Solved

Need HELP with virus!  All scans cause lockup or memory dump

Posted on 2007-04-09
11
236 Views
Last Modified: 2010-04-02
I messed up bigtime!  I'm an IT and I brought a computer home that unknowingly had 30+ viruses on it and it spread to 2 of my home machines.  Yeah, yeah...I got too comfortable!  Lesson learned!!!

I have one my machines clean, but my other one will NOT fix.  It is Windows XP Home and I have disabled system restore.  Whatever my computer has, it has disabled my normal AV (F-prot), so I've tried bitdefender & trendmicro's online scans.  I also got AVG-anti-spyware (aka ewido) installed.  It does fine until it gets into the C:\Windows\System32 directory.  It locks my computer up every time.  My screen either goes black or I get a memory dump error.

I've tried scans in Safe Mode as well, and it still does this.

Any help would greatly be appreciated!!!

Rick
0
Comment
Question by:BeerAngel
  • 3
  • 2
  • 2
  • +3
11 Comments
 
LVL 19

Accepted Solution

by:
simpswr earned 500 total points
ID: 18878520
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 18878528
Can you access the infected system across the network?

\\infectedPC\c$\windows\system32

Sort the files by date, looking at most recent. You should probably be able to tell what file is causing it....

and maybe even delete in Safe mode , command prompt only, or recovery console...
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 18878531
Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD
http://www.nu2.nu/pebuilder/

Make the CD, and boot to it. There are also plugins you can add for antivirus, to scan the system.....
0
 
LVL 32

Expert Comment

by:and235100
ID: 18878578
I must suggest this - just wipe the whole hard disk! The above comments may get you so far - but viruses/malware have a habit of hiding themselves - even if you are sure you have got rid of everything.

My advice - format the drive - reinstall Windows and get some good AV and anti-malware software on from the beginning.
0
 
LVL 1

Author Comment

by:BeerAngel
ID: 18878664
and235100:  Yeah that has entered my mind, but the thing that has me scratching my head is that I was even able to clean the computer I brought in which is also XP home.  I feel like there's a way, but yeah...maybe I'll have to do that.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 19

Expert Comment

by:simpswr
ID: 18878691
Give superantispyware a try . . it gets the little rascals that some of the others cannot
0
 
LVL 32

Expert Comment

by:willcomp
ID: 18878704
Two things to do:

1.  Download and run smitfraudfix.  Follow instructions on web site in link:
http://siri.geekstogo.com/SmitfraudFix.php

2. Download and run Hijack This.  Save a log file and post it here.
http://www.majorgeeks.com/download3155.html

The virus/spyware super experts will probably check in later and they'll need the Hijack This info.  In the interim, we may be able to help.

SuperAntiSpyware (mentioned above) is much better than AVG anti-spyware and I recommend you use it.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 18880002
So far, SUPERAntispyware is the best scanners out there, yeah. Of course, the same as any other scanners, it can't remove all viruses/malware that it hasn't got the definitions yet.

Anyway, as already suggested can we look at the Hijackthis log of the infected system?
The log usually tells us what kind of viruses or malware infection is present, we can then give you the right tool for it.
0
 
LVL 1

Author Comment

by:BeerAngel
ID: 18881650
Okay, I've managed to fix it with the aid of SuperAntiSpyware.  It couldn't remove it, but after I watched it attempt to fix it, it stuck on a file called LZX32.sys (before it locked up) and I did a search for that filename and found a tool to remove it called RegRun Reanimator.  All is good in the neighborhood now.

Thanks all!  I'll go ahead and award the points to the first one who said SuperAntiSpyware since it is the reason I was able to find out the culprit due to how it displays it's status as it's attempting to fix the problems.

Thanks again!

Rick
0
 
LVL 19

Expert Comment

by:simpswr
ID: 18881770
Well done . .
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 18881867
Glad to know problem is solved, you did it the hard way.
A lot of diagnostic tools could've detected Rustock.B rootkit (which is what you had).
SDfix, Combofix, Gmer, Smitfraudfix's option 1, they all detect Rustock.B rootkit.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

A Bare Metal Image backup allows for the restore of an entire system to a similar or dissimilar hardware. They are highly useful for migrations and disaster recovery. Bare Metal Image backups support Full and Incremental backups. Differential backup…
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now