Need some help??? - DFWstangs Forums
 
LinkBack Thread Tools Display Modes
post #1 of 23 (permalink) Old 01-17-2010, 11:21 AM Thread Starter
is chilaxing
 
Rafa's Avatar
 
Join Date: Apr 2004
Posts: 3,760
Need some help???

InternetSecurity2010 somehow got installed on my pc. NO, I wasn't on any porn sites. Was on another site I always get on and only thing I could think of is that I clicked on an advertisment w/out knowing. Anyways, found a forum that showed you how to get rid of it.

http://www.bleepingcomputer.com/viru...-security-2010

The problem is that it keeps going to "login" screen,even though I never had one setup. I click on my name,it starts to load,then all of a sudden it logs off. I tried to go to safe-mode,but it does the same thing. I tried to go to safe-mode w/networking thinking I can go to internet to download things I need to get rid of it. Keep getting that damn login. Typing all this from laptop.

I'll check back later on. Getting ready for the Vikings beat down.

thanks
Rafa is offline  
Sponsored Links
Advertisement
 
post #2 of 23 (permalink) Old 01-17-2010, 11:30 AM
None
 
Jedi's Avatar
 
Join Date: Jul 2000
Location: Anti-Newbie
Posts: 12,675
You have a rootkit and it's causing an access violation and crashing. Wonderful buggy malware.

Boot into your recovery console using your OS installation CD.

cd c:\windows\system32\drivers

dir

Look for ANYTHING in the last 3 months (2009 or 2010) and delete it.

reboot

If it's still occuring then you've got something in your registry calling the executable to run during startup. You'll likely need a second PC to browse the infected PC's registry and drive and remove anything.
Jedi is offline  
post #3 of 23 (permalink) Old 01-17-2010, 01:11 PM
Rockin' da fumanchu
 
Join Date: Nov 2005
Location: On the straight and narrow,stumbling at best, only by Gods grace.
Posts: 7,224
If you'd like me to work on it remotely, go to www.teamviewer.com, click downloads then click the first one UNDER ADDITIONAL DOWNLOADS. Click run then PM me the id and password. I'll get ya fixed up.





Listen to my buddy, Jeff Bolton, from 6-9 AM Mon-Fri.

Obamanomics = Trickle Up Poverty

Think you need to format/reinstall your OS(XP), read this first.
Tx Redneck is offline  
 
post #4 of 23 (permalink) Old 01-17-2010, 09:54 PM Thread Starter
is chilaxing
 
Rafa's Avatar
 
Join Date: Apr 2004
Posts: 3,760
Quote:
Originally Posted by Jedi View Post
You have a rootkit and it's causing an access violation and crashing. Wonderful buggy malware.

Boot into your recovery console using your OS installation CD.

cd c:\windows\system32\drivers

dir

Look for ANYTHING in the last 3 months (2009 or 2010) and delete it.

reboot

If it's still occuring then you've got something in your registry calling the executable to run during startup. You'll likely need a second PC to browse the infected PC's registry and drive and remove anything.
Doing this right now, or trying to anyways.LOL


Quote:
Originally Posted by Tx Redneck View Post
If you'd like me to work on it remotely, go to www.teamviewer.com, click downloads then click the first one UNDER ADDITIONAL DOWNLOADS. Click run then PM me the id and password. I'll get ya fixed up.

That's the problem. I can't get into it at all. It stays at the login screen.
Rafa is offline  
post #5 of 23 (permalink) Old 01-17-2010, 09:56 PM
Lifer
 
gtownGT's Avatar
 
Join Date: Nov 2003
Location: Garland
Posts: 1,929
Want me to send a dispatch?
gtownGT is offline  
post #6 of 23 (permalink) Old 01-17-2010, 10:08 PM Thread Starter
is chilaxing
 
Rafa's Avatar
 
Join Date: Apr 2004
Posts: 3,760
Quote:
Originally Posted by gtownGT View Post
Want me to send a dispatch?

hahaha
You would probably try to work from your truck. LOL
Rafa is offline  
post #7 of 23 (permalink) Old 01-17-2010, 10:13 PM Thread Starter
is chilaxing
 
Rafa's Avatar
 
Join Date: Apr 2004
Posts: 3,760
Couldn't find anything in the drivers "dir". 2 things dated early last month,but those are software I that I use. I got this yesterday afternoon. I was thinking of finding a sata to usb adapter and hooking it up to my laptop to check and scan it using malwarebytes. Is that something I could do? I don't have another pc to hook my drive to.
Rafa is offline  
post #8 of 23 (permalink) Old 01-17-2010, 10:21 PM
Time Served
 
