Solved

virus or spyware attack on system booting part

Posted on 2008-10-03
9
960 Views
Last Modified: 2013-11-22
Hello to all Experts Professionals, my notebook got some malascious exe file in temp folder of local folder, my norton antivirou 10 corporate warned about some unvalid exe file (password mess.exe)in the temp and also removed some temp files, after that i got message in my DOS prompt window (which automatically poped up) that some file is copied in my boot system . after that i my system held up, i restarted the system, it loads windows normally but after getting admin pssward thr. log on windows,   a black  screen displayed for some seconds and then window displays desktop. after some seconds system becomes slower to halt, before system goes to halt when i try to open task manger, it denys to open by displaying mess that task manager is disabled by admin. when system is halted i press alt,cont,del there displaly messg on top of log on window that virus alert is on, three shortcuts are also installed on desktop i.e. Malware Defender, Protect You Privacy, System Error Fixer.   Earlier i had removed some malacious files like MicroAv.exe, Ctfmon.exe from c\window\system32 folder and yur1ce.exe from window prefect folder, when i restart computer in safe mode a memory dump is initialized and afte that again prompt for to start computer. is there any option to avoied the formating the c drive and remove this malicious spy ware  
0
Comment
Question by:CSELTD
  • 4
  • 4
9 Comments
 
LVL 7

Accepted Solution

by:
myhc earned 500 total points
ID: 22632695
check msconfig to see that is running in your boot.ini and startup registy?
0
 
LVL 5

Expert Comment

by:MattRichardson
ID: 22632737
Ctfmon is usually a legitimate Microsoft file (see link)
http://support.microsoft.com/kb/282599

Removing Spyware:

We use the following:

Combo-fix - http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Hijack This - http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

This solves about 90-95% of the problems.
0
 
LVL 1

Author Comment

by:CSELTD
ID: 22632780
I appreciate ur comments but problem is that system gets halt after booting, and there is a little time to do any action before system gets halt. i am expecting an exe file which i can boot thr. CD, and my notebook can initialize thr. CD and remove the malicious virus,
0
 
LVL 5

Expert Comment

by:MattRichardson
ID: 22632980
Download the suggested software on another machine.
Burn it to a CD.
Boot infected machine into safe mode. (press F8 key while booting)
Copy software to machine from CD.
Load/run software in safe mode.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 1

Author Comment

by:CSELTD
ID: 22633032
i have already mentioned that system cannot run on f8(sate mode) when i click on safe mode long repeated path are shown like c\windows\partion01\system etc and after that physical memory dump transfer is started and when it ends again go back to window start up mode.  when i start in normal mode window is loaded and desktop is displayed but not no mouse click or any action is worked after boot. can i run the above software thr. CD in normal mode which i can see at this time?
0
 
LVL 5

Expert Comment

by:MattRichardson
ID: 22633270
My assumption would be no. I am assuming this software combo-fix and hijack this needs to be on the host system.

1.) If it were me I would stop trying to fix it first. Pull the drive to a good system, connect it as a slave, and harvest the data you want to save; before continuing. (maybe run the tools against this system to be safe!)

2.a) Then pull it back, boot on the Windows XP CD (did you mention the OS version?) and try to restore the system. We need to try to get enough of the original system files on the system to boot into safe mode before you go any further.

2.b) If you are desperate use Windows System restore. This assumes that it was running previous to whatever happened to your computer. This link will help you http://support.microsoft.com/kb/306084

It has a 50-50 track record with me. If it at least gets you to safe mode you may be in luck. It also could make things worse. Do a backup first see #1

3.) Once safe mode is working, Proceed with the spyware removal.


Good luck!
0
 
LVL 1

Author Comment

by:CSELTD
ID: 22633658
Thankyou very much to all of u for supporting me to get rid of problem,  i am succeeded to enable safe mode by running msconfig command in run and enabled the safe mode and restart the computer, i run the highjack trend micro tool and delete the files name microAV.exe and some other, when i restart the system check disk file has reset some index by inserting and deleting index numbers, but now problem is that i can not view my network places, means although i am connect to internet thr. DSL but my LAN connection is not shown in tray icon and in my network places, secondly which antispyware i install to get rid of these malicious software to avoid any further loss in future??????? My device manager is also not showing any installed com ports and other hardwares, will i have to do changes thr. system configuration utility (msconfig)????????Thanx
0
 
LVL 1

Author Comment

by:CSELTD
ID: 22635285
Please Advice which anti spyware is effective to protect the system from internet /web attacks???
0
 
LVL 5

Expert Comment

by:MattRichardson
ID: 22635616
I like to look at Top Ten Reviews and find it to be a good metric when looking for off the shelf, boxed software. http://anti-spyware-review.toptenreviews.com/

"Spy Sweeper" from Webroot gets much of the praise in the industry and is a "proactive" "always-on" solution. http://www.webroot.com/En_US/consumer-products-spysweeper.html

0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
Operating system developers such as Microsoft (https://www.microsoft.com) and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
This video discusses moving either the default database or any database to a new volume.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now