11-26-2009, 02:07 AM
Okay, so I was downloading a torrent and I think it had been binded to a virus.
I'm using Windows 7
Heres the symptons so far:
*Normally when you launch a program from the Start Menu it closes then the program opens, the start menu is not closing in this case and the program is not launching.
Because I can't run .exe files I can't start any AV (such as MalwareByte's or HJT). However, when I click "Search for a program associated online" when the computer is telling me that it doesn't have a program capable of running .ink's, it opens Chrome!
I can run batch files and am trying to launch programs from it as you read, just have to remember the execute codes (Google FTW).
Can anyone Help?
I'll post back when with the results of the batch file launching as soon as I finish.
These are the symptons I am experienceing within safe mode by the way.
Batch File Launching is not working. Any Windows program isn't be recognised by the computer (eg. regedit, cmd, dxdiag)*
*By this I mean I am receiving an error of "<directory path> No such interface supported"
Have managed to launch dxdiag using the following code:
Have managed to install MalwareByte's Anti-malware via batch file, launching the setup from the same folder the batch file is located in.
Updated and running scan now.
Here is the log file from a "Quick Scan"
Am now running a "Full Scan" before I restart and completely remove this virus (hopefully).
"Full Scan" log:
A few of the things were some of mine, I chose to remove them because I don't use them anymore.
Restarting into normal mode now.
I'm using Windows 7
Heres the symptons so far:
- Long hang time upon boot
- Can't run .exe
- All links on the task bar and start menu have been changed to .ink
- Task Manager has long hang times
- System Restore is disabled
- Most "links" on the start menu do not respond*
*Normally when you launch a program from the Start Menu it closes then the program opens, the start menu is not closing in this case and the program is not launching.
Because I can't run .exe files I can't start any AV (such as MalwareByte's or HJT). However, when I click "Search for a program associated online" when the computer is telling me that it doesn't have a program capable of running .ink's, it opens Chrome!
I can run batch files and am trying to launch programs from it as you read, just have to remember the execute codes (Google FTW).
Can anyone Help?
I'll post back when with the results of the batch file launching as soon as I finish.
These are the symptons I am experienceing within safe mode by the way.
Batch File Launching is not working. Any Windows program isn't be recognised by the computer (eg. regedit, cmd, dxdiag)*
*By this I mean I am receiving an error of "<directory path> No such interface supported"
Have managed to launch dxdiag using the following code:
Code:
@echo off
start dxdiag
pause
Have managed to install MalwareByte's Anti-malware via batch file, launching the setup from the same folder the batch file is located in.
Updated and running scan now.
Here is the log file from a "Quick Scan"
Code:
Malwarebytes' Anti-Malware 1.41
Database version: 3236
Windows 6.1.7600 (Safe Mode)
26/11/2009 8:21:27 PM
mbam-log-2009-11-26 (20-21-24).txt
Scan type: Quick Scan
Objects scanned: 92667
Time elapsed: 2 minute(s), 17 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Users\Cameron\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
Am now running a "Full Scan" before I restart and completely remove this virus (hopefully).
"Full Scan" log:
Code:
Malwarebytes' Anti-Malware 1.41
Database version: 3236
Windows 6.1.7600 (Safe Mode)
26/11/2009 9:01:57 PM
mbam-log-2009-11-26 (21-01-57).txt
Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 238795
Time elapsed: 18 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
D:\Downloads\Games + Hacks\Hacking\RATs\client.exe (Backdoor.Nuclear) -> Quarantined and deleted successfully.
D:\Downloads\Games + Hacks\Hacking\RATs\Crypting\Uniq Stub Generator 0.3.1.exe (Trojan.Refroso) -> Quarantined and deleted successfully.
D:\Downloads\Games + Hacks\Hacking\RATs\Crypting\Crypters_by_Mana5olia\Crypters by Mana5olia\CrYpt3r Dewwill MOD\CrYpt3r Dewwill\CrYpt3r Dewwill.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Downloads\Software\Burning and Encoding\ALCOHOL 120 1.9.7.Build 6221(NEW-UPDATED Build)\ALCOHOL 120 1.9.7.Build 6221(NEW-UPDATED Build)\ALCOHOL 120 1.9.7.Build 6221(NEW-UPDATED Build)\CRACK\LOADER exe\Alcohol.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\RECYCLER\S-1-5-21-1801674531-329068152-839522115-1003\De189\Keygen.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{FA19E403-3ED1-4B37-A274-D186833DEE76}\RP40\A0018015.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{FA19E403-3ED1-4B37-A274-D186833DEE76}\RP40\A0018016.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
A few of the things were some of mine, I chose to remove them because I don't use them anymore.
Restarting into normal mode now.