Virus winning vs. Avira & KAS bootdisks?

Discussion in 'malware problems & news' started by skp14, Oct 9, 2009.

Thread Status:
Not open for further replies.
  1. skp14

    skp14 Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    56
    I'm working on a friends laptop and I think he's got a virus or other deep-seated malware. I ran regular Avira AV in normal mode and the message showed "Scanning for hidden files" and the progress bar showed no progress after 5 minutes or so. I have Avira and have never seen that message! Next, I made 2 AV bootdisks, Avira Rescue CD and Kaspersky and ran them both. In both cases, the scans stopped within 10-15 seconds and both said "Scan is complete". That's impossible to run a complete AV scan in 15 seconds or less

    It seems like this thing has got its hooks in before I can catch it with a bootdisk. Anyone have any suggestions? I'm thinking of Autoruns, Process Explorer, some rootkit programs, maybe Threatfire.


    Thanks,
    Keith
     
  2. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Have you ran a Diagnostics with the hard drive manufactuer's boot disk? It is possible that the hard drive may be failing.
     
  3. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,693
    Location:
    Texas
    try Sophos Anti Rootkit.

    Rico
     
  4. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Gmer, MBAM, SAS
     
  5. HKEY1952

    HKEY1952 Registered Member

    Joined:
    Jul 22, 2009
    Posts:
    648
    Location:
    HKEY/SECURITY/ (value not set)
    First, welcome to Wilders Security Forums.....

    01) - Try running the "Microsoft Malicious Software Removal Tool" directly from the Microsoft Web Site, in other words, choose "Run" not "Download" (must accept ActiveX) and choose "Full System Scan":
    http://www.microsoft.com/security/malwareremove/default.mspx

    02) - Also run the Microsoft Live OneCare Online Antivirus/Antispyware "Protection scanner" (malware scanner/remover) (must accept ActiveX):
    http://onecare.live.com/site/en-US/center/howsafe.htm

    03) - Finally run the Microsoft Live OneCare Online Registry and Hard Drive "Clean up scanner" (registry and hard drive cleaner) (must accept ActiveX):
    http://onecare.live.com/site/en-US/center/cleanup.htm

    04) - Optionally run Microsoft Sysinternals "Autoruns" and "Process Explorer" directly from the Microsoft "Sysinternals Live" Web Site (no need to download) from the list double click "autoruns.exe" and "procexp.exe"
    also run the Microsoft "RootkitRevealer" from the Microsoft "Sysinternals Live" Web Site by double clicking "RootkitRevealer.exe" from the list (only reveals the presence of Rootkits, does not remove them):


    Note that the entries in "RootkitRevealer" similar to the following are part of Microsoft Windows and are not dangerous, the entries are part of the Registry Key: HKEY_LOCAL_MACHINE\SECURITY\ and are hidden entries:

    HKLM\SECURITY\Policy\Secrets\SAC* 9/13/2008 3:39 PM 0 bytes Key name contains embedded nulls (*)
    HKLM\SECURITY\Policy\Secrets\SAI* 9/13/2008 3:39 PM 0 bytes Key name contains embedded nulls (*)


    http://live.sysinternals.com/


    05) - Optionally download and run "Trend Micro HijackThis" by Trend Micro Incorporated for an System analysis (free, no need for installation, download the "Executable" not the "Installer"):
    http://free.antivirus.com/hijackthis/

    06) - Optionally download and run "a-squared HiJackFree" by Emsi Software for an System analysis (free, no need for installation, download the "Standalone EXE" located under the "Download Button"

    Note that the "Download Button" offers the Installer Version that is not needed:
    http://www.emsisoft.com/en/software/download/


    HKEY1952
     
  6. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Are you sure you booted from the CDs first ? (check BIOS) No other drives, USB sticks or other media that could contain malware ? Supposedly the BIOS could be infected, but that's unlikely.

    I think there is an issue with the harddrive(s). Perhaps a hidden partition or something like that, bad sectors (infected or not) ? Maybe a corrupted MBR, file system (NTFS/FAT32) ? Checking out the harddisk(s), hardware or software level may be a good idea. Unfortunately, I don't know what software to use for that.

    Scanning for hidden files ? My Avira suite scans for 'hidden objects', that's common.

    Do you have a reason to suspect the presence of malware aside from the odd scans ?
     
Loading...
Thread Status:
Not open for further replies.