Spyware problem

**suprafreak6** · 01-10-2010, 08:22 AM

So another user of the desktop here at home clicked somethign they shouldnt have when browsing the internet and so as usual I was going to install a few programs to take them out, however it wouldnt allow me to boot into safe mode. (i figured it was the spyware.

so then i used a sata to usb converter and connected it to my mac running parallels. used windows xp to use the programs, malwarebytes anti malware and then super antispyware professional. It found stuff after both, i quarantined them and then plugged everything back up.

first boot, tried to load using safe mode, would just restart. second boot, allowed it to go to windows xp (normal boot), it would go to a user login screen (how ever there is no password nor multiple users), clicked the username and it would say loading, and then it cancelled and says logging off.

I really dont know what to do now?
I know malwarebytes picked up a Rootkit.Agent but thats about all i know. I am trying the windows xp repair disk but its asking for a password to administrator. when there was no password to the only username on it. Any help would be greatly appreciated. Also reformat is not an option as there are some programs that do not allow a second install even with the same serial number.

**AdrianPhoto** · 01-10-2010, 02:26 PM

Post your HJT report
(more info http://download.cnet.com/Trend-Micro...-10227353.html)

**anon** · 01-10-2010, 05:16 PM

If we're dealing with a rootkit, chances are it'll try to conceal itself. Do a search for "Rootkit Unhooker", run it, and post anything suspicious you find in the SSDT tab. If you had a Registry backup, that'd be very nice. You could also boot off a live CD and scan your system from there.

**peat moss** · 01-10-2010, 06:08 PM

I find Trojan Remover helpful but you have to run it a couple of times and finish in safemode . Does n't work for 64 bit . Best thing is its a free 30 day evaluation .

http://www.simplysup.com/

**suprafreak6** · 01-10-2010, 07:36 PM

will all this work if i try to do it from my laptop with the hdd connected via usb?

**anon** · 01-10-2010, 07:41 PM

Depending on which live CD you choose, the USB HDD may not be visible, but if you already have Windows installed on your laptop you can scan the drive from there.

**suprafreak6** · 01-10-2010, 07:43 PM

yeah i mean do these programs allow for scanning harddrives. such as cccleaner does not allow you to search other drives.

**anon** · 01-10-2010, 07:48 PM

Originally Posted by suprafreak6

yeah i mean do these programs allow for scanning harddrives.

I think last time I tried Trojan Remover you could scan USB drives. You won't be able do anything with Rootkit Unhooker, since it only "scans" the currently running Windows.

**suprafreak6** · 01-10-2010, 08:00 PM

starting scan using trojan remover.

trojan remover found nothing! sorry peat! what happened is before i think when i used the original two programs it deleted things that were infected which were involved in user startup and such. how do i fix this?

just ran malwarebytes, found 2 infections. no rootkit agent just trojan.Vundo and trojan.fakealert in the system volume information folder, they are both .exe's

and also with hijackthis it only checks the current windows so it wont work via usb

**peat moss** · 01-10-2010, 10:57 PM

Maybe some help here :

http://www.bleepingcomputer.com/viru...ndo-virtumonde

Thread: Spyware problem

Thread Tools

Bookmarks

Bookmarks

Posting Permissions