Jump to content

zangalus2005

Members
  • Content Count

    2
  • Joined

  • Last visited

About zangalus2005

  • Rank
    Newbie
  1. zangalus2005

    Need help identifying problem

    On the 17th two days ago, I recieved an infection while I was away from my computer, and had turned off my firewall and live scanner with two website pages opened (most likely trusted). and without my knowledge a rogue anti-spyware program was installing itself onto my PC. After I got back I did a force restart immediately to see if I could interupt the infection, but all I got was a blue screen error before windows could even load every time I restarted. I was however able to enter safe mode and allow my computer to be usable again. I cannot remember the name of the rogue AV that tried to (or did) install itself on my PC, but it might have been antivirus 360, or MS2009. After I got my system back up running, even after multiple following scans, I noticed that 5 randomly single numbered/lettered .tmp files, and 2 double numbered/lettered .tmp files, would re-create themselves every time after restarting, even with MBAM and SAS set to run on startup with live protection. This would re-occur every time until I did a self-diagnosis and determined that combofix was necessary to help finish it off. Sure enough, it got rid of all tmp files permanently, and when I did follow-up scans with your program and MBAM, all results showed up 100% clear after multiple scans/restarts. So, I was able to get rid of most of the problem EXCEPT an internet browser hijack, which I was completely unsure of what was causing it even after doing manual window searches. I was being re-directed away from websites I searched and attempted to visit from google that had anything to do with anti-malware, and prompted to install a rogue-antispyware program which name is unknown to me, but I would ignore it by alt-F4 closing the window and chose to ignore it temporarily till I discovered something new. on the 18th yesterday, someone who I was sharing LAN with gained a serious infection from MS2009 which caused the computer to stall completely. That person typically never does anything that would prompt malware/virus infections, and has never had a history of it, and yet got infected just a day later after my infection. On this day after the initial infection, which I had presumably rid myself most of, came back in full force with the same tmp files and more. I had SAS scheduled to do a scan following MBAM while I was asleep, and I set SAS to restart my PC after it finished its scan, and thats most likely how it came back. What I have done so far after the re-infection on the 18th is run MBAM once again, then combofix (as instructed by the tech support), and then avira antivirus (boot CD), and next I am to run Dr. Web CureIt. I have yet to run SAS because I am strictly following instructions from MBAM support at the moment. Should I still have a problem even after recieving technical support after MBAM, I will then hope I can rely on your assistance as well to guide me in the right direction. What I have found is that MBAM and SAS time and time again have always worked the most effectively together at eliminating previous threats to my PC, but it might have never completely solved the problem. What I really wanted to know is if using MBAM and SAS together will only cause problems or conflictions in the proceedures made for complete quarantine. Will you most likely be able to still help me even after I recieve MBAMs help and remain infected?
  2. I did a scan that picked up 52 threats including prunnet, and after that let the program restart the PC as requested. Afterwards I wasn't even able to make it to the windows loading screen and it would immediately blue screen. Fortunately Safe Mode still worked, but I did not know if SAS completed its scan, because I had to completely shut down my PC and then enter safe mode that way. I then did a scan with a different scanner (MBAM) and it detected 32 threats. I should of done it with SAS first to see if it picked up the same threats or not but that thought didn't enter my mind till later, plus I wanted to do the quickest scan possible at the moment. But even after that and one SAS scan later, on startup I recieved an error saying that a program named "4.tmp" had to unexpectedly shutdown and sure enough was in my Sys32 folder, created on the same day. So im still infected. Any advice on what I should do next would be appreciated. I would also like to know if its perfectly OK to restart in safe mode after a scan, and if that will be sufficient to allow it to complete its scans.
×