I have run into a serious problem, my stationary computer has been infected with some kind of virus or trojan. This malware shut down both Norton Internet Security and the Windows Security Center. I'm using Norton Internet Security for both my laptop and stationary computer, but my laptop has not been infected so far.
I believe the trouble start when my girlfriend accidently clicken on a imageshack.biz virus link sent through MSN messenger. For sometime nothing really happened and I thought I was homesafe, but on 23 december I got several blocking and your computer has been attacked messages from Norton Internet Security while surfing. I then made a horribly misstake a clicked okay on a pop-up mimicing windows security center and from that point it was like opening a floodgate. I have no clue if this later incident was related to the messenger incident, this is only a suspicion from my side.
I quickly shut down my computer and upon restarting Norton Internet Security doesn't autostart nor can I manually start it as nothing happens. My Windows Security Center is offline as well.
I have tried other malware programs like AD-Aware, but they won'r run either. It's like something is blocking them. Other then that I can't see any first hand effect of this possible malware except that my computer seems to be wide open and a crossed over windows security icon among the quick launch icon down in the right corner.
What are my options now? Don't even know where to start.
I sincerly need help!
Thank you!
EDIT:
OS Windows Vista Ultimate 32 bit
I have tried starting Norton in Safe Mode with no success
Message Edited by StarscreamSWE on 12-25-2009 11:18 PM
I'm using NIS 09 I believe... The Lap-top recently got updated to a newer look (NIS 2010???) and I managed to somehow update NIS on my stationary computer among the chaos as well (yes after the malware infestion) through Norton Security Scan. I can access Norton Securit Scan, but it only refers and transfers me to regular NIS... and again nothing.
In short I'm not sure, but the Lap-top version is 17.1.o.19 if that helps.
Can't really tell with my main computer as I can't access NIS at all.
About Malwarebytes so am I able to download it, but it won't run. I can get programs like spotify to run, but any anti-virus program won't run.
Am I looking at clean re-install here?
Message Edited by StarscreamSWE on 12-26-2009 02:53 AM
If you have no luck with that, and don't want to do a complete reinstall, there may be one possibility, but I'm not sure if you would want to try it.
Put the Hard Drive from the Desktop into an external USB 3.5 hard drive caddy (IDE or Sata, according to what type it is in the desktop), load Malwarebytes on your laptop, plug in the ext. drive. and do a malwarebytes scan from there.
If you Update it and do a Full Scan, it should include the drive in the USB box.
When doing a full scan, you get a popup with the drives to check, make sure the usb one is ticked.
Here is the GMER scan thank you for all the help so far!
This was red marked
:\Windows\System32\drivers\H8SRTmrwecdnaum.sys
mrwecdnaum reacurred at several places...
Gonna do a rescan tomorrow to make sure.
Also scanning from normal mode ended up in blue screen of death...
BTW on a sidenote is their any chance my other two HD (seperate from my OS C: HD) are contaminated? I've got som files stored on one of them which I would like to copy to a external HD. Any chance the malware could hitchhike with the external HD?
Message Edited by StarscreamSWE on 12-26-2009 04:02 AM
Message Edited by StarscreamSWE on 12-26-2009 04:04 AM
Message Edited by StarscreamSWE on 12-26-2009 04:18 AM
"You can backup any of the files in the Programs folder, or Documents and Settings folder.
Don't touch the "Windows" Folder",
StarscreamSWE might have thought reinstalling was what you wanted him to do.
StarscreamSWE, search the forum on H8SRT -- you'll find NIS is currently vulnerable to attack by this rootkit but it can be removed (I have personal experience) if you're patient and persistent (pun intended).
Okay, so I went ahead of myself there. Quads I read your reply in a way that I thought my only option were to do a complete reinstall. I was thinking about going from Vista to Win 7 anyways so I thought what the heck :). I actually don't have do a complete re-install then...? Could I be so rude to ask a kind soul to link me a proper soloution. My computer skills are, as my english, mediocre at it's best.
EDIT: This seems to be the right way to go. At least it got Norton back online and I was able to run and update NIS.
After running as prompted Norton where back and warned me about something called Malware Defender 2009. I now believe this is the main culprit. Running a full MBAM at the moment.
Message Edited by StarscreamSWE on 12-27-2009 11:53 PM
I have now no idea what tools you have used, what order, changes, tweaking or anything else you have done, and you have Malwarebytes running so who knows,
First I ran TDSSKiller which, I believe, found 2 root-kits.
TDSSKiller then reported it will have them removed upon reboot.
Secondly I updated and ran a MBAM scan which found another 12 malware which I choice to remove.
Thirdly I started NIS, ran a live-update and a scan which found one tracking cookie (which NIS has always done on my computer as far as I can remember. It always reappear). A NIS Alert for Malware Defender 2009 also appeared and checking the quarantine list it was listed as removed by NIS. Autoprotect also found something called graybird.backdoor which now is listed as removed.
So far so good.
Here comes the less bright side....
My NIS for my stationary computer is still a 2008 or 2009 version. Version number 15.5.0.23 to be precise.
Upon running the autofix through the NIS support menu several strange failure reports pop up (looks like code). Each time doing this Auto-protect blocks a trojan horse.
I'm still unable to run Windows Security Center. When clicking on turn-on I get a failure window pops up which says "The security Service can't be started".
It seems I'm not quite over the hill yet.
Any more advice upon how I should proceed?
EDIT: adding my first TDSSKiller scan log.
EDIT II: adding my first MBAM scan log
Message Edited by StarscreamSWE on 12-28-2009 02:00 AM
Message Edited by StarscreamSWE on 12-28-2009 02:10 AM