Sign in with
Sign up | Sign in
Your question

BAD virus shuts down www/pc

Last response: in Windows XP
Share
September 15, 2009 9:07:22 PM

Sep 5 I think I got a virus from email marked as Urgent, from old friend so I opened it. I THINK that was source as had a odd canned message about "virus warning" deleted but it seems not in time. Then got two more of same so probably was source, days later got another one on "not an issues" etc from another person that was on email list, seems still going on. I told them to remove my name email until they cleared it up and to NOT reply to my message.
.End result of virus.
SERIOUS: It shut down PC to DSL earthnet card to dsl router as internet connection is fine. When I try to go online first get message "MS Installing SCAN" and it proceeds as if in normal install mode. Noted on WR 2.2 (What's Running) this "Install" starts via ms install and ID's self as msiexec.exe and is exact copy of msiexec,exe. Install, looks like uses msi to mask itself, as a install runs down to point it asks for CD.. WHEN I "Cancel" install, simply restarts self and even does it after using task manger to "end task". NOTE when starting in safe mode, it will flash as attempt to run, but will not go. Safe with network will NOT concoct in same manner as "normal" will not..

My internet connection is via 4 hookup dsl router, other two PCs on it works fine. This is ole 1998 PCm win98 and not a lot of HD-memory-etc. I pulled other one off the DSL to prevent spread as this one is networked to it, a back up if all else fails I kept handy, this PC is on same dsl router, DSL HW is not an issue. Infected PC will ping OK, Now left with virus may be after TCP or such. DO NOT know how to test TCP etc, but did reinstall new earthnet card config. Have heard where this can set up a "hidden" address or such but have NO idea of what that is or how to check it out, as supposedly can conflict TCP or router? Ideas there? But not core issue as it would not start "install" when I try to go online.

NOTE infected PC CANNOT get "connected' but all www-emails-etc are DSN"s "cannot find server". Tried everything so far, virus scans AVAST COMODO were there, they will NOT find it.. manually cleaned "Trojans-hijacker-tracking etc from registry active x, ran mawlare and avg via CD made off other machine. Ran a regedit listing of backdoor etc I got off www sites, it found a few issues but virus still there.

ANY ideas, "format" is not an option. Do NOT recommend any "run virus scan from //// as PC wiill NOT go on line, all has to be from CD that copies off other PC, OK? NOTE when I run "WR2.2 (whats running SW) I can see the thing come through msiexec.exe as a sub routine, Something starts msi and uses copy to mask itself.. as the "msi" I see as subroutine from msi (legit( is exact copy, shut it down and whatever runs under it goes away, for a time. It seems to have a timer as goes more destructive and after 1-2 hours goes into shut down restart loop.. When in 'SAFE" I can see "install" flash on but is shut off or not allowed to start..
IDEAS as spent ONE week trying about all I can find.. HELP
:fou: 

More about : bad virus shuts www

September 15, 2009 10:20:39 PM

Try downloading malwarebytes and Avira. You can install them off the CD in safe mode, then scan. They are 2 of the best programs.
September 16, 2009 12:28:11 AM

Also try A-Squared, i find a it very good competitor if not superior to malwarebytes. And download Avira Rescue system so you can scan from a bootable CD. However personally if I were you, I would reinstall my OS and not waste your time because chances are, the hours you will put in to rid of the virus will be hours wasted for nothing. Anti-viruses might remove the virus but the damage has already been done becuase chances are, it already edited tons of registry keys and core OS files and anti-viruses dont undo that so I suggest the best way to rid of it 100% is to shove your Xp disk inside your drive, format your drive and install a fresh new XP :) 
Related resources
September 16, 2009 1:50:10 AM

Note my message, FORMAT IS NOT AN OPTION, would take months of time to rebuild files
NOTE and think IF I saved them to reenter after reformate then virus might still be there o want to solve it not "reformat"
NOTE MOST AV's are not that great a getting into the new stuff, they often miss alot and if you doubt it visit your reg-actx and look about.

