off harddrive
Thousands of Registery entrys to keep them alive. My system is very old, and have many customers that rely on what I do, so reformat was not a option. Not sure I Have evicted all of them but have new battle armor and 2 bazokas now.

Christine
The VERY SHORT list From Log and error files
!#HSTR:67.228.38.250-static.reverse.softlayer.com - - [05/Nov/2010:17:54:44 -0700] "GET / HTTP/1.0" 200 142865 "-" "-"
&{CE7C3CF0-4B15-11D1-ABED-709549C10000
?Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run mysys
#HSTR:Worm:Win32/Autorun.DK
\kill_kv200

!#SCPT:VirTool:JS/Calleenc.A
#TrojanSpy:Win32/Goldun!
#Backdoor:Win32/Agent!
!#TARG:Backdoor:PHP/Shell.A
HSTR:Trojan:Win32/Vundo.gen!BA
HSTR:Win32/MsnApiWeak.gen

HSTR:Win32/MsnApi.gen
HSTR:Win32/Bropia.gen!E
HSTR:Win32/Kelvir.gen!A
HSTR:Win32/MsgVB.gen!B
HSTR:Win32/Delfsnif.gen
HSTR:TrojanDropper:Win32/Pakes.gen!A
HSTR:Win32/Anomaly.gen!E
HSTR:mzinresource
SFOP:Win32/PEDiminisher
HSTR:PWS:Win32/Zbot.AAAA
STR:PWS:Win32/Hupigon.gen!ADE2


See More: Severe Virus problem I have been fighting

Report •

#1
November 10, 2010 at 21:57:30
some IPs from attack
allow,deny
deny from 77.70.54.66
deny from 66.31.186.151
deny from 195.94.177.100
deny from 103.230.241.
deny from eastlink.ca
deny from 103.230.241.eastlink.ca
deny from 91.212.127.100
deny from allrequestsallowed.com
deny from 74.143.8.227
deny from 69.183.62.246
deny from 60.234.251.122
deny from 67.228.38.250
deny from 12.8.123.205
deny from 75.145.44.1
deny from 173.203.193.61
deny from 173.203.193.61
deny from 12.8.123.205
deny from 4.78.240.235
deny from 74.3.209.149
deny from 75.145.44.1
deny from 71.231.191.144
deny from 60.234.251.122
deny from 69.3.64.3
deny from 67.228.38.250

Report •

#2
November 10, 2010 at 22:49:06
that looks like a rogue program infection,use the MS scanning/removal tool
it should remove most of the WIN32 infections including the worms
http://www.microsoft.com/downloads/...
then run malwarebytes in full system scan scan to remove the rest http://www.techspot.com/downloadget...
let it remove everything it finds
then use Ccleaner to finsh removing corrupt files and reg entries
http://www.piriform.com/ccleaner/do...
if the malware is still present after doing the above,repeat the same procedures in safe mode
:make sure that you update malwarebytes before you run it

Report •

#3
November 13, 2010 at 12:51:51
Thanks for the assist! I now use Comodo, Tcpview, Autostart and Process Viewer, and a host of SysinternalsSuite, RootkitRevealer, and 20some other goodies.
I think I am still infected somehow as the Volumeinfo is hidden again

Report •

Related Solutions

#4
November 14, 2010 at 11:58:38
this might help recover the missing folder
http://www.theeldergeek.com/system_...
also it would be a good idea to delete those older infected syst'restore points
if you suspect that you're still infected,run this removal tool in safe mode http://majorgeeks.com/downloadget.p...

Report •

#5
November 15, 2010 at 01:42:34
I turned OFF restore, and that deleted all the restore folders and the virus's in them.
Neat trick.
As for the links. Thanks for them but I am going to pass. I am very wary of any program that is run from the web, and not knowing exactally what is is going to do to my system.

Thanks.


Report •

Ask Question