Solved

virus or spyware attack on system booting part

Posted on 2008-10-03
9
962 Views
Last Modified: 2013-11-22
Hello to all Experts Professionals, my notebook got some malascious exe file in temp folder of local folder, my norton antivirou 10 corporate warned about some unvalid exe file (password mess.exe)in the temp and also removed some temp files, after that i got message in my DOS prompt window (which automatically poped up) that some file is copied in my boot system . after that i my system held up, i restarted the system, it loads windows normally but after getting admin pssward thr. log on windows,   a black  screen displayed for some seconds and then window displays desktop. after some seconds system becomes slower to halt, before system goes to halt when i try to open task manger, it denys to open by displaying mess that task manager is disabled by admin. when system is halted i press alt,cont,del there displaly messg on top of log on window that virus alert is on, three shortcuts are also installed on desktop i.e. Malware Defender, Protect You Privacy, System Error Fixer.   Earlier i had removed some malacious files like MicroAv.exe, Ctfmon.exe from c\window\system32 folder and yur1ce.exe from window prefect folder, when i restart computer in safe mode a memory dump is initialized and afte that again prompt for to start computer. is there any option to avoied the formating the c drive and remove this malicious spy ware  
0
Comment
Question by:CSELTD
  • 4
  • 4
9 Comments
 
LVL 7

Accepted Solution

by:
myhc earned 500 total points
ID: 22632695
check msconfig to see that is running in your boot.ini and startup registy?
0
 
LVL 5

Expert Comment

by:MattRichardson
ID: 22632737
Ctfmon is usually a legitimate Microsoft file (see link)
http://support.microsoft.com/kb/282599

Removing Spyware:

We use the following:

Combo-fix - http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Hijack This - http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

This solves about 90-95% of the problems.
0
 
LVL 1

Author Comment

by:CSELTD
ID: 22632780
I appreciate ur comments but problem is that system gets halt after booting, and there is a little time to do any action before system gets halt. i am expecting an exe file which i can boot thr. CD, and my notebook can initialize thr. CD and remove the malicious virus,
0
 
LVL 5

Expert Comment

by:MattRichardson
ID: 22632980
Download the suggested software on another machine.
Burn it to a CD.
Boot infected machine into safe mode. (press F8 key while booting)
Copy software to machine from CD.
Load/run software in safe mode.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 1

Author Comment

by:CSELTD
ID: 22633032
i have already mentioned that system cannot run on f8(sate mode) when i click on safe mode long repeated path are shown like c\windows\partion01\system etc and after that physical memory dump transfer is started and when it ends again go back to window start up mode.  when i start in normal mode window is loaded and desktop is displayed but not no mouse click or any action is worked after boot. can i run the above software thr. CD in normal mode which i can see at this time?
0
 
LVL 5

Expert Comment

by:MattRichardson
ID: 22633270
My assumption would be no. I am assuming this software combo-fix and hijack this needs to be on the host system.

1.) If it were me I would stop trying to fix it first. Pull the drive to a good system, connect it as a slave, and harvest the data you want to save; before continuing. (maybe run the tools against this system to be safe!)

2.a) Then pull it back, boot on the Windows XP CD (did you mention the OS version?) and try to restore the system. We need to try to get enough of the original system files on the system to boot into safe mode before you go any further.

2.b) If you are desperate use Windows System restore. This assumes that it was running previous to whatever happened to your computer. This link will help you http://support.microsoft.com/kb/306084

It has a 50-50 track record with me. If it at least gets you to safe mode you may be in luck. It also could make things worse. Do a backup first see #1

3.) Once safe mode is working, Proceed with the spyware removal.


Good luck!
0
 
LVL 1

Author Comment

by:CSELTD
ID: 22633658
Thankyou very much to all of u for supporting me to get rid of problem,  i am succeeded to enable safe mode by running msconfig command in run and enabled the safe mode and restart the computer, i run the highjack trend micro tool and delete the files name microAV.exe and some other, when i restart the system check disk file has reset some index by inserting and deleting index numbers, but now problem is that i can not view my network places, means although i am connect to internet thr. DSL but my LAN connection is not shown in tray icon and in my network places, secondly which antispyware i install to get rid of these malicious software to avoid any further loss in future??????? My device manager is also not showing any installed com ports and other hardwares, will i have to do changes thr. system configuration utility (msconfig)????????Thanx
0
 
LVL 1

Author Comment

by:CSELTD
ID: 22635285
Please Advice which anti spyware is effective to protect the system from internet /web attacks???
0
 
LVL 5

Expert Comment

by:MattRichardson
ID: 22635616
I like to look at Top Ten Reviews and find it to be a good metric when looking for off the shelf, boxed software. http://anti-spyware-review.toptenreviews.com/

"Spy Sweeper" from Webroot gets much of the praise in the industry and is a "proactive" "always-on" solution. http://www.webroot.com/En_US/consumer-products-spysweeper.html

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (http://www.experts-exchange.com/M_3598771.html), the Zone Advisor for the Virus and …
Sub-Titled: “My Way” (with apologies to Francis Albert Sinatra) Let me start by stating emphatically that I am one of those Experts who prefer doing things “My Way”. It’s kind of a no-brainer. “The following procedure works for me, so here is …
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now