Looks like a MAJOR PROBLEM...SOS!!

Discussion in 'other security issues & news' started by abhi_mittal, Apr 8, 2005.

Thread Status:
Not open for further replies.
  1. abhi_mittal

    abhi_mittal Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    887
    Location:
    Bangalore
    One of my friends is using WinXP Pro, Bitdefender Std, MSAS & SPybot.
    Of late, the computer has been malfunctioning.

    1)There are instances of LSASS.exe exploit that forces it to shut down.
    2)Network Configuration Wizard has stopped functioning.
    3)User "Administrator" got corrupted too.
    4)BD detected no virus bodies.
    5)MSAS says its clean too.

    What could be the possible problem? Please suggest solutions to the same.

    Your response will be highly appreciated,

    Warm Regards

    Abhishek
     
  2. abhi_mittal

    abhi_mittal Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    887
    Location:
    Bangalore
    Even SYSTEM RESTORE is not functioning now!!!!!
     
  3. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    For the shutdown problem: Click "Start" > "Run" type "shutdown -a" click ok, this should take care of the shutdown problems. System Restore should be disabled anyway until you are clean, so don't about that, you should about some of the other things happening.

    Now go online and scan (shutdown BD while doing this) with couple the free services like:

    http://housecall.trendmicro.com/

    http://www.pandasoftware.com/activescan/

    See if it picks up anything and post back. :)
     
  4. abhi_mittal

    abhi_mittal Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    887
    Location:
    Bangalore
    Well....the culprit has shut down my LAN connection and I am unable to access the internet.
    What else should I do?
    Why is system restore not functioning?

    Abhishek
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
  6. abhi_mittal

    abhi_mittal Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    887
    Location:
    Bangalore
    Well, I will try to download that tomorrow and will get back to you.
    Thanks

    Abhishek
     
  7. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Try a repair of Windows:
    Another possiblilty is:
     
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    If you find Windows system files affected, you can place your Windows CD in the drive, click start> run type in CMD, when the black window opens type in "sfc /scannow" SFC (System File Checker, a part of Windows File Protection) will replace any changed/damaged system files with a clean copy. SFC may not solve every problem, but it's a good start that anyone can do.

    Hope this helps...

    Let us know how you go.

    Cheers :D
     
  9. SexIsGood4U

    SexIsGood4U Registered Member

    Joined:
    Apr 8, 2005
    Posts:
    54
    Honest to IT and users of IT. Back your important files on to floppy (CD, DVD anything really). Have an archive of information. It sounds really stupid, but issues like you and many more out there are mostly in the same boat, only the finer details are different.
    DO NOT have too many defence (adaware, spyware, anti-virus,.. ect) software on your pc. They will conflict with each other. In other words, try to keep your pc set-up as simple as possible. Then add the necessary software extra like office, games.... ect.
    Cos your last resort back-up plan is wipe your hard drive (or replace with new hard drive) and re-install OS.
    By reading your issues, this is the best recommendation I can offer. If trully you want to solve the issue for future purposes, re-install the set-up you had previous breaking down the stages of each programm software installing and see when your PC "*****" itself and you have your answer. But if you do this, do not keep important information on there without a copy else where that is not connected to your PC.
    Keep It Short Simple And Stupid Silly (KISSASS) .... this is not offending anyone but a moto I do myself. I own and run and internet cafe and when you have multiple users coming in to use your PC's you can not run around pointing fingers at people. Some might do something without intention.
    Atleast I have a final resort to fall back on to (if all the hardware is perfectly fine). Start fresh and learn from your mistakes. I'm still learning, life is one big learning experience. :D
     
  10. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    Gross, what a username to see appearing here... :blink:
    Seems like a virus infection to me, could be Blaster or some other virus. The Microsoft Malicious Removal Tool could help.
     
  11. abhi_mittal

    abhi_mittal Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    887
    Location:
    Bangalore
    Tried the Windows Malicious Software Removal Tool. No Infections at all. Even Bitdefender Std 8 says that the PC is clean.
     
