Link to home
Start Free TrialLog in
Avatar of BeerAngel
BeerAngel

asked on

Need HELP with virus! All scans cause lockup or memory dump

I messed up bigtime!  I'm an IT and I brought a computer home that unknowingly had 30+ viruses on it and it spread to 2 of my home machines.  Yeah, yeah...I got too comfortable!  Lesson learned!!!

I have one my machines clean, but my other one will NOT fix.  It is Windows XP Home and I have disabled system restore.  Whatever my computer has, it has disabled my normal AV (F-prot), so I've tried bitdefender & trendmicro's online scans.  I also got AVG-anti-spyware (aka ewido) installed.  It does fine until it gets into the C:\Windows\System32 directory.  It locks my computer up every time.  My screen either goes black or I get a memory dump error.

I've tried scans in Safe Mode as well, and it still does this.

Any help would greatly be appreciated!!!

Rick
ASKER CERTIFIED SOLUTION
Avatar of simpswr
simpswr
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of johnb6767
Can you access the infected system across the network?

\\infectedPC\c$\windows\system32

Sort the files by date, looking at most recent. You should probably be able to tell what file is causing it....

and maybe even delete in Safe mode , command prompt only, or recovery console...
Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD
http://www.nu2.nu/pebuilder/

Make the CD, and boot to it. There are also plugins you can add for antivirus, to scan the system.....
I must suggest this - just wipe the whole hard disk! The above comments may get you so far - but viruses/malware have a habit of hiding themselves - even if you are sure you have got rid of everything.

My advice - format the drive - reinstall Windows and get some good AV and anti-malware software on from the beginning.
Avatar of BeerAngel
BeerAngel

ASKER

and235100:  Yeah that has entered my mind, but the thing that has me scratching my head is that I was even able to clean the computer I brought in which is also XP home.  I feel like there's a way, but yeah...maybe I'll have to do that.
Give superantispyware a try . . it gets the little rascals that some of the others cannot
Two things to do:

1.  Download and run smitfraudfix.  Follow instructions on web site in link:
http://siri.geekstogo.com/SmitfraudFix.php

2. Download and run Hijack This.  Save a log file and post it here.
http://www.majorgeeks.com/download3155.html

The virus/spyware super experts will probably check in later and they'll need the Hijack This info.  In the interim, we may be able to help.

SuperAntiSpyware (mentioned above) is much better than AVG anti-spyware and I recommend you use it.
So far, SUPERAntispyware is the best scanners out there, yeah. Of course, the same as any other scanners, it can't remove all viruses/malware that it hasn't got the definitions yet.

Anyway, as already suggested can we look at the Hijackthis log of the infected system?
The log usually tells us what kind of viruses or malware infection is present, we can then give you the right tool for it.
Okay, I've managed to fix it with the aid of SuperAntiSpyware.  It couldn't remove it, but after I watched it attempt to fix it, it stuck on a file called LZX32.sys (before it locked up) and I did a search for that filename and found a tool to remove it called RegRun Reanimator.  All is good in the neighborhood now.

Thanks all!  I'll go ahead and award the points to the first one who said SuperAntiSpyware since it is the reason I was able to find out the culprit due to how it displays it's status as it's attempting to fix the problems.

Thanks again!

Rick
Well done . .
Glad to know problem is solved, you did it the hard way.
A lot of diagnostic tools could've detected Rustock.B rootkit (which is what you had).
SDfix, Combofix, Gmer, Smitfraudfix's option 1, they all detect Rustock.B rootkit.