07-20-2009 11:37 PM
System I use is 2005 Windows XP Media edition, service pack 3, Dell Inspiron 6000
I've been hit with 2 viruses about 3 weeks ago, simultaneously. First is a backdoor.Tidserv virus, security level: High and
Second, suspicious.vundo.2, heuristic virus, security level: high
I didn't notice them until I did a scan a week later when I scanned it through Norton 360.
What has affected it:
well I noticed my PowerISO was not functioning properly so I uninstalled...(big mistake)
One thing I do notice is that it has infected my Internet Explorer and Firefox search engine by redirecting me to different sites, defragment does not work, any spyware/malware programs such as spybot search and destroy / HIjackThis / will not open
I haven't really done anything other than continue to upgrade Norton 360 through LiveUpdate and continuous scans and shut down through cold boots.
I really want to get rid of this viruses immediately and yet I did a lot of research on these and they are very very hard to remove. I need help!!
Solved! Go to Solution.
07-21-2009 12:52 AM
There is a distinct possibility that you have more than one rootkit. They can be extremely difficult ot remove. Please begin by downloading GMER to see if we can get more than one log for cross-checks;
Please make sure all the boxes are checked. Scan Only. Do not attempt to fix anything. There is sometimes an order of removal that is important to protect your system.
You will be able to post the log using the "add attachments" link under the orange post button.
Also download and run SysProt. You will need to go into Norton and turn auto protect off or it will remove the scanner.
Click on report or log, check all of the boxes and HD. attach the log the same way.
Quads will have a look when the logs are available. He is the guru responsible for this type of work.
07-21-2009 11:15 AM
I would try the Norton Recovery Disk. If you have N360 v3 - boxed version you can use the CD as a bootable recovery disk. Just turn off the e PC,
insert the cd and boot up. it will boot from the cd - bypassing any rootkits or early loading viruses you may have. You will need your activation code
to finish the process.
If you don't have the cd you can download an ISO of it and burn a recovery cd.
07-21-2009 12:49 PM
That has been tried with some success on a couple of rootkits, if Symantec has the definitions for them, and if the user is able to update using the internet, and if the user has v3. Some of us have spent 8 pages of posts trying to get the user updated, connected, downloaded, burned as an ISO, only to have the removal fail.
We find it is much better to first determine what rootkit variant we are dealing with, and then proceed with remediation.
07-21-2009 10:07 PM
its me again. I've managed to scan with the GMER program you provided. It took forever since I performed a full computer scan but was able to identify the culprit. It turns out the two viruses I mentioned before was already quarantined by Norton 360 when I did the scan 3 weeks ago. Hopefully there is a way to remove those but that will be on another post. GMER has manage to identify MSIVXserv.sys, and you'll see in the log file, which I did some research and turns out to be the trojan effecting my web browser and other programs like defragment and spyware/malware programs to not operate.
Here is my log file and hopefully you and other experts can provide a solution to removing this nasty trojan out of my system.
07-22-2009 08:32 AM
07-22-2009 05:25 PM
Now (read carefully) If you have Spybot S&D uninstall it.
Also during the restarts with Avenger if Your PC has a Startup repair center like with HP and Toshiba tell it to start Normally if it kicks in.
1. Download Avenger to your desktop,
Unzipped version http://homepages.slingshot.co.nz/~crutches/Avenger
Creators website http://swandog46.geekstogo.com/avenger2/avenger2.h
2. Click to run "Avenger.exe" (right click "Run as Administrator" if using Vista)
3. In the "Input script here:" copy and paste the script between the lines
Drivers to disable:
Drivers to delete:
Files to delete:
Registry keys to delete:
Here is a screenshot (script updated since shot)
Make sure the "Automatically disable any rootkits found" is NOT selected
4. Click "Execute"
You will be asked to restart the PC click "Yes", when the PC restarts the load screen will takes slightly longer, then when it looks as though windows is loading the PC will restart again.
Then when Windows fully loads the Avenger log will be loaded, showing files it could or could not find. C:\Avenger.txt
5. Restart the PC again, then see if you can install Update and run Malwarebytes http://www.filehippo.com/download_malwarebytes_ant
07-22-2009 09:12 PM
Well everything seems to be running in order. Malwarebytes found and deleted 28 malware in my system. Rebooted. Updating security patches from Windows Updates, Norton 360 LiveUpdate, Malwarebytes Update and so forth.
One other question...can I reinstall spybot S&D? or just leave it the way I have now?
Other than that, I really thank you for helping me out. Without this and your expertise I would have end up going to someone else and actually end up paying someone to remove that trojan I had. I really appreciate it and of course I'll definitely ask more questions if I experience any problems like this again. I'll go ahead and put in my logs for avenger and malware just in case you need it and study it for future referrence. Thanks again.