  12. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    If my pc misbehaved like that I would just do a clean format and reinstall windows . ( Start a fresh with a clean system). I would also be frugal and thoughtful with what I load up regarding software , as mentioned in a earlier post. . So often the more security we load up the more conflict can occur.
     
  13. abhi_mittal

    abhi_mittal Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    887
    Location:
    Bangalore
    Solved the problem, finally. Avast Pro said that it detected Nimda worm, but it was unable to take any action on it.
    Ran BD free, it detected NOTHING.
    Then I tried the free Avast Cleaner and it dutifully removed the infection.

    I am surprised that the MS Malicious Software Removal Tool, BD, and Avast Pro failed to remove a common worm like Nimda.

    Any Comments?

    Best Regards,
    Abhishek
     
  14. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    Yes.

    The MS Tool is crap, and a bad MS joke.

    Very, very limited possibilities, and can not do what it is promising.
     
  15. abhi_mittal

    abhi_mittal Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    887
    Location:
    Bangalore
    Fine MS is crappy, but what about BD and Avast?
    And Avast Pro was helpless and the Avast Cleaner cleaned the worm!!!!
    Isnt that queer?
     
  16. vlk

    vlk AV Expert

    Joined:
    Dec 26, 2002
    Posts:
    618
    Avast Pro (even Home) has the avast Virus Cleaner built in. It is offered to the user whenever a virus covered by the cleaner is detected in memory, or by the on-access scanner.

    How did you do the scan with avast Pro?

    Thanks
    Vlk
     
  17. abhi_mittal

    abhi_mittal Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    887
    Location:
    Bangalore
    I have Avast Pro too, so I ran the scan. But it couldnt clean Nimda..it detected it though.
    So I ran Avast Cleaner which is bundled with the Pro version and it cleaned the nasty.
    How could Avast pro and BD free miss something like Nimda? BD even failed to detect it. My definitions were all updated.
     
  18. vlk

    vlk AV Expert

    Joined:
    Dec 26, 2002
    Posts:
    618
    What do mean you by "missed"? Are you suggesting that the infection happened after installing the AV's? That is, that the AV's were installed on the machine when the infection took place?

    Thanks Vlk
     
  19. abhi_mittal

    abhi_mittal Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    887
    Location:
    Bangalore
    Well I had Avast and BD free installed, Avast detected Nimda, but was unable to clean it or delete it. Then I ran BD, it didnt even detect the worm.
    Then Avast Cleaner did the trick!

    Abhishek
     
  20. abhi_mittal

    abhi_mittal Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    887
    Location:
    Bangalore
    Well, the problem is re-occuring now. Avast detects Nimda..but is unable to do anything...Avast Cleaner then cleans it.
    Then the virus reappears...and so on...

    Meanwhile BD free doesnt even detect it!!!

    What should I do.? The worm is reappearing all the time after cleaning!

    Abhishek
     
  21. vlk

    vlk AV Expert

    Joined:
    Dec 26, 2002
    Posts:
    618
    1. Reappering in which file, exactly?
    2. Does the avast virus cleaner find Nimda in memory? Or only in a file?
    3. Is the computer in a LAN? Does it have any open shares?
    (the "net share" command will display the list of shares)

    Thanks
    Vlk
     
  22. abhi_mittal

    abhi_mittal Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    887
    Location:
    Bangalore
    Nimda appears in C:/Documents & Settings/All users/Documents/Playlists.
    The folder "Documents" doesnt exist in All Users when I browse All Users.

    No trace is detected in memory.

    The PC is on lan with no open shares
     
  23. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Are you set to view hidden folders? Is it a transient location? What do you see in terms of running processes (use Process Explorer).

    Blue
     
  24. abhi_mittal

    abhi_mittal Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    887
    Location:
    Bangalore
    It is a transient location. Memory is clean. No malicious running processes.
     
  25. abhi_mittal

    abhi_mittal Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    887
    Location:
    Bangalore
    Any Comments?
     
Loading...
Thread Status:
Not open for further replies.