Hi
Did any of you look at the link I posted back on post # 8? Would following any of the instructions in that other forum be of any help to Username1? It's back on page 1 of this thread thanks.
floplot:
I would recommend leaving that for a ditch effort. It appeared to be solved more by good luck than totally good management. Not every machine will respond the same way.
If we can find msa.exe in task manager, right click and end process, a search of the file should then allow it to be deleted. Then the clean up programs should run. b.exe used to show in the GMER and SysProt, but isn't here.
Message Edited by delphinium on 10-17-2009 03:14 PM
For those members using Firefox, as I do, SendofJive advises that Internet Explorer which is much more versed in the intracacies of Microsoft's mind than I, the .txt files will be readable.
SoJ can find anything, anywhere, anytime.
delphinium wrote:For those members using Firefox, as I do, SendofJive advises that Internet Explorer which is much more versed in the intracacies of Microsoft's mind than I, the .txt files will be readable.
SoJ can find anything, anywhere, anytime.
It's one of those "Firefox-follows-HTTP-specifications-but-IE-doesn't" things that allows IE to be creative in displaying images and other content from what would appear to be a plain-text file. Firefox gives you the text, even if it is gibberish. I think I found this one under a rock somewhere.
Hi, I found the following links about people suffering similar problems to me. (But I'm not going to follow any of the advice until somebody can check it out and approve it. Are these going to be ones that were fixed more by luck than skill?)
http://www.windowsbbs.com/malware-virus-removal/87259-resolved-think-i-have-msa-exe-virus.html
Username1:
These remediations are both very interesting. While appearing similar, the helpers have actually made two different approaches to the problem. The first remediation required the ability of the reader to accurately identify which Windows driver had been over written and to replace the file using Combofix and script. The second remediation involved the reader's ability to accurately identify the .dlls involved and disable them again using Combofix and script.
This is where people get caught using someone elses remediation. If your driver file is different from the one in the first fix, it will either have no effect, or will screw up your system. If your involved .dlls are different from the ones in the second fix, the same sort of thing will happen. The script is used to limit what Combofix does. Without a script, it does as it thinks best, sometimes with unexpected results.
In the link provided by floplot, the readers used more time and tools to accurately identify the files that had been over-written, and kept getting surprising results or no results at all. They were equally successful in the end.
These remediations worked on 2 XP Pro and 1 XP Home sp 3, but we don't have a comparison on a Vista machine.
I don't think anyone here can say whether it will work, or take out your operating system. It is a best guess scenario without the knowledge and experience to accurately identify your files and produce a script unique to your machine.
Do you have a Vista disc, program discs and have you backed up your My Documents and other impotant files in case a reformat is necessary?
Delphinium:
By a completely happy conincidence, I backed up my files about a day before this thing hit (That's what happens when you pay attention in Computing lessons... And they say what you learn in school is completely pointless 
)
I can't find my Vista disc, however - when I bought my laptop, it came with Vista installed on it; I can't remember if there was a disc, and if there was, it'll be at home, which is the other end of England (To Sheffield from Southampton is about 6 or 7 hours)...
What should I do now?
Hi Username
Can someone at home check to see if it's at home and if there, maybe they can mail it to you.?
What kind of laptop have you got Username1. Often, when the operating system comes pre-installed, recovery discs are supplied, but not necessarily the operating system disc. If you can, go to the website of your laptop manufacturer to see what is available, and offered online. You may be able to burn something to a disc that will enable you to recover in a worst case scenario.
Let us know how that goes before you begin. There are going to be some issues with Vista putting things in slightly different places than XP. Make sure you can recover.
To get of this rootkit, am I basically going to have to completely wipe my computer, and then start again afresh? I’ll try to get my parents to mail it to me first class ASAP (if they can find it).
Username1:
You might or might not have a rootkit behind the other malware. The malware is nasty to deal with and even trickier to get rid of. Without appropriate assistance, you have two options. You can choose to try one of the other fixes, or you can reformat and start over fresh. It should be a complete bare metal format, not just a reload.
To do either, you need to be able to reload your operating system.
I don’t think my laptop (HP-DV6910ea) came with any discs - but it did make me make 3 DVDs for system recovery - I’m aware that this isn’t quite the same as completely reformatting my laptop (There’s no guarantee of destroying the malware if it’s smart enough), and that the malware could also have crept into the recovery partition of my hard-drive.
At this point Username, we perhaps need the advice or opinion of someone who has used the recovery discs for this purpose. I don’t have a laptop, and have always ordered an O/S disc. I don’t know how the recovery system works, although with this type of malware, replacing the infected files with the correct files may well solve the issue. That is what is happening in the remediations.