Join Date: Dec 2006
Location: Keller, TX
Posts: 664
It's an easy kill. Find the directory it installed itself into and delete it (on Vista, it was C:\program data\Internet Security. Reboot the pc into safe mode and run an updated version of Malwarebytes, full scan. Just to be on the safe side, I usually run through the registry before rebooting and delete any reference to the program. Reboot back into Windows and you should be good to go.
SonicBlueGT03 is offline  
post #9 of 23 (permalink) Old 01-17-2010, 10:28 PM Thread Starter
is chilaxing
 
Rafa's Avatar
 
Join Date: Apr 2004
Posts: 3,760
It only lets me in the "windows" dir when going thru the CD recovery mode.
Rafa is offline  
post #10 of 23 (permalink) Old 01-17-2010, 10:44 PM
None
 
Jedi's Avatar
 
Join Date: Jul 2000
Location: Anti-Newbie
Posts: 12,675
I just looked in a friends computer that had this as well - was a PITA to uninstall throught he GUI as it had fucked with permissions and corrupted the http.sys file.

Hopefully yours didn't get as fucked as his did -


in the cd recovery mode, type:

cd "c:\program files"

Then type

del "internet security 2010" or whatever the directory is called.
Jedi is offline  
post #11 of 23 (permalink) Old 01-17-2010, 10:53 PM Thread Starter
is chilaxing
 
Rafa's Avatar
 
Join Date: Apr 2004
Posts: 3,760
OK...I deleted the IS2010 in program files, but it still won't get past the login screen. It keeps "loading profile",then "logs off".
Rafa is offline  
post #12 of 23 (permalink) Old 01-17-2010, 10:54 PM Thread Starter
is chilaxing
 
Rafa's Avatar
 
Join Date: Apr 2004
Posts: 3,760
Right now I have drive hooked up to my laptop. I'm scanning it using malwarebytes right now
Rafa is offline  
post #13 of 23 (permalink) Old 01-17-2010, 10:59 PM
Rockin' da fumanchu
 
Join Date: Nov 2005
Location: On the straight and narrow,stumbling at best, only by Gods grace.
Posts: 7,224
Be sure to post the MBAM log.





Listen to my buddy, Jeff Bolton, from 6-9 AM Mon-Fri.

Obamanomics = Trickle Up Poverty

Think you need to format/reinstall your OS(XP), read this first.
Tx Redneck is offline  
post #14 of 23 (permalink) Old 01-17-2010, 11:02 PM Thread Starter
is chilaxing
 
Rafa's Avatar
 
Join Date: Apr 2004
Posts: 3,760
Quote:
Originally Posted by Tx Redneck View Post
Be sure to post the MBAM log.

Will do. I'll save it and post it up tomorrow. I'm guessing it's going to take awhile. Bout to call it a night.

thanks
Rafa is offline  
post #15 of 23 (permalink) Old 01-18-2010, 08:43 AM Thread Starter
is chilaxing
 
Rafa's Avatar
 
Join Date: Apr 2004
Posts: 3,760
Ok...here is the log from Malwarebytes before I let it fix 2 of the 3.

The TotalVideoConverter is a program I use. The other 2, I have no idea,so I had Malwarebytes get rid of it. I haven't tried it yet because I didn't have time in morning. So I just saved the log and went to work.


Malwarebytes' Anti-Malware 1.44
Database version: 3586
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

1/18/2010 747 AM
mbam-log-2010-01-18 (07-15-26).txt

Scan type: Full Scan (F:\|)
Objects scanned: 253060
Time elapsed: 1 hour(s), 55 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
F:\Program Files\Total Video Converter\CrackCopyMeToInstallDirAndRun.exe (Trojan.WGAPatch) -> No action taken.
F:\System Volume Information\_restore{1D0C475C-9584-49BA-A70B-F26EE42E7292}\RP259\A0060375.exe (Rogue.Installer) -> No action taken.
F:\WINDOWS\system32\helper32.dll (Trojan.BHO) -> No action taken.
Rafa is offline  
post #16 of 23 (permalink) Old 01-18-2010, 09:22 AM
Rockin' da fumanchu
 
Join Date: Nov 2005
Location: On the straight and narrow,stumbling at best, only by Gods grace.
Posts: 7,224
You didn't let it fix anything and that TVC is infected. Rescan ans make sure that "Remove Selected" is checked then click fix all, or what ever it says.





