Solved

Need HELP with virus!  All scans cause lockup or memory dump

Posted on 2007-04-09
11
237 Views
Last Modified: 2010-04-02
I messed up bigtime!  I'm an IT and I brought a computer home that unknowingly had 30+ viruses on it and it spread to 2 of my home machines.  Yeah, yeah...I got too comfortable!  Lesson learned!!!

I have one my machines clean, but my other one will NOT fix.  It is Windows XP Home and I have disabled system restore.  Whatever my computer has, it has disabled my normal AV (F-prot), so I've tried bitdefender & trendmicro's online scans.  I also got AVG-anti-spyware (aka ewido) installed.  It does fine until it gets into the C:\Windows\System32 directory.  It locks my computer up every time.  My screen either goes black or I get a memory dump error.

I've tried scans in Safe Mode as well, and it still does this.

Any help would greatly be appreciated!!!

Rick
0
Comment
Question by:BeerAngel
  • 3
  • 2
  • 2
  • +3
11 Comments
 
LVL 19

Accepted Solution

by:
simpswr earned 500 total points
ID: 18878520
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 18878528
Can you access the infected system across the network?

\\infectedPC\c$\windows\system32

Sort the files by date, looking at most recent. You should probably be able to tell what file is causing it....

and maybe even delete in Safe mode , command prompt only, or recovery console...
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 18878531
Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD
http://www.nu2.nu/pebuilder/

Make the CD, and boot to it. There are also plugins you can add for antivirus, to scan the system.....
0
 
LVL 32

Expert Comment

by:and235100
ID: 18878578
I must suggest this - just wipe the whole hard disk! The above comments may get you so far - but viruses/malware have a habit of hiding themselves - even if you are sure you have got rid of everything.

My advice - format the drive - reinstall Windows and get some good AV and anti-malware software on from the beginning.
0
 
LVL 1

Author Comment

by:BeerAngel
ID: 18878664
and235100:  Yeah that has entered my mind, but the thing that has me scratching my head is that I was even able to clean the computer I brought in which is also XP home.  I feel like there's a way, but yeah...maybe I'll have to do that.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 19

Expert Comment

by:simpswr
ID: 18878691
Give superantispyware a try . . it gets the little rascals that some of the others cannot
0
 
LVL 32

Expert Comment

by:willcomp
ID: 18878704
Two things to do:

1.  Download and run smitfraudfix.  Follow instructions on web site in link:
http://siri.geekstogo.com/SmitfraudFix.php

2. Download and run Hijack This.  Save a log file and post it here.
http://www.majorgeeks.com/download3155.html

The virus/spyware super experts will probably check in later and they'll need the Hijack This info.  In the interim, we may be able to help.

SuperAntiSpyware (mentioned above) is much better than AVG anti-spyware and I recommend you use it.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 18880002
So far, SUPERAntispyware is the best scanners out there, yeah. Of course, the same as any other scanners, it can't remove all viruses/malware that it hasn't got the definitions yet.

Anyway, as already suggested can we look at the Hijackthis log of the infected system?
The log usually tells us what kind of viruses or malware infection is present, we can then give you the right tool for it.
0
 
LVL 1

Author Comment

by:BeerAngel
ID: 18881650
Okay, I've managed to fix it with the aid of SuperAntiSpyware.  It couldn't remove it, but after I watched it attempt to fix it, it stuck on a file called LZX32.sys (before it locked up) and I did a search for that filename and found a tool to remove it called RegRun Reanimator.  All is good in the neighborhood now.

Thanks all!  I'll go ahead and award the points to the first one who said SuperAntiSpyware since it is the reason I was able to find out the culprit due to how it displays it's status as it's attempting to fix the problems.

Thanks again!

Rick
0
 
LVL 19

Expert Comment

by:simpswr
ID: 18881770
Well done . .
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 18881867
Glad to know problem is solved, you did it the hard way.
A lot of diagnostic tools could've detected Rustock.B rootkit (which is what you had).
SDfix, Combofix, Gmer, Smitfraudfix's option 1, they all detect Rustock.B rootkit.
0

Featured Post

The curse of the end user strikes again      

You’ve updated all your end user’s email signatures. Hooray! But guess what? They’re playing around with the HTML, adding stupid taglines and ruining the imagery. Find out how you can save your signatures from end users today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A Bare Metal Image backup allows for the restore of an entire system to a similar or dissimilar hardware. They are highly useful for migrations and disaster recovery. Bare Metal Image backups support Full and Incremental backups. Differential backup…
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now