Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Need HELP with virus!  All scans cause lockup or memory dump

Posted on 2007-04-09
11
Medium Priority
?
245 Views
Last Modified: 2010-04-02
I messed up bigtime!  I'm an IT and I brought a computer home that unknowingly had 30+ viruses on it and it spread to 2 of my home machines.  Yeah, yeah...I got too comfortable!  Lesson learned!!!

I have one my machines clean, but my other one will NOT fix.  It is Windows XP Home and I have disabled system restore.  Whatever my computer has, it has disabled my normal AV (F-prot), so I've tried bitdefender & trendmicro's online scans.  I also got AVG-anti-spyware (aka ewido) installed.  It does fine until it gets into the C:\Windows\System32 directory.  It locks my computer up every time.  My screen either goes black or I get a memory dump error.

I've tried scans in Safe Mode as well, and it still does this.

Any help would greatly be appreciated!!!

Rick
0
Comment
Question by:BeerAngel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +3
11 Comments
 
LVL 19

Accepted Solution

by:
simpswr earned 1500 total points
ID: 18878520
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 18878528
Can you access the infected system across the network?

\\infectedPC\c$\windows\system32

Sort the files by date, looking at most recent. You should probably be able to tell what file is causing it....

and maybe even delete in Safe mode , command prompt only, or recovery console...
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 18878531
Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD
http://www.nu2.nu/pebuilder/

Make the CD, and boot to it. There are also plugins you can add for antivirus, to scan the system.....
0
Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

 
LVL 32

Expert Comment

by:and235100
ID: 18878578
I must suggest this - just wipe the whole hard disk! The above comments may get you so far - but viruses/malware have a habit of hiding themselves - even if you are sure you have got rid of everything.

My advice - format the drive - reinstall Windows and get some good AV and anti-malware software on from the beginning.
0
 
LVL 1

Author Comment

by:BeerAngel
ID: 18878664
and235100:  Yeah that has entered my mind, but the thing that has me scratching my head is that I was even able to clean the computer I brought in which is also XP home.  I feel like there's a way, but yeah...maybe I'll have to do that.
0
 
LVL 19

Expert Comment

by:simpswr
ID: 18878691
Give superantispyware a try . . it gets the little rascals that some of the others cannot
0
 
LVL 32

Expert Comment

by:willcomp
ID: 18878704
Two things to do:

1.  Download and run smitfraudfix.  Follow instructions on web site in link:
http://siri.geekstogo.com/SmitfraudFix.php

2. Download and run Hijack This.  Save a log file and post it here.
http://www.majorgeeks.com/download3155.html

The virus/spyware super experts will probably check in later and they'll need the Hijack This info.  In the interim, we may be able to help.

SuperAntiSpyware (mentioned above) is much better than AVG anti-spyware and I recommend you use it.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 18880002
So far, SUPERAntispyware is the best scanners out there, yeah. Of course, the same as any other scanners, it can't remove all viruses/malware that it hasn't got the definitions yet.

Anyway, as already suggested can we look at the Hijackthis log of the infected system?
The log usually tells us what kind of viruses or malware infection is present, we can then give you the right tool for it.
0
 
LVL 1

Author Comment

by:BeerAngel
ID: 18881650
Okay, I've managed to fix it with the aid of SuperAntiSpyware.  It couldn't remove it, but after I watched it attempt to fix it, it stuck on a file called LZX32.sys (before it locked up) and I did a search for that filename and found a tool to remove it called RegRun Reanimator.  All is good in the neighborhood now.

Thanks all!  I'll go ahead and award the points to the first one who said SuperAntiSpyware since it is the reason I was able to find out the culprit due to how it displays it's status as it's attempting to fix the problems.

Thanks again!

Rick
0
 
LVL 19

Expert Comment

by:simpswr
ID: 18881770
Well done . .
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 18881867
Glad to know problem is solved, you did it the hard way.
A lot of diagnostic tools could've detected Rustock.B rootkit (which is what you had).
SDfix, Combofix, Gmer, Smitfraudfix's option 1, they all detect Rustock.B rootkit.
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question