New species of Blaster family virus?
Hi,
About a week ago I started getting the 60 second prompt to restart my computer, doing it after the timer ends. It's the known NT AUTHORITY error, associated with "services.exe".
As it seems to be usual with this type of malware, if I disable my internet connection (wireless network), the prompt never shows up.
I'm using Kaspersky Anti-Virus 2010 updated with the latest virus definitions. I had already scanned through all my disk and though it found some trojans a few days before, which I have deleted, now it won't find anything. I've also tried Kaspersky's Virus Removal Tool with no success. The installer was downloaded yesterday and is named setup_9.0.0.722_25.07.2010_17-31.exe. Its settings were set to maximum security and deep search, which took about 10 hours to do a full scan
I would really like to be able to clean my computer, as I am unable to surf the web.
Trying the shutdown -a command to push the 60-second prompt away gets the computer too much unstable to work on.
Windows malware removal tool from July 2010 (downloaded through windows update) couldn't find anything either.
I'm using Windows XP home edition.
I've made a log file using HijackThis during the 60 second prompt, which I would be happy to paste here, should you ask for it.
Many thanks in advance, for any help I may receive from you.
About a week ago I started getting the 60 second prompt to restart my computer, doing it after the timer ends. It's the known NT AUTHORITY error, associated with "services.exe".
As it seems to be usual with this type of malware, if I disable my internet connection (wireless network), the prompt never shows up.
I'm using Kaspersky Anti-Virus 2010 updated with the latest virus definitions. I had already scanned through all my disk and though it found some trojans a few days before, which I have deleted, now it won't find anything. I've also tried Kaspersky's Virus Removal Tool with no success. The installer was downloaded yesterday and is named setup_9.0.0.722_25.07.2010_17-31.exe. Its settings were set to maximum security and deep search, which took about 10 hours to do a full scan
I would really like to be able to clean my computer, as I am unable to surf the web.
Trying the shutdown -a command to push the 60-second prompt away gets the computer too much unstable to work on.
Windows malware removal tool from July 2010 (downloaded through windows update) couldn't find anything either.
I'm using Windows XP home edition.
I've made a log file using HijackThis during the 60 second prompt, which I would be happy to paste here, should you ask for it.
Many thanks in advance, for any help I may receive from you.
0
Comments
Here's a lovely little guide that can help you through the reinstall.
I will say that Annes suggestion is often the best for those with the tools and willingness to do so. Its the sure fire way to win the battle, and often it does not take that much more of your time. So if you have a source to reliably back up important files, and a restore disk, or partition, its the sure fire path to victory.
That said, if that option does not seem so appealing because you don't have a drive to back up, or maybe you system is so unstable you can't seem to back up you can try this first.
Get malwarebytes - put the install file on a USB key.
Boot into safe mode with networking, install the the files, update the definitions and try running the scan from safe mode. I find that no other free tool works better after an infection.
Run the full scan and wait. See what you find, clean it, boot the system normally. Disable your real time protection from your other AV program. From there run the full scan again (yes, the full scan, not the quick one) Wait, it takes some time. Its possible that it will find remnants of it that it would not in safe mode.
Just speaking from experience in playing with all the different AV scanners over the years, if Malwarebytes won't clean it, generally other things won't fare much better.
Well...the above steps EXCEPT for the formating of your HD.
Anti-Virus Scan->Malwarebytes Scan->RootkitBuster Scan....
I was advised to use ComboFix (along with a few more tools), and the system is now running without any signs of the malware...