Need some systems guys that might have ideas, not canned SW or reformat etc a stated. Thanks for ideas but if I have to cut "edit tons" then that is what I will do,, data is to valuable to dump, this is a working PC, not a gamer or such.
I think this is a bigger virus then most know.. have heard from others that lost their wireless as well as dsl and such.. The dsl, wireless, etc working fine, but virus is cutting them off...
September 16, 2009 2:13:42 AM

Malwarebytes and Avira are top notch programs. If you have something, they should find it. Boot into safe mode with networking, download, update, and do a full scan.
September 16, 2009 1:28:22 PM

Hello hmmmm,

I'm Mister_M@sk and I will be helping you with your computer problems.

  • Please do not run other tools or scans.
  • Copy and paste all logs requested in you reply and follow the instructions exactly.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Absence of symptoms does not mean that everything is clear.
  • I cannot be responsible if the PC doesn't work after the manipulations, but I will do all my possible to help you.

    So, let's go !

    # 1 - Search Infections



    Download Random's System Information Tool (RSIT) by random/randomand save it on your Desktop.

  • Execute RSIT.exe to start RSIT.
  • Clic on Continue at screen Disclaimer and let the values as default
  • If the tool HijackThis is not present or not detected RSIT dowload it, you must accept the license.
  • When the analyst is finity, two reports pop up

    NB : Reports are saved in : C:\rsit\

    Please in your next reply, post :
  • Log.txt
  • info.txt
    September 16, 2009 1:43:52 PM

    Lol ^^
    September 16, 2009 3:11:01 PM

    Quote:
    Lol ^^


    Your post is so useful, thanks.
    But I don't understand why you laugh :) 

    @+
    September 16, 2009 3:16:01 PM

    Your message sounds like a malicious bot. And by telling the OP to not run any other scans, you pretty much said not to listen to anyone else. Then you suggest a program and put your own disclaimer that you aren't responsible if it messes up the OPs computer.
    September 16, 2009 3:24:52 PM

    Yep,

    Quote:
    Your message sounds like a malicious bot


    I'm a real Human, don't worry :) 

    Quote:
    And by telling the OP to not run any other scans, you pretty much said not to listen to anyone else.


    It's only to don't compromise the PC with many tools. Fixes/tools that we use on disinfection are very powerful, and Dangerous if it's use with errors.
    I can't promise that the PC works like before, it's just a disclaimer to ask the user to backup his important data. I'm a Human, and Human make mistakes.

    But I understand that you be able to doubt me, I'm a new member of this forum ;) 
    @+
    September 16, 2009 3:33:08 PM

    aford,

    No disrespect, but the response made by Mister_M@sk is how the training is given at many online malware removal sites.

    You will find that alot of it is canned responses that address the OPs problem.

    I was a member of MRU, but couldn't complete the course due to family commitments, but believe me the training is very very intensive.

    Basically that is a canned response that you will find at many sites. i.e. bleepingcomputer.com malwareremoval.com and even castlecops used the same technique.

    They are all a part of ASAP: http://www.malwareremoval.com/a-sap.php

    Mister_M@sk mother tongue is french, which makes it even more imperative that canned responses are used, but computer language is international, so doesn't remove from ability.

    RSIT / random random is a very good analyser that takes many hours of training to master, actually there are alot of tools that are used that aren't accessable by the general public that will be run to rid malware.
    September 16, 2009 3:44:52 PM

    Mister_M@sk did you get my private message?
    September 16, 2009 3:58:58 PM

    None taken. That's a new response format to me. I don't go to online virus/malware removal sites. I've always taken care of my issues with the programs I mentioned. They work great and are easy to use.

    September 16, 2009 4:23:46 PM

    Quote:
    Mister_M@sk did you get my private message?


    Yep, I responded.

    Quote:
    They work great and are easy to use.


    I use the both in my disinfection ;) 
    We have the same opinion about this tools.
    September 16, 2009 7:23:13 PM

    hmmmm said:
    Note my message, FORMAT IS NOT AN OPTION, would take months of time to rebuild files
    NOTE and think IF I saved them to reenter after reformate then virus might still be there o want to solve it not "reformat"
    NOTE MOST AV's are not that great a getting into the new stuff, they often miss alot and if you doubt it visit your reg-actx and look about.

    Need some systems guys that might have ideas, not canned SW or reformat etc a stated. Thanks for ideas but if I have to cut "edit tons" then that is what I will do,, data is to valuable to dump, this is a working PC, not a gamer or such.
    I think this is a bigger virus then most know.. have heard from others that lost their wireless as well as dsl and such.. The dsl, wireless, etc working fine, but virus is cutting them off...