Listen to my buddy, Jeff Bolton, from 6-9 AM Mon-Fri.

Obamanomics = Trickle Up Poverty

Think you need to format/reinstall your OS(XP), read this first.
Tx Redneck is offline  
post #17 of 23 (permalink) Old 01-18-2010, 09:45 AM Thread Starter
is chilaxing
 
Rafa's Avatar
 
Join Date: Apr 2004
Posts: 3,760
Quote:
Originally Posted by Tx Redneck View Post
You didn't let it fix anything and that TVC is infected. Rescan ans make sure that "Remove Selected" is checked then click fix all, or what ever it says.

That was before the "fix" was done. I wanted to let you all see it before I hit "fix". I only checked the bottom 2. I will get rid of the TVC when I get home since it's not really important. I saved the log, then hit the "fix" right before I left to work. Just didn't have time to test it out.

That "rogue installer" got me thinking that might be what is not letting me get past the login screen. Guess I'll find out when I get home.
Rafa is offline  
post #18 of 23 (permalink) Old 01-18-2010, 10:04 AM
Rockin' da fumanchu
 
Join Date: Nov 2005
Location: On the straight and narrow,stumbling at best, only by Gods grace.
Posts: 7,224
OK. If it'll boot and get to the desktop, go to http://www.pandasecurity.com/homeuse...ns/activescan/ and run the scan to see what's left and we can go from there.





Listen to my buddy, Jeff Bolton, from 6-9 AM Mon-Fri.

Obamanomics = Trickle Up Poverty

Think you need to format/reinstall your OS(XP), read this first.
Tx Redneck is offline  
post #19 of 23 (permalink) Old 01-18-2010, 10:19 AM Thread Starter
is chilaxing
 
Rafa's Avatar
 
Join Date: Apr 2004
Posts: 3,760
cool...thanks
Rafa is offline  
post #20 of 23 (permalink) Old 01-18-2010, 09:26 PM Thread Starter
is chilaxing
 
Rafa's Avatar
 
Join Date: Apr 2004
Posts: 3,760
Well shit....it's still staying in the login screen.

any other ideas.

don't really want to redo everything,but will if I have to


calling it a night already.....tired like a mofo..I'll get back on this tomorrow

Last edited by Rafa; 01-18-2010 at 09:56 PM.
Rafa is offline  
post #21 of 23 (permalink) Old 01-19-2010, 10:59 PM Thread Starter
is chilaxing
 
Rafa's Avatar
 
Join Date: Apr 2004
Posts: 3,760
Hell with this. Tomorrow it's getting redone. Unless any of you can pull something out of your hat. I deleted files that had to do with the IS2010,only thing is that I can't edit registry since I can't login. That's one issue,but to get to that I have to get past the login screen. Keeps looping back. I did the "copy userinit.exe wsaupdater" thru the XP repair disk, which didn't work. Lot of forums said that worked most of the time.
Rafa is offline  
post #22 of 23 (permalink) Old 01-20-2010, 04:37 AM
Rockin' da fumanchu
 
Join Date: Nov 2005
Location: On the straight and narrow,stumbling at best, only by Gods grace.
Posts: 7,224
I'd like to have a go at it but I can't do it today. If you can wait till this weekend and bring it to me, I'll give it a shot or, if you have stuff on it you need to get off, I can do that for you as well.





Listen to my buddy, Jeff Bolton, from 6-9 AM Mon-Fri.

Obamanomics = Trickle Up Poverty

Think you need to format/reinstall your OS(XP), read this first.
Tx Redneck is offline  
post #23 of 23 (permalink) Old 01-20-2010, 09:26 AM Thread Starter
is chilaxing
 
Rafa's Avatar
 
Join Date: Apr 2004
Posts: 3,760
Quote:
Originally Posted by Tx Redneck View Post
I'd like to have a go at it but I can't do it today. If you can wait till this weekend and bring it to me, I'll give it a shot or, if you have stuff on it you need to get off, I can do that for you as well.

I don't save anything to it at all. I only use it for OS and software. I save everything to another drive. Even "my documents" is on another drive which everything is backed up to an external HD that I keep put away. Kind of needing it up and running by this Friday. I brought the HDD with me at work with my laptop. I'll probably mess around with it when I have some spare time. I'm not that pc savy when it comes to registry stuff,which I'm pretty sure that's where it's at.


thanks man
Rafa is offline  
Sponsored Links
Advertisement
 
Reply

Bookmarks

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the DFWstangs Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome