<div>
Hi!<br />
What name is the fake malware going by?<br />
Hitmanpro scanning in safe mode w networking?<br />
<br />
After it scans reboot normally and see if you can access task manager.<br />
If you cant, run ExeHelper for starters :)<br />
<a href="http://raktor.net/exeHelper/exeHelper.com" rel="ugc">http://raktor.net/exeHelper/exeHelper.com</a>
</div>


<div>
Yes, Hitman ran in safe mode with networking... found a ton of stuff. It said that it thinks it's TDL3 (Alureon) Rootkit, you probably know this but according to google that's TDSS. So I restarted and went back into safe mode w networking. Now no internet so no rescan with Hitman possible. I ran TDSSKiller (Kaspersky) in safe mode which found nothing. Accidentally reboot into regular mode... it's a sh*tstorm in there (stuff popping up left and right trying to get my to buy fake antivirus). Back into safe mode w networking. Still no internet. Ran winsockfix trying to get internet back so I could get back to Hitman. Restarted back into safe mode w networking... still no internet. Check with ipconfig showing 0.0.0.0 for ip... /release /renew says &quot;The RPC server is unavailable&quot;. What now?
</div>


<div>
Try this and see if you get back an ip address back.<br />
If you do let &nbsp;know before running anything else<br />
<a href="http://www.randomfix.com/2006/11/03/unable-to-renew-ip-address-rpc-service-is-unavailable/" rel="ugc">http://www.randomfix.com/2006/11/03/unable-to-renew-ip-address-rpc-service-is-unavailable/</a>
</div>


<div>
Those directions don't really seem to apple. DHCP is already running in services.msc. I'm going into regular mode to see if I can get the connection going. Let me know if I shouldn't.
</div>


<div>
Not sure what to do. I'm trying to get the internet connection going. The program that pops up calls itself Malware Doctor and in task manager the executable is called mediafix*.exe (taskmgr working again).
</div>


<div>
BOOM. Got it. DHCP Client service refuses to run so I manually assigned IP :)
</div>


<div>
Ok run Combofix this time. Follow its instructions and post log<br />
<a href="http://www.bleepingcomputer.com/combofix/how-to-use-combofix" rel="ugc">http://www.bleepingcomputer.com/combofix/how-to-use-combofix</a><br />
<br />
Rename combofix to cf.exe before saving it to desktop
</div>


<div>
If there are too many popups in normal mode download it in safe mode w net to desktop.<br />
Reboot into normal mode and run it.
</div>


<div>
1. Open Notepad<br />
2. Copy + paste all bolded text only between lines below into Notepad window<br />
==========================<wbr />==========<wbr />==========<wbr />====<br />
<b>Driver::</b><b></b><b>ydyzdn</b><br />
<br />
==========================<wbr />==========<wbr />==========<wbr />====<br />
3. Now Save as CFScript.txt on your desktop/same location as Combofix.exe<br />
4. Then drag the CFScript.txt into ComboFix.exe
</div>


<div>
Okay. I'm at the office and leaving for the day. I've dragged CFScript.txt onto the cf.exe icon. I am going to let it run. I will be back in tomorrow morning at 8 EST to resume. Should I leave the computer alone until I hear from you again?
</div>


<div>
Ugh, combofix is hanging now. It's been probably 10 minutes and it's stuck at:<br />
<br />
==========================<wbr />==========<wbr />==========<wbr />========<br />
Scanning for infected files . . .<br />
This typically doesn't take more than 10 minutes<br />
However, scan times for badly infected machines may easily double&quot;<br />
==========================<wbr />==========<wbr />==========<wbr />========<br />
<br />
That's it. It appears the actually scanning has not started like it did last time. I don't know what to do so I guess I'm just going to leave as is. Please let me know what the next step is from here... whether I should close the window or be patient.
</div>


