Bugger of a virus!

  • Thread starter Thread starter Neil
  • Start date Start date
N

Neil

While doing my monthly check on my brother's P.C (if I don't, it ends up
with all kinds of crap!) I found that I couldn't access MSConfig. Since
then, I've been battling against something which so far has got me beat!

As well as MSConfig, RegEdit & Task Manager are also inaccessable, I am
unable to access any Admin services, Norton Anti-virus 2005 has been
disabled and blocked (and can't be re-installed), anti-virus websites are
blocked (apart from one which allowed me to start an online scan, but was
shut down after a while) and all of this even when booted into safe mode! I
have tried an up-to-date Spybot S&D but although it finds and removes DSO
Exlpoits, they return on the next scan. The same with AdAware - finds,
removes, then they return. I've even tried a virus remover file from
McAfee's website called "Stinger", but this is prevented from running.

After 2 nights of trying, I am even at the stage where I don't even
know the name of the virus, as it is so well embedded.

If anyone has any ideas, I would appreciate it as it is now become a battle
of wills and I don't want to give up and re-format.....yet!

TIA
 
While doing my monthly check on my brother's P.C (if I don't, it ends up
with all kinds of crap!) I found that I couldn't access MSConfig. Since
then, I've been battling against something which so far has got me beat!

As well as MSConfig, RegEdit & Task Manager are also inaccessable, I am
unable to access any Admin services, Norton Anti-virus 2005 has been
disabled and blocked (and can't be re-installed), anti-virus websites are
blocked (apart from one which allowed me to start an online scan, but was
shut down after a while) and all of this even when booted into safe mode! I
have tried an up-to-date Spybot S&D but although it finds and removes DSO
Exlpoits, they return on the next scan. The same with AdAware - finds,
removes, then they return. I've even tried a virus remover file from
McAfee's website called "Stinger", but this is prevented from running.
Click to expand...
In the old days PCs had 3.5" drives. You could have run Stinger from floppy.
 
On that special day, Neil, ([email protected]) said...
As well as MSConfig, RegEdit & Task Manager are also inaccessable, I am
unable to access any Admin services, Norton Anti-virus 2005 has been
disabled and blocked (and can't be re-installed), anti-virus websites are
blocked (apart from one which allowed me to start an online scan, but was
shut down after a while) and all of this even when booted into safe mode!
Click to expand...

Try to download and run Process Viewer from www.systernals.com, and kill
the offending process. Maybe this gives you a head start from which you
can get your hands on this elusive malware.


Gabriele Neukam

(e-mail address removed)
 
Gabriele Neukam wrote:
[snip]
Try to download and run Process Viewer from www.systernals.com, and kill
the offending process. Maybe this gives you a head start from which you
can get your hands on this elusive malware.
Click to expand...

process viewer? did they change process explorer's name?
 
Gabriele Neukam wrote:
[snip]
Try to download and run Process Viewer from www.systernals.com, and kill
the offending process. Maybe this gives you a head start from which you
can get your hands on this elusive malware.
Click to expand...

process viewer? did they change process explorer's name?
Click to expand...

lol @ Kurt, in Ireland we refer to this as knit picking - I'm sure
Pete got the picture from Gabrieles post.

Regards,
Ian Kenefick
http://www.IK-CS.com
 
| While doing my monthly check on my brother's P.C (if I don't, it ends up
| with all kinds of crap!) I found that I couldn't access MSConfig. Since
| then, I've been battling against something which so far has got me beat!
|
| As well as MSConfig, RegEdit & Task Manager are also inaccessable, I am
| unable to access any Admin services, Norton Anti-virus 2005 has been
| disabled and blocked (and can't be re-installed), anti-virus websites are
| blocked (apart from one which allowed me to start an online scan, but was
| shut down after a while) and all of this even when booted into safe mode!
I
| have tried an up-to-date Spybot S&D but although it finds and removes DSO
| Exlpoits, they return on the next scan. The same with AdAware - finds,
| removes, then they return. I've even tried a virus remover file from
| McAfee's website called "Stinger", but this is prevented from running.
|
| After 2 nights of trying, I am even at the stage where I don't even
| know the name of the virus, as it is so well embedded.
|
| If anyone has any ideas, I would appreciate it as it is now become a
battle
| of wills and I don't want to give up and re-format.....yet!
|

Try HiJackThis: http://www.merijn.org/downloads.html

SB
 
Ian said:
lol @ Kurt, in Ireland we refer to this as knit picking - I'm sure
Pete got the picture from Gabrieles post.
Click to expand...

actually, i was serious... it's not like process explorer was it's
first name - i remember when it was HandleEx...

i was also being a lazy bum, i asked instead of going to look myself
and see if they changed it...
 
On that special day, kurt wismer, ([email protected]) said...
actually, i was serious... it's not like process explorer was it's
first name - i remember when it was HandleEx...

i was also being a lazy bum, i asked instead of going to look myself
and see if they changed it...
Click to expand...

sigh...

I can just too easily mistake it for Igor Nys' "PrcView".

Sorry


Gabriele Neukam

(e-mail address removed)
 
Back
Top