virus destroying my computer--need HELP!

August 1, 2009 at 20:43:27
Specs: Windows XP
dell dimension desktop runs very, very slowly. IE 8 will not boot for 3-5 minutes. Disabled sys restore and ran scan w/nod32. Nothing happened! M/S live care utility keeps saying that I have trojan: win 32/boaxxe.f. It says it has cleaned it at least 3 times. I cannot download malwarebytes program. I cannot even run the scan suggest on this site. My nod32 scan says at the end of almost every line: archive damaged-the file could not be abstracted! Please help if you can. Thanks in advance.

See More: virus destroying my computer--need HELP!

Report •


#1
August 1, 2009 at 22:47:56
Download and run Kaspersky AVP tool in safe mode: http://devbuilds.kaspersky-labs.com...
Once you download and start the tool in safe mode:
# Check below options:

    * Select all the objects/places to be scanned. 

# Click Scan
# Fix what it detects
# Zip/Rar Scan log/Summary and upload it to rapidshare.com. Post download link in your next message.

Illustrated tutorial: http://img32.imageshack.us/img32/76...

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#2
August 2, 2009 at 22:41:26
jdk: Thanks for response. I must be losing my mind because I have been working constantly on the information you gave me and it seems like the malware that has taken over the pc knows where I will go next! I downloaded trial Kapersky and could not validate it because suddenly my cisco router went kaput and I couldn't get the correct ip code into it so I could connect to the internet. I finally found another router to hook up with but now both routers have disappeared from view. I can't get onto the internet to update Kapersky. I think my only choice is to do a clean install. This means I lose one hell of a lot of work! I have a mozy backup but it is worthless since the files downloaded would be infected. You wouldn't by any chance have a gun that I could borrow?

Report •

#3
August 3, 2009 at 06:29:22
What happenes when you follow Response Number 1 in safe mode?

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

Related Solutions

#4
August 3, 2009 at 14:53:23
response #1: cannot update kapersky because I can no longer connect to the internet. I have tried to put the proper IP code into my router without success. The malware seems to anticipate my moves and destroys my access to the internet. It is a real pain. Thanks for your help.

Report •

#5
August 3, 2009 at 14:55:54
Update? You don't need to update. Transfer it via usb from another computer.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#6
August 3, 2009 at 22:21:42
I am running a (non updated) kapersky in safe mode. I am not a geek as you know. I don't know how to transfer a program to another using usb. I don't know what the av scan will produce but I will use msconfig and google startup programs to see if they are safe or unsafe. Thanks.

Report •

#7
August 4, 2009 at 14:09:17
8/4/09
the results of the kapersky scan are:
detected://www.viruslist (3)times
password protected (10) times.
I have no idea what that means except that the viruslist items were listed as "vulnerabilities" at one point.

Report •

#8
August 4, 2009 at 16:10:11
Post a screen shot of detected items or active threat.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#9
August 5, 2009 at 14:33:32
I found 2 more items from kaparsky scan:
1.suspicious driver installed.....aegisi5.exe
2.vulnerabilities (3): #31106 Mozilla
#31010 Java.exe
#28083 Musicmatch jukebox

I can't use my computer since I cannot access the internet. I am typing this from another. If the malware detected above is in the scan does that mean that Kaparsky has neutralized it?
Where do I go from here?


Report •

#10
August 5, 2009 at 19:10:11
Why isn't your internet working?

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#11
August 6, 2009 at 13:17:58
I went into the router and found that the ip number had changed suddenly. My attempt to change it back failed. Mozy backed up my files and they tell me that they can make cd's of these files. If I clean my computer disc how can I load the mozy backup cd's without transfering the malware?
I take it that the scan from kaparsky was of no value. It was not brought up to date because of my internet problem. I can only run in safe mode and that appears to be having problems. I tried to get a saved item from word and the computer froze.

Report •

#12
August 6, 2009 at 13:31:47
humblejohn, you may want to unload IE8 and revert back to IE7. I've done that on many PC's in the past lately.
Also try running a scan with Malwarebytes
http://www.filehippo.com/download_m...
and removing all it finds....try loading it onto a thumbdrive or rewriteable CD on another PC and then installing it on the problem one.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#13
August 7, 2009 at 14:36:34
For the time being I am back on the internet. I updated Kaparsky and scanning but everytime the scan stops on the virus "rootkit.win32.podnuha.a". The computer reboots and then the same thing happens again. When Karparsky finds something like this doesn't it delete it? Am I supposed to delete it??? I have not been able to complete a full scan-I got as far as 65% and then it stopped and the computer froze! Am I doing the right thing or should I shoot myself? BTW can I run malwarebytes when Kaparsky is in my computer?

Report •

#14
August 7, 2009 at 14:47:40
Which version of kaspersky are you running?

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#15
August 7, 2009 at 21:47:57
Here is a copy of the scan completed today.
http://rapidshare.com/files/2649787... Thanks for your time.

Report •

#16
August 7, 2009 at 22:09:10
follow:

1) Install, update database and run full scan with Malwarebytes' Anti-Malware. Attach malwarebyte full scan log, fix anything detected.

2) Run full Scan with SuperAntispyware : http://www.superantispyware.com/dow... . Fix what it detects and post summary scan log.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#17
August 8, 2009 at 14:41:26
Here is the Superspyware logs from 8-8-09:
http://rapidshare.com/files/2652433...
Here is the Malware log:

http://rapidshare.com/files/2652489...

thanks for your time. My computer is still very, very slow despite all the scans. I think the trial versions do very little actual scanning and deletion. See ya.