    "Would take months of files to rebuild files"-hmmmmm

    ^First off, never say format isn't an option, because it can turn out that you either live with the virus or format, so it pretty much isn't an option if you can't do anything about it.
    -Next, all i am suggesting is that you basically get a huge external hardrive, however much space is enough for you. Then copy all of your important files onto it. After that, Reformat and reinstall your OS, however just be sure your external hardrive is not infected as soon as you reinstall, put all the recommended virus-scanning programs and scan the hard drive, if it finds anything, good, get rid of all the viruses. Next to be sure your system wasn't infected while it was vurnerable, you will reinstall your OS again. This time, you will use this OS for real. Before your connect your hard drive to your computer, be sure to do this:
    -Install all updates from microsoft
    -Install anti-malware programs, (make sure it has anti-virus,spyware,and rootkit,
    -Then connect your hard drive and scan it.

    -However i doubt your data files were infected as viruses infect OS file/folders like windows and system32. But just to be safe, do that. And then copy all your data back and you are set, virus free :) 
    September 23, 2009 6:00:40 PM

    AS I stated Format is NOT an o[tion, how ever if you should care to send me a HD backup devise I will then follow your advise. Until then, advise as to SW or virus fix.

    Note the MS Install Scan has gone away, we found it tied into COMODO AV and deleted ALL AV. For some odd reason MS Firewall keeps stating COMODO firewall is active and will not go away. MS FIREWALL is now disabled.. \
    Note sure if the removed SW fixed the repeated loop of MS Installing Scan or it is just waiting to run again on some other program. Why that started up is still mystery.

    NOW have the DSL issue. We can ping out but no return and www sites end up "Windows cannot find http etc" The Network Adapter" is fine, shows connectivity and and four place router is fine as other machine on it work well. SOOOOO that leaves some sort of virus as it went down at same time as the Misexec.exe started to do it's work. NOTE HAVE RUN ALL kinds of AV, NOTE most ask to update on hte net, which is impossible as PC will NOT go online, have to use CD run off other machines. BUT NONE have shown ANY issues, which is not unusual.

    Can run HJ Scan if any need it. but will fix the SW NOT format, Noted that most of the sites to include our ISP Tech, do not have depth of knowledge to fix, rather are nuts and bolts types, whom replace rather then repair, which is what our society and culture have become. more due to lack of in-depth skills then anything else.. My wife found she knew more then a fwew of the techs she spoke with, and was surprised at what they said to check out, as not a all related. So SW fixes please, as format is NOT an option.. unless I get a USB HD in mail... We seem to have cured one, but even when "set up new connections" run, issue remains same..
    IDEAS? Cleaned out a ot of stuff, seems Grandkids were going where they should not have.. will speak to them and show them history logs.. but need to get DSL back.
    September 23, 2009 7:14:37 PM

    If format isn't an option? okay you win, pay a professional company hundred or maybe thousand bucks to rid of the virus and fix all of the hundreds maybe thousands of screwed up registry keys and windows files that this virus most likley did.
    September 23, 2009 8:28:29 PM

    I love how assistance is requested and then the responses get argued with. The advice like aford gives is exactly what I would say also. Malwarebytes and Avira ( or Avast) are excellent tools with free versions. Download on another computer and burn to a CD or copy to a USB. Then install and run on your infected computer. Be aware that some malware/viruses will try to block the scanners. Clever, nasty little things. IF that fails then the advice from blackhawk to get a 2nd drive, copy data, etc. is also excelelnt advice.
    I would also STRONGLY recommend that you disconnect the infected PC from any internet connection until it gets fixed. It could be doing all sorts of interesting things like opening ports and downloading and running scripts.
    You need to compare the cost of doing a reinstall if necessary versus the cost of just plain losing your data if it gets worse. Or infecting other PCs on your router.
    September 24, 2009 12:20:50 AM

    Did you try the AVs I mentioned in safe mode?

    You may also want to make a boot disc w/ the ultimate boot disc. It has several different tools you could use to clean up your drive.
    http://www.ultimatebootcd.com/
    !