Solved

Need HELP with virus!  All scans cause lockup or memory dump

Posted on 2007-04-09
11
242 Views
Last Modified: 2010-04-02
I messed up bigtime!  I'm an IT and I brought a computer home that unknowingly had 30+ viruses on it and it spread to 2 of my home machines.  Yeah, yeah...I got too comfortable!  Lesson learned!!!

I have one my machines clean, but my other one will NOT fix.  It is Windows XP Home and I have disabled system restore.  Whatever my computer has, it has disabled my normal AV (F-prot), so I've tried bitdefender & trendmicro's online scans.  I also got AVG-anti-spyware (aka ewido) installed.  It does fine until it gets into the C:\Windows\System32 directory.  It locks my computer up every time.  My screen either goes black or I get a memory dump error.

I've tried scans in Safe Mode as well, and it still does this.

Any help would greatly be appreciated!!!

Rick
0
Comment
Question by:BeerAngel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +3
11 Comments
 
LVL 19

Accepted Solution

by:
simpswr earned 500 total points
ID: 18878520
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 18878528
Can you access the infected system across the network?

\\infectedPC\c$\windows\system32

Sort the files by date, looking at most recent. You should probably be able to tell what file is causing it....

and maybe even delete in Safe mode , command prompt only, or recovery console...
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 18878531
Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD
http://www.nu2.nu/pebuilder/

Make the CD, and boot to it. There are also plugins you can add for antivirus, to scan the system.....
0
Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

 
LVL 32

Expert Comment

by:and235100
ID: 18878578
I must suggest this - just wipe the whole hard disk! The above comments may get you so far - but viruses/malware have a habit of hiding themselves - even if you are sure you have got rid of everything.

My advice - format the drive - reinstall Windows and get some good AV and anti-malware software on from the beginning.
0
 
LVL 1

Author Comment

by:BeerAngel
ID: 18878664
and235100:  Yeah that has entered my mind, but the thing that has me scratching my head is that I was even able to clean the computer I brought in which is also XP home.  I feel like there's a way, but yeah...maybe I'll have to do that.
0
 
LVL 19

Expert Comment

by:simpswr
ID: 18878691
Give superantispyware a try . . it gets the little rascals that some of the others cannot
0
 
LVL 32

Expert Comment

by:willcomp
ID: 18878704
Two things to do:

1.  Download and run smitfraudfix.  Follow instructions on web site in link:
http://siri.geekstogo.com/SmitfraudFix.php

2. Download and run Hijack This.  Save a log file and post it here.
http://www.majorgeeks.com/download3155.html

The virus/spyware super experts will probably check in later and they'll need the Hijack This info.  In the interim, we may be able to help.

SuperAntiSpyware (mentioned above) is much better than AVG anti-spyware and I recommend you use it.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 18880002
So far, SUPERAntispyware is the best scanners out there, yeah. Of course, the same as any other scanners, it can't remove all viruses/malware that it hasn't got the definitions yet.

Anyway, as already suggested can we look at the Hijackthis log of the infected system?
The log usually tells us what kind of viruses or malware infection is present, we can then give you the right tool for it.
0
 
LVL 1

Author Comment

by:BeerAngel
ID: 18881650
Okay, I've managed to fix it with the aid of SuperAntiSpyware.  It couldn't remove it, but after I watched it attempt to fix it, it stuck on a file called LZX32.sys (before it locked up) and I did a search for that filename and found a tool to remove it called RegRun Reanimator.  All is good in the neighborhood now.

Thanks all!  I'll go ahead and award the points to the first one who said SuperAntiSpyware since it is the reason I was able to find out the culprit due to how it displays it's status as it's attempting to fix the problems.

Thanks again!

Rick
0
 
LVL 19

Expert Comment

by:simpswr
ID: 18881770
Well done . .
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 18881867
Glad to know problem is solved, you did it the hard way.
A lot of diagnostic tools could've detected Rustock.B rootkit (which is what you had).
SDfix, Combofix, Gmer, Smitfraudfix's option 1, they all detect Rustock.B rootkit.
0

Featured Post

Schedule a Tour of the ATEN booth at InfoComm 2017

Tour the ATEN booth to see the the Latest Addition to the Modular Matrix Switch Series, New 4K HDMI Over IP Extender and more! Enter ATEN's Ultimate Giveaway Sweepstakes for a chance to win one of several great prizes, including an ATEN US7220 2-Port Thunderbolt 2 Sharing Switch!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
Ever visit a website where you spotted a really cool looking Font, yet couldn't figure out which font family it belonged to, or how to get a copy of it for your own use? This article explains the process of doing exactly that, as well as showing how…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question