Report •

#18
August 8, 2009 at 18:59:11
Note: I can help you remove malware manually. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible. First Track this topic. Then follow:

1) Can you please post your AVZ log:
Note: Run AVZ in windows normal mode and make sure you are connected to internet. If avz.exe doesn't start, then try to rename the file avz.exe to game.pif and try to run it again. Pause/Stop your antivirus, firewall software (if any), close games, text editors and all other programs; leave Internet Explorer/Firefox running, before following the steps below.

i) To create the log file, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

ii) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.

iii) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator.

You should now see the main window of the AVZ utility.

--> Please navigate to "File" => "Custom Scripts". Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.

begin
ExecuteAVUpdate;
end.


Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script.

--> Choose from the menu "File" => "Standard scripts" and mark the "Healing/Quarantine and Advanced System Analysis" check box. Click on the "Execute selected scripts" button.
Automatic scanning, healing and system check will be executed. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip. Upload virusinfo_syscure.zip to rapidshare.com and paste the link here.
* It is necessary now to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan. All applications will work properly after the system restart.

Image Tutorial

2) Download and Run DDS which will create a Pseudo HJT Report as part of its log: DDS Tool Download Link. When done, DDS will open two (2) logs

   1. DDS.txt
   2. Attach.txt

Upload the logs to rapidshare.com and paste download link in your next reply.
Note: Disable any script-blocking programs and then double-click on the DDS.scr icon to start the program. If you did not disable a script-blocker that may be part of your antimalware program, you may receive a warning from your antimalware product asking if you would like DDS.scr to run. Please allow it to do so.

In your next reply, please include download links to the following:
[*] virusinfo_syscure.zip
[*] DDS Logs

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#19
August 10, 2009 at 20:49:43
cannot get avz.exe to scan fast enough. It has so far scanned to #3 which I believe is the disk scanning section. The remaining time keeps increasing from a start of .28 to 1.23. After about an hour this point is reached and then the computer starts to act up-the mouse will not activate anything. After I turn the computer off and restart I go through the same thing. Initially everything-internet connection-avz toolkit etc.After about an hour the whole thing locks up again.

Report •

#20
August 10, 2009 at 21:11:55
AVZ can take couple hours. Pause all your antivirus/spyware programs and let it finish its scan. Don't use your computer while its scanning.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#21
August 11, 2009 at 19:37:56
Try to make this log:

Start AVZ*. Choose from the menu "File" => "Standard scripts" and mark the "Advanced System Analysis" check box. Click on the "Execute selected scripts" button.
A system check will be executed. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip. Upload virusinfo_syscheck.zip to rapidshare.com and paste the link here.
* It is necessary now to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan. All applications will work properly after the system restart.

In your next reply, please include download links to the following:
[*] virusinfo_syscheck.zip

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#22
August 12, 2009 at 19:52:12
here is the file from the system check:

http://rapidshare.com/files/2667812...


Report •

#23
August 12, 2009 at 20:53:02
Here are the 2 scans from DDS:

1.DDS.txt
http://rapidshare.com/files/2667918...

2.Attach.txt
http://rapidshare.com/files/2667924...


Report •

#24
August 12, 2009 at 22:41:56
This is the first full scan per your 8/11/09 instructions. Standard scripts and advanced sys analysis:


http://rapidshare.com/files/2668111...


Report •

#25
August 13, 2009 at 06:57:16
Wrong files for Response Number 21. Please attach the correct files.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#26
August 14, 2009 at 18:26:48
I hope these are the files you are looking for:

http://rapidshare.com/files/2674966...


Report •

#27
August 14, 2009 at 19:07:14
Wrong files again.. lol

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#28
August 14, 2009 at 19:12:45
Follow:

Run a full scan with http://www.eset.com/onlinescan/

# Check the box next to YES, I accept the Terms of Use.
# Click Start
# When asked, allow the activex control to be installed.
# Click Start
# Check below options:

    * Remove found threats
    * Scan archives
    * Scan for potentially unwanted applications (Advance Settings).
    * Enable Anti-Stealth technology (Advance Settings).

# Click Scan
# Wait for the scan to finish
# When it finishes it will create a log file here: C:\Program Files\ESET\ESET Online Scanner\log.txt
# Attach this logfile to your next message.

Illustrated tutorial: http://img155.imageshack.us/img155/...

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#29
August 15, 2009 at 06:01:38
Here is the Eset log of 8/15/09:

http://rapidshare.com/files/2676508...


Report •

#30
August 15, 2009 at 06:28:49
Follow these Steps in order numbered. Don't proceed to next step unless you have successfully completed previous step:

1) Attach a Combofix log, please review and follow these instructions carefully.

Download it here -> http://download.bleepingcomputer.co...

Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows and pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) until after the scanning and removal process has taken place.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan. Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please upload that file to rapidshare.com and paste the link here.

2) Please zip up C:\qoobox\quarantine and upload it, to a filehost such as http://rapidshare.com/ Then, Private Message me the Download links to the uploaded files.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#31
August 17, 2009 at 13:10:16
Tried Kaspersky scan once again. I don't know how to make a zip but it is .rar. If this is any use let me know:

http://rapidshare.com/files/2684909...

I can't figure it out but the computer seems to be working better now even though it is still very slow. I made above scan after updating Kaspersky.


Report •

#32
August 17, 2009 at 14:46:29
Did you finish Response Number 30 ?

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#33
August 19, 2009 at 14:25:07
combofix.log 8/19/09:

http://rapidshare.com/files/2692615...
Please let me know if this is of any value. Thanks again


Report •

#34
August 19, 2009 at 19:16:53
Complete part 2 of 30.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#35
August 19, 2009 at 19:20:44
I am not sure you can open my last pm to you regarding:

http://rapidshare.com/files/2693308...

I am resending here.


Report •

#36
August 19, 2009 at 19:39:07
That is the log. Quarantined files is different. Read step #2 of 30.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •


Ask Question