Problem

Discussion in 'WormGuard' started by NekoMx, Oct 29, 2006.

Thread Status:
Not open for further replies.
  1. NekoMx

    NekoMx Registered Member

    Joined:
    Oct 29, 2006
    Posts:
    7
    Hey all, new to the forums and I have a problem.
    I'm pretty sure that my computer has been infected with some kind of virus/worn/trojan, but im not sure what it is.

    I think it started when i opened an e-mail that said 'mandatory update' (heh kinda stupid of me) i was using yahoo, and it didnt say that there was an attached file, so i opened it, the page did not load, so i just exited my browser (no the browser did not freeze, the page just didn't load)

    Information:
    I have a custom computer.
    Windows XP
    Norton AV
    Zone Alarms Security Suite
    Ad-Aware
    Spybot Search and Destroy
    A2 (A Squared)
    Wormguard
    (need more info? ask please :))

    Symptoms:
    (all kinds of symptoms...)
    1. Random startup/login errors. Sometimes, when i login, i get random messages like 'Windows cannot find user profile, logging into temporary profile' (or something like that, this was just from memory, so i dont remember the exact words, but thats all there was to it, and when it logged me in with that 'temporary profile' it was like i just reformatted. When i would restart, it would log me back into my old profile. Odd, huh?

    2. System Restore Error - well, when i tried to run System Restore to try to fix this problem, worm guard blocked it. Of course i didn't run it the first time, but as I got frustrated with this, i let it run anyway... the System Restore ran... in 5 minutes it was over, i thought 'wow that was fast' and when windows started up, it said that the restore failed, and of course i was frustrated at that time. Obviously something wrong there.

    3. In the 'My Computer' folder under files stored on this computer i HAD two files, Documents and Anthony's Documents, now i only have one in there... Documents. the folder 'Anthony's Documents' still exists on my computer, i know because i checked, but it just doesn't show up in the 'My Computer' folder anymore. Strange....

    4. I use diskeeper to defragment my computer, and whenever i defragment they have sections called:
    Blue - high performing files and folders
    Red - Low performing files and folders
    Pink - low performing system files
    White - unused space
    Green/White - Reserved System Space.

    Hard to explain without an image but here it goes....
    When my computer was clean, the Defragmenter would do its job and it would never touch or move the System files/space. When i got infected, the Reserved System Space (Green/White ) moved.... to the middle row (it was originally near the bottom) and it seems like the Reserved System Space was cut in half, of course another sign that my computer is in trouble.

    those are the major problems, I've had minor problems too, but i bet they are just the effects of the virus/worm/trojan.

    I've done research and stumbled upon this page:
    https://www.wilderssecurity.com/showthread.php?t=8548
    I've read it and i think i might have the same problem as him, can anyone post steps on how to clear all the system restore points? and how to make a new 'clean restore point?

    also, I noticed that this post was from the year 2003, and that worm was also 'spreading' through peoples computers in 2003, so, can i be infected with this worm here in the year 2006?

    So far, my progress dealing with this problem, is kinda slow, im not even sure what kind of virus/worm/trojan this is, but i know that my computer is infected with something because its slower and the startup time is very slow. I have disabled my system restore and restarted, that is all, I'm not sure what to do now, that is why i ask for someone to post a simple step by step instruction on how to delete all the system restore points and make a new 'clean' restore point. Also, i ran norton AV, but it didn't detect anything, I ran spybotSD, only cookies. I ran Ad-Aware, nothing. A-Squared, nothing again)
    Did more research, found out that the W32.Gluber or W32.Berglur worm 'turns off' when they detect an ,antivirus or any other scanner, run(I forgot which one does this but its one of those) So, i ran in safe-mode and when the login sceen showed up, there were two profiles, the Administrator and Anthony (Mine). I'm thinking, 'maybe this is normal?' maybe it is normal, but anyway, i logged into the Administrators profile and ran Norton AV. Norton scanned more files than usual..., when i don't run in safe mode, Norton scans about 220,000 files, when i ran in safe mode it scanned almost 400,000 files. Anyways, the scan in safe mode came up clean, no detections. So i restart (not in safe mode of course) now I'm absolutely lost, without knowing what kind of threat is in my computer, i came here, looking for help, hope you guys can help me =). reformatting is not an option to me!!!!!
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Hello,

    since there could be a few issues here, i would advise u to get HijackThis help over at this site,

    http://gladiator-antivirus.com/forum/index.php?showtopic=10517

    Just follow the instructions at the link, post your log then wait for the malware experts to analyse your log and give u recommendations on removal if indeed any infections are found.



    snowbound
     
  3. NekoMx

    NekoMx Registered Member

    Joined:
    Oct 29, 2006
    Posts:
    7
    ok, here it is =), and thanks for the help and suggestions and such, in advanced =)

    HJT log removed
     
    Last edited by a moderator: Oct 29, 2006
  4. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Sorry if u misunderstood me. Wilders no longer analyzes HJT logs.

    Again, follow the instructions at the link and post your log over at the Gladiator site and the experts there will help u.



    snowbound
     
  5. NekoMx

    NekoMx Registered Member

    Joined:
    Oct 29, 2006
    Posts:
    7
    oooo ok, will do =)
     
  6. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    :thumb:



    snowbound
     
  7. NekoMx

    NekoMx Registered Member

    Joined:
    Oct 29, 2006
    Posts:
    7
    well, no one is answering, and I don't feel like sitting around and waiting =)

    can anyone explain how to delete all the system restore points? and create a new 'clean' one?
     
  8. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Just be patient and check back periodically for replies. It's a busy place.

    http://www.pchell.com/virus/systemrestore.shtml

    after u reenable SR again there is an option in the GUI to create a new restore point.


    snowbound
     
    Last edited: Oct 29, 2006
  9. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    As snowbound suggested, be patient.

    However, while you wait, I did take a quick peek over, and you may wish to settle on either Symantec/Norton or NOD32, but not both, as your AV. Many of the symptoms you see could be related to running two AV's realtime.

    Blue
     
  10. NekoMx

    NekoMx Registered Member

    Joined:
    Oct 29, 2006
    Posts:
    7
    hey again, well, still no response from the gladiator forums, i guess they might answer tomorrow.

    as for the SR, i already know how to turn it on or off, its just that, Pilli said something about:
    turning off the system restore and removing all of the restore points from the Help and Support section.
    (he said it somewhere in this topic https://www.wilderssecurity.com/showthread.php?t=8548)
    and thats what i want to know.

    also, while doing some research, i came across something that told me to look in my system.ini file....

    is it supposed to have only this stuff? i saw in some other forum that there was WAAAAAYYY more things in there, can someone clarify
     
  11. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Right, patience is a virtue.

    In the meantime, have you settled on one AV for your system and tested whether that has an impact on the problems you're experiencing?
    Not sure what you mean here. Turning off system restore will wipe your restore points away.
    That looks fine as is.

    Blue
     
  12. NekoMx

    NekoMx Registered Member

    Joined:
    Oct 29, 2006
    Posts:
    7
     
  13. NekoMx

    NekoMx Registered Member

    Joined:
    Oct 29, 2006
    Posts:
    7
    oh, another thing that just happened to me about 5 minutes ago...

    i restarted my computer because i wanted to see how long my comp would take to login, anyways, while the computer was shutting down i had to end the task of some programs.
    Norton AV
    Zone Alarms
    and the Connections Tray...

    the thing that bothers me is the Connections Tray, can someone tell me what this program does? Im curious because the name bothers me...

    thanks for the help
    (and yes i did search for what it was, but i still need some clarification, thanks again)
     
Thread Status:
Not open for further replies.