<div>
Okay. I'm impatient and determined. Have not yet left the office and I chose to do a manual restart of the computer (via button on the case). Now I've once again dragged cfscript.txt onto cf.exe. It has already progressed past the point it did on the previous run. It is hanging a little on stage 3 but I'm guessing it will be fine. Thanks for all of your help. I'll follow the rest of your suggestions and assuming all is well a few hours into the day tomorrow I'll close the thread.<br />
<br />
Thank you!
</div>


<div>
It looks like combofix did it's job. I was then left with DHCP still not starting. Turns out I had to expand netbt.sys off of an XP install disc and copy it to system32\drivers. Next I checked on the reg entry for netbt and it was totally borked so I exported the entry off of a working xp system and imported onto mine. That did it. Next I tried to do some .NET updates on my computer. All updates were failing. I had to use some .NET Framework cleanup utility to remove all versions of .NET then one at a time reinstall them starting with 1.1 and up to 4.0. Kind of a scary prospect considering the fact that a number of installed programs that I use rely on .NET 2.0. Finally I had to re-edit my hosts file and re-activate a program I have the relies on hosts for &quot;special activation&quot;.<br />
<br />
That's it. Thanks for your help. I'm giving you 350 b/c this was a tough one (at least in my opinion). Hopefully I'll be gone for a while. I think the problem may have been outdated flash and java versions resulting in drive by downloads.
</div>


<div>
No prob and well done getting Dhcp resolved!<br />
Whats strange is that CF restored an infected userinit.exe on that second run??<br />
<br />
<br />
First log showed no sign of infection.<br />
When you get a chance run Malwarebytes and full scan with your AV and let us know if anything detected.<br />
<br />
BTW, Bittorrent is installed. Is it being used?
</div>


<div>
Will do. Bit torrent is indeed used. Is it an unsafe program? Do you suggest a different bt client or avoiding bt altogether?
</div>


<div>
All torrents potentially can have an un savory side effect, depending on its usage/whats downloaded. <br />
For eg, a mp3 downloaded may have a virus attached to it.<br />
Not always the case but the chances are higher with torrent applications like Bit.<br />
Using a multi vendor online scanner to scan any downloads is helpful like Virustotal, or install its Uploader(quite handy)<br />
<a href="http://www.virustotal.com/" rel="ugc">http://www.virustotal.com/</a><br />
<a href="http://www.virustotal.com/advanced.html" rel="ugc">http://www.virustotal.com/advanced.html</a><br />
<br />
If that machine is a buisness machine or used for business type applications, its recommended to keep it separate from other usage as the above :)
</div>


<div>
Ha, yeah, separate usage. Novel concept. Thanks for the tip!
</div>


<div>
NP.<br />
Check out VT Uploader!
</div>


<div>
<div class="content wysiwyg-content">
I'm not even sure where to start explaining. At this point it's got me pretty well locked down in standard (as opposed to safe mode). I can't open task manager, do installations or open a browser. I'm doing a scan as we speak with hitman pro. Please help. I'm not sure what else to say... just ask.<br />
<br />
Optoma... come save me again.<br />
<br />
Thanks in advance.
</div>
</div>


I'm not even sure where to start explaining. At this point it's got me pretty well locked down in standard (as opposed to safe mode). I can't open task manager, do installations or open a browser. I'm doing a scan as we speak with hitman pro. Please help. I'm not sure what else to say... just ask.

Optoma... come save me again.

Thanks in advance.

XP SP3 Virus/Malware - Fake Windows Update claiming Service Pack 2010

Anti-virus software was originally developed to detect and remove computer viruses. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect from malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious layered service providers (LSPs), dialers, fraud tools, adware and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity theft (privacy), online banking attacks, social engineering techniques, Advanced Persistent Threat (APT), botnets and DDoS attacks.

Anti-Virus Apps

Spyware is software that aims to gather information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge; it has also come to include programs that engage in various kinds of electronic fraud. Anti-spyware is software that removes or blocks that software; some common vendors include Malwarebytes, McAfee, Spybot-Search and Destroy, Ad-Aware and BitDefender.