New virus so it seems..

[Regs]

When I boot up and log in, I get a command prompt saying system is shutting down because a failure to boot some dll file.

Windows defender and windows one care is disabled and even in safe modes I can't update defender nor can i run one care.

I use to run E-Trust anti-virus but the damn thing never updated correctly and im starting to think all along it was because of this trojen/hijack.


Anyway I can keep my system from shutting down? I'm running a Mcafee online scan in safe mode as I type this hoping it will turn up something.

 

[mechBgon]

You might give System Restore a shot, if you can get it to run. Start > All Programs > Accessories > System Tools > System Restore.

McAfee's detection rates don't impress me; you might want to fire up Internet Explorer and try F-Secure's online scanner, as a starting point: http://www.f-secure.com/security_center If you do get a detection, try to get the report and post the exact names of the malware, since that can help with removal.

Do you happen to know the exact source of the attack (a download, a malicious link or web page, infected flash drive, ???)?

 

[Regs]

Likely a fake movie file off a p2p. Ill give it a try.


Im also running microsofts on-line scanner at the same time.

 

[mechBgon]

Once you get it straightened out, you might want to check your rig for known vulnerabilities, so that exploits won't have easy targets: https://psi.secunia.com <-- useful utility. It can be a bit "busy," so you might want to configure it not to start automatically, and just run checks manually every couple weeks instead.

 

[Regs]

I tried system restore. It helped for about 5 minutes until it started again. It's likely a nasty warm. Kind of like the blaster worm. When I first loaded after system restore it gave me a two errors that the computer was unable to find files in some temp file. My guess is that the warm is calling on two generated files in the temp.


Nothing in run registry under windows looks suspecious.

Still running f-secure. 24 spyware files found, no virus. Yet.

My guess those 24 spyware files are just cookies.

 

[Regs]

Thanks guys. I'm running F-Secure right now as Mech mentioned.


I will get AVG a.s.a.p.


So far it detected 24 spyware and one virus. I don't know anything else as it's still scanning and will likely take the rest of the night.

I hope they compensate you well at your firm Mech for what you do (though they never pay enough I know).

Have a happy new year!

 

[John]

Originally posted by: Regs
I use to run E-Trust anti-virus but the damn thing never updated correctly and im starting to think all along it was because of this trojen/hijack.

E-Trust has had some of the worst detection rates for several years now, so I'd avoid it like the plague. Any of the top free AV's (Avira, Avast!, AVG) are superior in every way.

Anyway I can keep my system from shutting down? I'm running a Mcafee online scan in safe mode as I type this hoping it will turn up something.

Like mech mentioned, McAfee also fails to impress when it comes to malware detection and removal. I used to mention the command line scanner in my guide, but since there are so many other viable options it has been 86'ed. I would recommend that you work thru my malware guide in order to nuke the infections.

 

[Regs]

Oh goord lord.

Trojan.Win32.Agent.dkm (C:\RECYCLER\S-1-5-21-2025429265-4126...)
NoneDisinfectRenameDelete
Agent.ANAR (C:\FRAPS\FRAPS.EXE)
NoneDisinfectRenameDelete
Backdoor.Win32.Shark.ca (C:\DOCUMENTS AND SETTINGS\DAN\MY DOC...)
NoneDisinfectRenameDelete
Trojan.Win32.Agent.dkm (C:\DOCUMENTS AND SETTINGS\DAN\LOCAL ...)
NoneDisinfectRenameDelete
W32/Malware.PSS (C:\DOCUMENTS AND SETTINGS\DAN\DESKTO...)
NoneDisinfectRenameDelete
W32/Malware.ACXR (C:\DOCUMENTS AND SETTINGS\DAN\DESKTO...)
NoneDisinfectRenameDelete
W32/Malware.ACXR (C:\DOCUMENTS AND SETTINGS\DAN\DESKTO...)
NoneDisinfectRenameDelete

Seems like Win32.Agent.dkm . Damn, and I do remember using Fraps for call of duty 4 recently.

 

[Regs]

OK.

So I did a system restore for about a week ago and that seemed to fix the DOS attack making my system shutdown.

Now I installed and updated AVG Anti-virus and running a full scan. I also enabled my firewall though nothing much a firewall can do with viruses disguised as programs.

F-Secure online scan I guess only scans but does not clean.

 

[mechBgon]

Originally posted by: Regs
OK.

So I did a system restore for about a week ago and that seemed to fix the DOS attack making my system shutdown.

Now I installed and updated AVG Anti-virus and running a full scan. I also enabled my firewall though nothing much a firewall can do with viruses disguised as programs.

F-Secure online scan I guess only scans but does not clean.

Last I checked, the F-Secure scanner did clean stuff, but maybe they changed it

If it were me and I needed a free AV, I'd probably use AntiVir's free version rather than AVG's free version, because AntiVir has better detection rates in my experience.

If you decide to use AntiVir, then right-click the system-tray icon, choose Configure, enable Expert Mode, then methodically go down all the different settings panels and max out the options for both the "Scan" section (on-demand scans and scheduled scans) and the "Guard" section (real-time protection). The heuristics are particularly valuable, so max them out for sure.

It would also be good to schedule a periodic scan, which you would do by right-clicking the tray icon, choosing "Start AntiVir," and going to the "Scheduler" tab and enabling/scheduling the "Complete System Scan."

 

[John]

Originally posted by: Regs
OK.

So I did a system restore for about a week ago and that seemed to fix the DOS attack making my system shutdown.

Now I installed and updated AVG Anti-virus and running a full scan. I also enabled my firewall though nothing much a firewall can do with viruses disguised as programs.

I guess my guide isn't good enough?

F-Secure online scan I guess only scans but does not clean.

Are you assuming? It does offer cleaning and deletion of all detections.

 

[gsellis]

Regs... you cannot borrow my stuff

When you get back up and clean, go to the Ultimate Boot CD for Windows site and build one of those puppies for yourself. It is a great fallback that is better than safemode at disinfecting yourself (and a great tool for about everything else that could possibly go wrong). It also has scanners and IIRC, some of them will connect to recent updates while you are using it.