Strange behavior - programs not starting/responding, etc

sevendaysky · 15 Jan 2011

Hi guys.

I have a Win 7 32-bit setup on my desktop PC. A student at school uploaded a school-related file to our common work forum, and I downloaded it to my PC and started working with it. Turns out the file was infected with ... I don't know, a lot of really bad stuff.

It ended up shutting down Windows Defender, installing a couple of programs (Whitesmoke Translator, etc) and crud. I had MBAM and Spybot working on it, and could not get Win Defender up again. I know that technically you don't NEED WinD if you have anti-v and anti-malware programs that you update and use regularly, but still. In trying to fix things, I got several blue screens, to the point where the computer refused to start, and then went to repair itself. Told me that a critical file (rapzzmso.sys) was corrupted... fixed it, rebooted, blue screen.

When I got back in, I tried using sys restore back to the previous day, before I downloaded the file. That worked... sort of. Spybot comes up clean. I cannot start MBAM now, though. I click on it, and it hangs whatever window it was in (start menu or the shortcut folder the shortcut is in) for an obnoxiously long time, then a window pops up saying "dependency cannot be started" or something like that. It worked fine before all this.

Also, Firefox, when clicked, usually won't start, though the process appears in the task manager. I have to force it off, then click again before FF will start. Also, it will periodically hang and crash on various sites - I think due to the plugin container. I need to find a new browser, I think.

Spybot now will not let me update. When I click on the update button to get new definitions, it hangs and then goes to Not Responding and must be forced shut. I can run a check, which comes up clean, but that's all.

Something got majorly screwed up, and I'm hoping someone has ideas -- otherwise I might have to reinstall, and I really don't want to have to do that.

Hopalong X · 15 Jan 2011

Try to boot into safe mode with networking. Then see if you can get to the "here" in the below quote. This is online scanner so no download. Follow directions to remove with the Autoclean.
A good place to start.
Mike
How to get to Safe mode if you need it.
Advanced Boot Options

Originally posted by Corrine. One of our security experts.

Please go here and run an on-line scan with the F-Secure scanner .

Use IE (Internet Explorer), accept the license terms, and allow the Active-X controls to load.
Click Full System Scan and allow the components to download and the scan to complete.
If malware is found during the scan, check Submit samples to F-Secure and Automatic cleaning.
When the scan has finished, click the Show Report button and copy and paste the entire report in your next reply.

Borg 386 · 15 Jan 2011

Most malware/viruses now embed themselves in the last restore point. Try going back 2 or even 3 restore points past where the problems started if you can.

Or you can try going here, if the virus allows it, and run the online scan. It will d/l a AV scanner onto your system and run a full scan.

Free Virus Scan - Free Antivirus Software | Norton Security Scan

You can also try this tool:

http://security.symantec.com/nbrt/npe.asp?lcid=1033

Be aware that if this is a particularly nasty virus, you may have no choice but to do a reinstall, as remnants of it could cause possible problems down the road.

sevendaysky · 15 Jan 2011

Ohkay. So I'm back at last. I tried to do the Fsecure thing -- twice-- but each time got a BSOD just as I was copy/pasting to here. So I'm not going to touch that again. I did end up using a sys restore point on 1/7 as someone suggested. Less problems here - firefox seems OK, stuff is not freezing at random. Spybot isn't finding anything. I'm going to try MBAM and Housecall and see if they find anything. I know that the second F-secure scan, after sys restore, had found 1 spyware and 2 malware -- but I don't know what they are or where they are because of the BSOD.

I am REALLY hoping not to have to reinstall, because I have some college programs installed that will be a real pain to reinstall (lots of hoops to jump through).

Hopalong X · 15 Jan 2011

Try the Mbam and delete what it finds.

Eset online scanner also if you want to run it. Never used it myself but most say it is a good one. http://www.eset.com/online-scanner

Borg 386 · 15 Jan 2011

In addition to MBam, it wouldn't hurt to run a full sys scan with MSE.

Marrrcus · 15 Jan 2011

it's not smart to try and scan with SINGLE scan, instead use MULTIPLE scan and it will find and help you, the strong detection from avast, bitdefender, Gdata , Prevx, and alot more, it use much more engine this software: Hitman Pro,
download it here >>>> Hitman Pro 3 (32-bit) - Free software downloads and software reviews

Jacee · 15 Jan 2011

You are going to have to change all passwords where applicable, and it would be wise to contact financial institutions (if you have done any online banking or used a credit card) to apprise them of your situation.

Go to this page and Download TDSSKiller.zip to your Desktop.
Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
Click Start > All Programs> Accessories> RIGHT-click on Command Prompt and Select Run As Administrator. Copy/paste the following bolded command and hit Enter.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.