Suspicious.mh690.a virus

chang90640 · ‎08-25-2009

Hi guys, i got this same virus this weekend and i have also downloaded malwarebytes. Ran the program and in about 10-15mins of scanning my whole computer turns off.

Then i try running in under safe mode same thing happened in 10-15mins of scanning.

Please help

[edit: Changed subject to reflect move.]

Message Edited by shannons on 08-25-2009 10:44 AM

dbrisendine · ‎10-06-2008

chang90640 -

Please download SysProt here http://homepages.slingshot.co.nz/~crutches/SysProt and run it.

Choose the Log tab and select all the items in the Write to log box. Then select Create Log to start scanning. When it is done, a message window will appear with the location of the log file.

Please attach the log file to a post here; the Add Attachments links is below the orange Post button. Thanks

chang90640 · ‎08-25-2009

Here you go sir.

chang90640 · ‎08-25-2009

Opps, re-ran it and here is the file

delphinium · ‎11-21-2008

Chang90640:

Did you disable Norton auto-protect before you ran the SysProt? If you have any other antivirus, or antispyware software on board that will need to be disabled as well.

Your SysProt is empty.

You can also try GMER, scan only.

http://www.gmer.net/

After it is downloaded to your desktop, right click on the icon, go to properties, and click unblock and apply.

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain

chang90640 · ‎08-25-2009

Re-ran with norton auto-protect disabled. check out the new file.

running gmer i'm guessing about 5-10mins into it i got a blue screen. but i did see 2 lines that were highlighted redwith ****HIDDEN**** after it.

hopeing that the sysprot log file will give you enough info..... wait a minute looking in the log under the kernel module, those first 2 looks like the ones that were red when gmer was scanning.

if that's the case can i just remove those 2 files and then run norton and see if that will fix the rest?

delphinium · ‎11-21-2008

Chang90640:

Do NOT do anything to remove files or run other programs without instructions from Quads. A couple of people have already run into trouble doing that. Rootkits are tricky.

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain

delphinium · ‎11-21-2008

Change90640:

You have two kbiwk rootkits requiring very specialized removal. Quads will be along in a while. We are getting a collection of rootkits this morning.

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain

chang90640 · ‎08-25-2009

I hope Quads didn't go home for the day =)

delphinium · ‎11-21-2008

Quads is offline for a while, as he has been at this for about five hours already. I expect he will be at it for the same amount of time this evening or longer.

There are several still being worked on and a few ahead of you. You also have a double rootkit infection of a particular variant that requires a three stage remediation. This is going to take some time.

Also, this is a user to user help forum, which means we actually volunteer from home.

If you are in a hurry due to a personal time commitment, Symantec will be able to remove it for a fee.

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain